The secure CMS.

Welcome to Geeklog, Anonymous Friday, April 19 2024 @ 04:08 am EDT

Geeklog Forums

Minor Bug (w/fix) in users.php (Custom Reg)

 New Topic  Post Reply
 03/01/08 05:26pm (Read 2,364 times)  

Earnest

Anonymous
Maybe this is fixed in CVS, but if you use Custom Registration users can bypass the custom fields by clicking the Forgot Password link, entering a bogus name, and then registering with the simple Username and Email form that displays afterward.

The problem is with the function defaultform. It needs a small change. The function below works for me.

Text Formatted Code
/**
* Account does not exist - show both the login and register forms
*
* @param    string  $msg        message to display if one is needed
* @return   string  HTML for form
*
*/
function defaultform ($msg)
{
    global  $_CONF,$LANG04;
    $retval = '';
    if (!empty ($msg)) {
        $retval .= COM_startBlock ($LANG04[21], '',
                           COM_getBlockTemplate ('_msg_block', 'header'))
                . $msg
                . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
    }
    $retval .= loginform (true);
    if ($_CONF['custom_registration'] && function_exists ('CUSTOM_userForm')) {
                    $retval .= CUSTOM_userForm ();
                } else {
                    $retval .= newuserform ();
                }
    $retval .= getpasswordform ();
    return $retval;
}
 Quote
 New Topic  Post Reply
All times are EDT. The time is now 04:08 am.
  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content