nb Core Community
February 10, 2012, 08:46:35 pm *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: 1.2.3 +nb is now final and released

@new registrations. I will not allow any new registrations here as there are more (real person) spambots here than ever.... captcha proved to be ineffective.

After your registration, mail me at ( admin AT shinobilegends.com ) from the mail address you want to register. Provide some text about you and possibly your game.
 
   Home   Help Search Calendar Downloads Login Register  
nb Core Community > Development Discussions > Version 1.1.1.2+nb > Bugreports > Bug in mail validation for email changers <-> forgotten password
Pages: [1]
« previous next »
  Print  
Author Topic: Bug in mail validation for email changers <-> forgotten password  (Read 1015 times)
Nightborn
Administrator
Sr. Member
*****

Karma: +20/-0
Posts: 306



View Profile WWW
« on: July 10, 2008, 05:28:35 pm »
Okay, I overlooked something.


When you have the setup:

email necessary
email needs validation
you let players change the email
and require validation
and sent to the OLD account email OR the NEW account email

then you can bypass the validation which needs to be clicked on in the mail by simply requesting a forgotten password. that will overwrite the email request ID and you can basically do the following:

capture a password
get into an account, request a change of email
change the password

then ONCE the old old owner cannot get in, requests a forgotten password
CLICKS the link --> he changes the email address to the new, fraudulent one.

I have fixed this, but you need to copy the files:

create.php
prefs.php

from the now updated archive to your version

AND

generate a new field in the accounts table:

name: forgottenpassword
type: varchar(32)
default: ''

or else you'll get error messages.
Logged
It should be fixed, but it won't be easy and it won't be fast. If you want
to help - wonderful. But keep in mind that it will take months of wading
through the ugliest code we have in the tree. If you've got a weak stomach -
stay out. I've been there and it's not a nice place.

   - Al Viro
Nightborn
Administrator
Sr. Member
*****

Karma: +20/-0
Posts: 306



View Profile WWW
« Reply #1 on: July 13, 2008, 07:00:43 am »
Please download anew and replace the dragon.php

 Roll Eyes if you do a DK, the email request field gets reset ... I forgot to include it there...

not that this also affects the circulum vitae, you need to make the two new fields persistent in the CV editor.
Logged
It should be fixed, but it won't be easy and it won't be fast. If you want
to help - wonderful. But keep in mind that it will take months of wading
through the ugliest code we have in the tree. If you've got a weak stomach -
stay out. I've been there and it's not a nice place.

   - Al Viro
Pages: [1]
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!