Main Menu


· Home
· FAQ
· Forum
· Wiki


Welcome


Username:

Password:


Remember me

[ ]
[ ]
[ ]


Poll



How many users do you have using WRM?

Under 5

5 - 10

11 - 30

31 - 60

61 - 100

101 - 200

Over 200

This poll is restricted to members only

Votes: 88 Comments: 2
Previous polls


Latest Forum Posts


Posted by pathfinder ravi7
im do an upgrade on my contract phone shortly and [more ...]
26 Jul : 23:41

Posted by Lexy
Were just have same problem...
26 Jul : 15:47

Posted by Lexy
I think the good example in your problem is the co[more ...]
26 Jul : 15:45

Posted by Lexy
Hi!You have a great theme.I think the combination [more ...]
26 Jul : 15:43

Posted by Illydth
What, just out of curiosity, was your fix for this[more ...]
20 Jul : 10:24

Posted by Illydth
Ok,THanks for the information, obviously without m[more ...]
20 Jul : 10:24

Posted by Illydth
As always thanks guys for the contributions. :)
20 Jul : 10:18

Posted by Illydth
Sebski:Sorry about the late reply here, my time is[more ...]
20 Jul : 10:15

Posted by Illydth
If you're looking for themes for e107 there are se[more ...]
20 Jul : 10:07

Posted by Le-Thor
Here are all the files... user_signups.zip
20 Jul : 09:43



Online


Guests: 9
Members: 0
On this page: 1
Members: 1583, Newest: ero

Link to us


Link to us


Forums


WoW Raid Manager :: Forums :: Support
<< Previous thread | Next thread >>   

Consolidated Bridge Password Check Always True Thread
Author Post
Illydth
Mon Oct 13 2008, 10:32AM
SysOp

Joined: Mon Sep 24 2007, 02:51PM
Posts: 1886
There's at least two of you with issues with the PHPBB3 bridge and having any/all users authenticate regardless of the password you put in place.

I am working the issue and will respond in this thread.  I have locked the other two so that we can consolidate discussion.

--Illydth
- Douglas Wagner -
Site Admin
Back to top
Illydth
Mon Oct 13 2008, 11:39AM

Joined: Mon Sep 24 2007, 02:51PM
Posts: 1886
Definately a 3.5.1 bug. Working with cause and fix now. I expect a patch for this this afternoon.
- Douglas Wagner -
Site Admin
Back to top
Illydth
Mon Oct 13 2008, 02:19PM

Joined: Mon Sep 24 2007, 02:51PM
Posts: 1886
Illydth = Moron.

auth/auth_phpbb3.php

Lines 126 - 133 Read:


        $initString = '$H$';
        $testVal = $pwd_hasher->CheckPassword($oldpassword, $db_pass);

        echo "TestVal=" . $testVal;
        if ($testVal)
                return 0;
        else
                return 1;


This produces EXACTLY the effect you see, the code should read:


        $initString = '$H$';
        $testVal = $pwd_hasher->CheckPassword($oldpassword, $db_pass, $initString);

        echo "TestVal=" . $testVal;
        if ($testVal)
                return TRUE;
        else
                return FALSE


The difference here is first I neglected to pass the $initString parameter to $pwd_hasher->CheckPassword() This caused check password to CONSTANTLY produce a password that couldn't match that of PHPBB3. So, no matter what you put into the password box, this fails.

The IF check then says "if the return is a failure, return true"...meaning no matter what you type in it's always doesn't match, which means that everything is ok and lets you in.

Yea, I'm a brainiac...

Patch incomming.

--Illydth

- Douglas Wagner -
Site Admin
Back to top
Illydth
Mon Oct 13 2008, 03:28PM

Joined: Mon Sep 24 2007, 02:51PM
Posts: 1886
- Click Here -
- Douglas Wagner -
Site Admin
Back to top
Caer
Mon Oct 13 2008, 04:33PM
Registered Member #110
Joined: Fri Mar 21 2008, 10:33AM
Posts: 42
Hello,

THANK YOU! for this very quick fix!


One minor thing is still there but is not a security issu and i am not sure if WRM cares about the session of phpBB (and may be this is just a local issu (i am testing on localhost, so there are no cookies). If a user login into phpBB and then to WRM (and login) and then go back to phpBB he is logged off from phpBB.

Regards
Caer
Back to top
Illydth
Mon Oct 13 2008, 04:45PM

Joined: Mon Sep 24 2007, 02:51PM
Posts: 1886
Ew....

This is "grey area". What I don't care about is that you are logged into WRM when you log into phpBB...that isn't intended.

HOWEVER WRM should not be blowing away phpBB's cookie either. My gut reaction on this is that phpBB and WRM are using the same cookie. We fixed a "session" problem (users logged into one installation of WRM could access other installations of WRM even if they were on different bridges). And none of the cookie stuff I'm seeing identifies any kind of "name" of some sort. Not sure how I'd be crossing this up, but it doesn't necessairly surprise me either.

That said, I don't know how much effort I'm going to put into this. IF anyone has ideas for something I could check I'd be happy to look, but I'm not sure how much I'll be "debugging" this.

--Illydth
- Douglas Wagner -
Site Admin
Back to top
Caer
Mon Oct 13 2008, 05:10PM
Registered Member #110
Joined: Fri Mar 21 2008, 10:33AM
Posts: 42
Hello,

Ok, just put this question aside. ;-)

Regards
Caer
Back to top
Moderators: Illydth

Jump:     Back to top
Syndicate this thread: rss 0.92 Syndicate this thread: rss 2.0 Syndicate this thread: RDF
Powered by e107 Forum System


Date / Time


 


Search WoW Raid Manager




Chatbox


You must be logged in to post comments on this site - please either log in or if you are not registered click here to signup


Illydth
Due to an e107 vulnerability, the contact us link has been temporarily removed. If you need contact information please see the support forum at the top in a sticky called "contact the admin".

Illydth
Updating site to 0.7.22, there may be some slowness/issues surrounding this as the update is in progress.

Illydth
Just to clarify: Gold Selling posts or any game illegal activities or advertisements of this sort are worth an IMMEDIATE removal and ban of the user.

Illydth
Everyone: Thank you SO MUCH for the forum reports for the spam we've received recently. Unfortunately there's not much I can do to keep the spammers off the board, however with your help in reporting spam posts we can rid the site of them.

Keep the reports coming!

Illydth
:) He's also posted the "Ignore" post to this as well.:)

I've responded to the question anyway, since it might give someone else an idea or hit on a search.

Jonneh
posted on the forum about it :)

- Click Here -

Jonneh
hmm, I can't find a way around this particular annoyance. Are normal users always supposed to be able to sign themselves up in a "Drafted" state, no matter what permissions they have?

ppbash
wow raid manager and wordpress? - Click Here -

Illydth
New quick patch for 4.0.4: Looks like there's a code modification needing to be made before installation can work successfully.

Check support: Current Patch Status for more info.

Illydth
4.0.4 Available in the Download Section. This is just a maintenance release on top of 4.0.3. See the announcements forum for more information.