FAQ FAQ   Search Search   Memberlist Memberlist   Usergroups Usergroups   Register Register 
PhpBB- & WordPress- antispam.com
Home of the Antispam for all fields mod ! 
  Profile Profile   Log in to check your private messages Log in to check your private messages  Log inLog in 

 PhpBB- & WordPress- antispam.com Forum Index » [PhpBB2] Submit a bug » Log Username tied to user_id not hard wired!
  The time now is Wed May 23, 2018 7:38 pm 

 Post new topic   This topic is locked: you cannot edit posts or make replies. View previous topic :: View next topic  
Author Message
PostPosted: Tue Aug 07, 2007 12:06 pm    Post subject: Log Username tied to user_id not hard wired!  Reply with quote  

WebSnail
Phpbb coder


Joined: 14 Dec 2006
Posts: 38

Which antispam version?
1.2.7

Which phpbb version?
2.0.22

Can you describe the bug?
The spam database logs the user_id but does not allow for users being deleted and then re-registered. As a result a spammer can be recorded in the DB with a user_id that has been re-issued to a legitimate user.

Fix: Need to add a function to the delete_user function in phpBB2 that deletes any database entries for a user that has been removed... OR... at least hardcode the username if the user is deleted to avoid confusion.

I very nearly banned a charity rep on one of my forums because of this... Sad

What happened before the bug was visible/triggered ?
User had to be register, spam and then be deleted. Someone else registered and was given the user_id that was associated with the since deleted spammer user_id.

TOP View user's profileSend private messageVisit poster's website  BOTTOM
PostPosted: Fri Aug 10, 2007 8:14 am    Post subject:  Reply with quote  

ramon fincken
Site Admin


Joined: 11 Dec 2006
Posts: 269
Location: A'dam/Diemen, The Netherlands

I'll make this happen, however I intend to stay with the normal phpbb way of user deletion as it is now.
_________________
Phpbbantispam founder, available for freelance WordPress coding.

PhpBB2 mod: http://www.phpbbantispam.com/viewtopic.php?t=1
WordPress plugin: http://wordpress.org/extend/plugins/antispam-for-all-fields/
Project files & mailinglist: https://sourceforge.net/projects/phpbbantispam/

TOP View user's profileSend private messageVisit poster's website  BOTTOM
PostPosted: Fri Aug 10, 2007 11:49 am    Post subject:  Reply with quote  

WebSnail
Phpbb coder


Joined: 14 Dec 2006
Posts: 38

ramon fincken wrote:
I'll make this happen, however I intend to stay with the normal phpbb way of user deletion as it is now.

Ok... ta... understand rational Smile

TOP View user's profileSend private messageVisit poster's website  BOTTOM
PostPosted: Fri Oct 19, 2007 9:21 pm    Post subject:  Reply with quote  

ramon fincken
Site Admin


Joined: 11 Dec 2006
Posts: 269
Location: A'dam/Diemen, The Netherlands

I've got it ! ( at least I hope )

well the situation


user does bad thing ( user id = 5 )

admin deletes bad user ( moehahaha )

new decent user gets user id 5 appointed


Spam check will think the spam entry is from new decent user, because of the id = 5.


How to tell?
The answer is simple : compare time of spam entry with the current ( decent ) users's time of register Smile

IF admin deleted user, then the users time of registration is way past the time of the spam entry, thus this user is free of the "user deletion" mode Smile
_________________
Phpbbantispam founder, available for freelance WordPress coding.

PhpBB2 mod: http://www.phpbbantispam.com/viewtopic.php?t=1
WordPress plugin: http://wordpress.org/extend/plugins/antispam-for-all-fields/
Project files & mailinglist: https://sourceforge.net/projects/phpbbantispam/

TOP View user's profileSend private messageVisit poster's website  BOTTOM
PostPosted: Fri Oct 19, 2007 9:22 pm    Post subject:  Reply with quote  

ramon fincken
Site Admin


Joined: 11 Dec 2006
Posts: 269
Location: A'dam/Diemen, The Netherlands

for all you code lovers:

Code:
// 1.2.8 Fix, thanks to Websnail http://www.phpbbantispam.com/viewtopic.php?t=100
      // Is the user a current one OR is it a guest?
      $thisuser = false;
      if (isset ($userdataarray[$row['user_id']])) {
         if ($userdataarray[$row['user_id']]['currentuser'] == 'yes') {
            $thisuser = true;
         }
      } else {
         if ($row['user_id'] > 0) {
            // Is OR was a member of this board..
            // Now lookup if the times align :)
            $time_to_check = $row['time'];
            $user_id_to_check = $row['user_id'];
            $sql_userlookup = "SELECT user_id FROM " . USER_TABLE;
            $sql_userlookup .= " WHERE user_id = '" . $user_id_to_check . "' AND user_regdate <= '" . $time_to_check. "' LIMIT 1";
            if (!$result_userlookup = $db->sql_query($sql_userlookup)) {
               message_die(GENERAL_ERROR, $lang['qb_nouq'], "", __LINE__, __FILE__, $sql_userlookup);
            }
            if ($row_userlookup = $db->sql_fetchrow($result_userlookup)) {
               $userdataarray[$row['user_id']]['currentuser'] = 'yes';
               $thisuser = true;
            }
         }
      }

      if ($thisuser) {
         // Current member of this board..
         $userinfo = '<a href="' . $server_url . '">' . $row['user_id'] . ' (' . id2username($row['user_id']) . ')</a>';
      } else {
         $userinfo = '-1 ( guest )';
         // Override, because of a deleted user
         $row['user_id'] = -1;
      }

_________________
Phpbbantispam founder, available for freelance WordPress coding.

PhpBB2 mod: http://www.phpbbantispam.com/viewtopic.php?t=1
WordPress plugin: http://wordpress.org/extend/plugins/antispam-for-all-fields/
Project files & mailinglist: https://sourceforge.net/projects/phpbbantispam/

TOP View user's profileSend private messageVisit poster's website  BOTTOM
PostPosted: Sat Oct 20, 2007 6:10 pm    Post subject:  Reply with quote  

WebSnail
Phpbb coder


Joined: 14 Dec 2006
Posts: 38

Nice catch... for some reason I didn't see you'd replied Smile

TOP View user's profileSend private messageVisit poster's website  BOTTOM
PostPosted: Sat Oct 20, 2007 6:40 pm    Post subject:  Reply with quote  

ramon fincken
Site Admin


Joined: 11 Dec 2006
Posts: 269
Location: A'dam/Diemen, The Netherlands

WebSnail wrote:
Nice catch... for some reason I didn't see you'd replied Smile


that was the only solution to fix this without having to mod any existing/standard phpbb coding.
_________________
Phpbbantispam founder, available for freelance WordPress coding.

PhpBB2 mod: http://www.phpbbantispam.com/viewtopic.php?t=1
WordPress plugin: http://wordpress.org/extend/plugins/antispam-for-all-fields/
Project files & mailinglist: https://sourceforge.net/projects/phpbbantispam/

TOP View user's profileSend private messageVisit poster's website  BOTTOM
 Post new topic   This topic is locked: you cannot edit posts or make replies. All times are GMT + 1 Hour

Display posts from previous:   
 PhpBB- & WordPress- antispam.com Forum Index » [PhpBB2] Submit a bug » Log Username tied to user_id not hard wired!
 
 Page 1 of 1
 
 
 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Jump to:  


     Powered by phpBB © 2001, 2005 phpBB Group | Template Neon | Snelle Managed WordPress webhosting