Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v1.x Distro
Author Message
ring_c
Involved
Involved


Joined: Dec 28, 2003
Posts: 276
Location: Israel

PostPosted: Sun Dec 04, 2005 3:55 am Reply with quote

I was trying to create an Hebrew god account with the same as username.
Everytime I try to login with the Hebrew god account I get "Begone", while I can login with my Hebrew username with no problem.

Anyway, I've changed the god account to an English one - and it works perfectly.

Also, when changing the site's name to an Hebrew one under Administration -> configuration - I get questions mark instead of the Hebrew name.

For all I know, I've changed the encoding to the correct one: windows-1255 like this "<META http-equiv=Content-Type content="text/html; charset=windows-1255">", and still...

Any idea what am I doing wrong?
 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Sun Dec 04, 2005 4:32 am Reply with quote

Here again, basic nuke Wink

In admin.php you have this code
if (isset($aid) && (ereg("[^a-zA-Z0-9_-]",trim($aid)))) {
die("Begone");
}


Those are the only characters allowed in the admin name. You will need to modify those for Hebrew character acceptance.

The ?? do appear to be a charset issue although I can't be sure w/o more exploration. I'll leave that one up to you Smile
 
View user's profile Send private message
ring_c
PostPosted: Sun Dec 04, 2005 4:39 am Reply with quote

Raven wrote:
Here again, basic nuke Wink

In admin.php you have this code
if (isset($aid) && (ereg("[^a-zA-Z0-9_-]",trim($aid)))) {
die("Begone");
}


Those are the only characters allowed in the admin name. You will need to modify those for Hebrew character acceptance.


So I'm not THAT rusty!
I did change the admin to that:
Code:
        if (isset($aid) && (ereg("[^a-zA-Zא-ת0-9_-]",trim($aid)))) {

           die("Begone");
        }

And still no go...

I'll try again, though...

Raven wrote:
The ?? do appear to be a charset issue although I can't be sure w/o more exploration. I'll leave that one up to you Smile

Gee... same as above only in mainfile.php ? I think I've changed this one as well. checking reverting...
 
ring_c
PostPosted: Sun Dec 04, 2005 4:48 am Reply with quote

Quote:

I'll try again, though...

yet no go...
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Sun Dec 04, 2005 8:11 am Reply with quote

ring_c, I hope you don't mind, but you had a duplicate topic posted. I checked the verbiage and it was identical. So, I removed the earlier (by less than 2 minutes) topic/post. Regards, montego

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
ring_c
PostPosted: Sun Dec 04, 2005 8:17 am Reply with quote

Quote:

ring_c, I hope you don't mind, but you had a duplicate topic posted. I checked the verbiage and it was identical. So, I removed the earlier (by less than 2 minutes) topic/post. Regards, montego

Oh, did I? Sorry for that...
 
ring_c
PostPosted: Mon Feb 27, 2006 4:51 am Reply with quote

I'm sorry to raise this issue again, but I still experience this issue.
I have to admit I've announced a defeat with distro 1.x but now i've tried reinstalling the latest 2.02 distro, and same issue again.
I've changed the admin.php as was told by raven, and yet I get the Begone message. Sad
 
montego
PostPosted: Mon Feb 27, 2006 7:43 am Reply with quote

Maybe check this thread too to see if it offers a solution:
Only registered users can see links on this board! Get registered or login!
 
ring_c
PostPosted: Mon Feb 27, 2006 9:39 am Reply with quote

Couldn't find any help in that thread. Sad
 
Raven
PostPosted: Mon Feb 27, 2006 9:59 am Reply with quote

So you tried urlencoding the username?
 
ring_c
PostPosted: Tue Feb 28, 2006 12:58 am Reply with quote

Raven wrote:
So you tried urlencoding the username?

Yes, Indeed. After the change, I've deleted my god user and recreated via the web, and still the Begone message appears... Sad
 
ring_c
PostPosted: Tue Feb 28, 2006 11:47 pm Reply with quote

So, out of ideas? Sad
 
Raven
PostPosted: Wed Mar 01, 2006 8:31 am Reply with quote

What is the exact username (adminname) you are trying to use? I want to try to replicate this issue. Thanks.
 
montego
PostPosted: Wed Mar 08, 2006 6:16 am Reply with quote

ring_c?
 
ring_c
PostPosted: Thu Mar 09, 2006 1:38 am Reply with quote

I'm so sorry!!! Haven't I reply to that one? Really sorry for that, Raven/montego.
The exact name is דתי_ברשת. The name is stored in the table as ăúé_ářůú (these are non-Hebrew characters, if you're wondering) for some weird reason.

If you have any problem seeing the Hebrew characters, tell me and I'll capture it as a gif.

Again, I'm very sorry for the late reply. I was certain I've answered it already.
montego, thanks for the reminder!
 
Raven
PostPosted: Thu Mar 09, 2006 1:52 am Reply with quote

Have you tried this?

Edit admin.php
if (isset($aid) && (ereg("[^a-zA-Z0-9_-&amp;#1491;&amp;#1514;&amp;#1497;_&amp;#1489;&amp;#1512;&amp;#1513;&amp;#1514;]",trim($aid)))) {
die("Begone");
}

In place of the &amp; just use a plain &
 
ring_c
PostPosted: Thu Mar 09, 2006 2:21 am Reply with quote

Nope. I'll try. thanks!
 
ring_c
PostPosted: Sun Mar 12, 2006 7:36 am Reply with quote

Raven wrote:
Have you tried this?

Edit admin.php
if (isset($aid) && (ereg("[^a-zA-Z0-9_-&amp;#1491;&amp;#1514;&amp;#1497;_&amp;#1489;&amp;#1512;&amp;#1513;&amp;#1514;]",trim($aid)))) {
die("Begone");
}

In place of the &amp; just use a plain &

Sorry, Raven, but I couldn't find anything alike your code n admin.php.
This is my admin.php's login function:

Code:
function login() {

    include ("header.php");
    mt_srand ((double)microtime()*1000000);
    $maxran = 1000000;
    $random_num = mt_rand(0, $maxran);
    OpenTable();
    echo "<center><font class=\"title\"><b>"._ADMINLOGIN."</b></font></center>";
    CloseTable();
    echo "<br>";
    OpenTable();
    echo "<form action=\"admin.php\" method=\"post\">"
        ."<table border=\"0\">"
   ."<tr><td>"._ADMINID."</td>"
   ."<td><input type=\"text\" NAME=\"aid\" SIZE=\"20\" MAXLENGTH=\"25\"></td></tr>"
   ."<tr><td>"._PASSWORD."</td>"
   ."<td><input type=\"password\" NAME=\"pwd\" SIZE=\"20\" MAXLENGTH=\"18\"></td></tr>";
    if (0) {
   echo "<tr><td colspan='2'>"._SECURITYCODE.": <img src='admin.php?op=gfx&amp;random_num=$random_num' border='1' alt='"._SECURITYCODE."' title='"._SECURITYCODE."'></td></tr>"
       ."<tr><td colspan='2'>"._TYPESECCODE.": <input type=\"text\" NAME=\"gfx_check\" SIZE=\"7\" MAXLENGTH=\"6\"></td></tr>";
    }
    echo "<tr><td>"
   ."<input type=\"hidden\" NAME=\"random_num\" value=\"$random_num\">"
   ."<input type=\"hidden\" NAME=\"op\" value=\"login\">"
   ."<input type=\"submit\" VALUE=\""._LOGIN."\">"
   ."</td></tr></table>"
   ."</form>";
    CloseTable();
    include ("footer.php");
}
 
Raven
PostPosted: Sun Mar 12, 2006 7:56 am Reply with quote

Why are you looking in function login? This is the same piece of code we have been working with all along. Check the second post above and modify that code to

if (isset($aid) && (ereg("[^a-zA-Z0-9_-&amp;#1491;&amp;#1514;&amp;#1497;_&amp;#1489;&amp;#1512;&amp;#1513;&amp;#1514;]",trim($aid)))) {
die("Begone");
}

In place of the &amp; just use a plain &
 
ring_c
PostPosted: Sun Mar 12, 2006 8:12 am Reply with quote

Oh, d***! I'm so clumsy! I was working on my current site's files, instead of the new ones... sorry for that!

Anyway, it seems to work great, thanks!
One question, though, what are all the codes I have to add to the admin/user logins?

PS: I didn't use to have those issues with v6.7 - how come?
 
Raven
PostPosted: Sun Mar 12, 2006 8:16 am Reply with quote

They are the html entities for the characters you need. What is messing you up are the noble, but erred, approaches to cleansing 'input'. This was the simplest solution, for now, until some core code gets corrected/rewritten.
 
ring_c
PostPosted: Sun Mar 12, 2006 8:24 am Reply with quote

So, should I continue updating/building the site, or should I better yet just wait for a newer version (of RavenNuke?) with a fix?
 
ring_c
PostPosted: Sun Mar 12, 2006 8:27 am Reply with quote

PS: Doesn't this issue happen with other languages?!
 
Raven
PostPosted: Sun Mar 12, 2006 8:47 am Reply with quote

It's not a RavenNuke issue. It's a v7.6 issue afaict. I don't know about the other languages. I am not looking at this as a bug in RavenNuke at the moment. It's on a higher level. We will log it as an issue but I don't expect to fix it in v2.02.02.
 
ring_c
PostPosted: Sun Mar 12, 2006 8:54 am Reply with quote

Ok, so I'm being left with my v6.7 Sad
 
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v1.x Distro

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©