Welcome to Geeklog, Anonymous Sunday, December 22 2024 @ 11:07 am EST
Geeklog Forums
Create account without username
Status: offline
josheli
Forum User
Newbie
Registered: 08/16/03
Posts: 7
It\'s not that big of a deal, but it seems like a bug. It is possible to register as a new user without a username. I just did it on this site, got an email with a password, and of course can\'t login because I don\'t have a username. But now your database has a few extra records. There needs to be a check added in users.php, createuser(). something like:
if(COM_isEmail($email)) && (isset($username)) {
7
12
Quote
Status: offline
Robin
Forum User
Full Member
Registered: 02/15/02
Posts: 725
Further to this, you can actually log in (I did).
When I tried to log in using just a password I was rejected, then I tried to input a space in login field and tadam I was suddenly logged. Strange hmmm.
Does it mean any security issues?
Geeklog Polish Support Team
Geeklog Polish Support Team
24
9
Quote
Status: offline
josheli
Forum User
Newbie
Registered: 08/16/03
Posts: 7
i tried that too, using a space as username to login, but it didn\'t work.
i think it\'s more of a headache than a security problem, and easily fixed.
one possible security problem i can think of is that someone could make a script to bombard you with fake registrations, filling your database with dummy users, and effectively employing a DOS attack.
of course, this can be done even if an empy username wasn\'t allowed, as long as your site accepts instant registrations.
10
14
Quote
All times are EST. The time is now 11:07 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content