The secure CMS.

Welcome to Geeklog, Anonymous Friday, November 22 2024 @ 07:53 pm EST

Geeklog Forums

Minor Bug (w/fix) in users.php (Custom Reg)

 New Topic  Post Reply
 03/01/08 05:26pm (Read 2,434 times)  

Earnest

Anonymous
Maybe this is fixed in CVS, but if you use Custom Registration users can bypass the custom fields by clicking the Forgot Password link, entering a bogus name, and then registering with the simple Username and Email form that displays afterward.

The problem is with the function defaultform. It needs a small change. The function below works for me.

Text Formatted Code
/**
* Account does not exist - show both the login and register forms
*
* @param    string  $msg        message to display if one is needed
* @return   string  HTML for form
*
*/
function defaultform ($msg)
{
    global  $_CONF,$LANG04;
    $retval = '';
    if (!empty ($msg)) {
        $retval .= COM_startBlock ($LANG04[21], '',
                           COM_getBlockTemplate ('_msg_block', 'header'))
                . $msg
                . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
    }
    $retval .= loginform (true);
    if ($_CONF['custom_registration'] && function_exists ('CUSTOM_userForm')) {
                    $retval .= CUSTOM_userForm ();
                } else {
                    $retval .= newuserform ();
                }
    $retval .= getpasswordform ();
    return $retval;
}
 Quote
 New Topic  Post Reply
All times are EST. The time is now 07:53 pm.
  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content