Welcome to Geeklog, Anonymous Saturday, July 13 2024 @ 11:34 am EDT

Geeklog Forums

Create account without username


Status: offline

josheli

Forum User
Newbie
Registered: 08/16/03
Posts: 7
It\'s not that big of a deal, but it seems like a bug. It is possible to register as a new user without a username. I just did it on this site, got an email with a password, and of course can\'t login because I don\'t have a username. But now your database has a few extra records. There needs to be a check added in users.php, createuser(). something like: if(COM_isEmail($email)) && (isset($username)) {
 Quote

Status: offline

Robin

Forum User
Full Member
Registered: 02/15/02
Posts: 725
Further to this, you can actually log in (I did). When I tried to log in using just a password I was rejected, then I tried to input a space in login field and tadam I was suddenly logged. Strange hmmm. Does it mean any security issues?
Geeklog Polish Support Team
 Quote

Status: offline

josheli

Forum User
Newbie
Registered: 08/16/03
Posts: 7
i tried that too, using a space as username to login, but it didn\'t work. i think it\'s more of a headache than a security problem, and easily fixed. one possible security problem i can think of is that someone could make a script to bombard you with fake registrations, filling your database with dummy users, and effectively employing a DOS attack. of course, this can be done even if an empy username wasn\'t allowed, as long as your site accepts instant registrations.
 Quote

All times are EDT. The time is now 11:34 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content