Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest sNews - sNews 1.7 - with its own forums - for discussion and user mods.

Author Topic: [FIX] Math Captcha fix (sNews1.5.31)  (Read 5759 times)

Mika

  • Hero Member
  • *****
  • Karma: 9
  • Posts: 1377
    • http://www.ni5ni6.com/
[FIX] Math Captcha fix (sNews1.5.31)
« on: February 03, 2007, 07:56:58 am »
There is a bug in MathCaptcha, reported here.

Fix:
- there are 3 occurances of this code inside the following functions (snews.php file):
function snews_startup()
function comment($freeze_status)
function contact()
Quote
$calc = (is_numeric($_POST['calc']) == is_numeric($_POST['sum'])) ? $_POST['calc'] : null;
-replace them with this:
Quote
$inputCalc = is_numeric($_POST['calc']) ? $_POST['calc'] : null;
$sum = is_numeric($_POST['sum']) ? $_POST['sum'] : null;
$calc = $inputCalc === $sum ? $inputCalc : null;
Logged
http://www.ni5ni6.com/ - Tutorials, Mods and How-To's about sNews CMS
sNews 1.6 Developers Edition - commented sNews 1.6 version

Keyrocks

  • Doug
  • ULTIMATE member
  • ******
  • Karma: 449
  • Posts: 6020
  • Semantically Challenged
    • snews.ca
[FIX] Math Captcha fix (sNews1.5.31)
« Reply #1 on: February 24, 2007, 04:54:06 pm »
This bug-fix - like all others - should be made to the download package... and a file revision date added to the top of the snews.php file... so this bug-fix can be deleted from here altogether. The snews.php I downloaded on Feb. 21 does not have this bug-fix added... and has no revision date in it either. This makes it impossible to know what's been done in what version of the same file... and when. :)
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU

Keyrocks

  • Doug
  • ULTIMATE member
  • ******
  • Karma: 449
  • Posts: 6020
  • Semantically Challenged
    • snews.ca
[FIX] Math Captcha fix (sNews1.5.31)
« Reply #2 on: March 04, 2007, 04:09:56 pm »
Mika... I found that I still had to apply the patches to the 1.5.31 distribution pack I downloaded on Feb.21.07... to all three functions. I just downloaded a fresh ZIP a few minutes ago and found the patches still are not included in any of the 3 functions.

I should also note that I can type any sum into the math-check field in the login panel... right or wrong... and it still logs me in. This patch works for the comments and contact forms buit it doesn't appear to work in my login panel.
SOLVED: I was using the hard-coded $db variables for username & password... in function snews_startup()... to over-ride the dbase settings for username & password... according to your earlier (can't remember where right now) mod. I found that the string for your mod needed to have the $calc variable added to the end to make the math-sum check work:
Quote
function snews_startup() {
   connect_to_db();
   if (get_id('category') == 'rss') {rss(); die;}
   update_articles();
   if (isset($_POST['Loginform'])) {
      $user = checkUserPass($_POST['uname']);
      $pass = checkUserPass($_POST['pass']);
      # math captcha check
      $inputCalc = is_numeric($_POST['calc']) ? $_POST['calc'] : null;
      $sum = is_numeric($_POST['sum']) ? $_POST['sum'] : null;
      $calc = $inputCalc === $sum ? $inputCalc : null;
      // Mika's u-name and password check string, for hard-coded $db variables at top of file.
      if ($user === db('user') && $pass === db('pass') && $calc) {
      // if (md5($user) === s('username') && md5($pass) === s('password') && $calc) {
         $_SESSION[db('website').'Logged_In'] = token();
      }
   }
}
snews_startup();
« Last Edit: August 21, 2007, 10:08:13 pm by Keyrocks »
Logged
Do it now... later may not come.
-------------------------------------------------------------------------------------------------
sNews 1.6 MESU | sNews 1.6 MEMU