Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: getting 1.5 to accept my form input  (Read 3518 times)

0 Members and 1 Guest are viewing this topic.

durangod

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 42
getting 1.5 to accept my form input
« on: January 12, 2011, 01:05:53 pm »
Hi, im alittle late in the game here, i finally saw that 1.4 support is shut down and im in the process of moving my data over to the new version.  And when i was finishished i wanted to share this with everyone but i cant get it to work on 1.5 and not sure why

Its not taking my user input into the form, the session answer is there i did an echo and the value is that, but its not grabbing the value of my answer when i click send an im not sure if i need to add the form key to the cage check or not...  can you point me in the right directions. is all post data sent thru a special filter in order to accept it.. 

here is the code, im not asking for you to do code for me just help me understand where im missing the boat here... thanks

first here is the form data funciton i added to the top of register php
Code: [Select]

/**
* display_security()
*
* Display the security question
*
**/
// added this function for security question
//security answer
$_SESSION['correct_answer'] = "5";
//display security question

function display_security()
{
 global $CPG_PHP_SELF,$lang_register_php;

$sectext = "Please enter answer to security question";
 echo <<<EOT
<center><em> STEP 1 - ANSWER SECURITY QUESTION </em>
<br />
<br />
<form method="post" action="$CPG_PHP_SELF">
EOT;
starttable(-1,$sectext);
    echo <<<EOT
<!-- added new sec check here -->

<tr>
            <td colspan="2" align="center" class="tablef">
Security Question: How many letter e's in the word "SecurityIntellegence"? <input name="response" type="text" class="textinput" id="response" size="1" maxlength="2" value="" />


<!-- stop new security check -->
&nbsp;&nbsp;
<input type="submit" name="submit" id="submit" value="submit" class="button" />
                </td>
</tr>
EOT;
    endtable();
    print '</form>';
//end of add

}//end display security


and here is the bottom of register php where i process the page process..  as you can see i just took the else that was there already and just added to it and included my process.

Code: [Select]

} else {
                pageheader($lang_register_php['page_title']);

                      //added  security                                                                   
                     
                              // tried this didnt work   if ($superCage->post->keyExists('answer'))

                                         if(isset($_POST['submit']))

                         { 

                                        $Sec_answer = getEscaped($_POST['response']);

                                                                                                   
      if($Sec_answer != $_SESSION['correct_answer'])
                                                    {
                                   $Incorrect = "<center><span style='font-size:10px;'>Security Question Answer is incorrect!! <br />
                                Please click register from main menu and try again!</span></center>";

                                   starttable(-1,$Incorrect);

                                   endtable();
                                   }else{                                           

              pageheader($lang_register_php['page_title']);
 
   if ($CONFIG['user_registration_disclaimer'] == 1 && !$superCage->post->keyExists('submit') && !$superCage->post->keyExists('agree'))
                                                             {

                                                // display the disclaimer page
                                                display_disclaimer();

                                                              } else {

                                                if (!$superCage->post->keyExists('submit'))
                                                                                      {
                                                                          input_user_info();
                                                                                      } else {
                                                                       if (!check_user_info($errors))
                                                                                                       {
                                                                               input_user_info($errors);
                                                                                                       }
                                                                                                }//close else
                                                                      }//close else
                                                                                 
                                            }//close else if correct answer ok
                     
                                                                         
                  } // close if post response
                     else{
                       // trap display security until corrrect answer given
                       display_security();
                            }

}//close else

pagefooter();

?>


i think this would be nice to share but i wanted to get it working first..
Logged

François Keller

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: fr
  • Offline Offline
  • Gender: Male
  • Posts: 9094
  • aka Frantz
    • Ma galerie
Re: getting 1.5 to accept my form input
« Reply #1 on: January 12, 2011, 02:29:57 pm »
Logged
Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

durangod

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 42
Re: getting 1.5 to accept my form input
« Reply #2 on: January 13, 2011, 01:20:00 am »
thanks you so kindly i got it... here ya go if anyone would like to use this in addition to whatever else you might use.  Tested and works.

in register php find this
Code: [Select]
/*****************************
* function definitions start *
*****************************/

and AFTER add this

Code: [Select]

// set the session for correct answer
//security answer
$_SESSION['correct_answer'] = "5";

// added this function for security question

/**
* display_security()
*
* Display the security question
*
**/

function display_security()
{
 global $CPG_PHP_SELF,$lang_register_php;

$sectext = "Please enter answer to security question";
 echo <<<EOT
<center><em> STEP 1 - ANSWER SECURITY QUESTION </em>
<br />
<br />
<form method="post" name="cpgform" id="cpgform" action="$CPG_PHP_SELF">
EOT;
starttable(-1,$sectext);
    echo <<<EOT
<!-- added new sec check here -->

<tr>
            <td colspan="2" align="center" class="tablef">
Security Question: How many letter e's in the word "SecurityIntellegence"? <input name="response" type="text" class="textinput" id="response" size="1" maxlength="2" value="" />

<!-- stop new security check -->
&nbsp;&nbsp;
<input type="submit" name="submitanswer" id="submitanswer" value="Submit" class="button" />
                </td>
</tr>
EOT;
    endtable();
    print '</form>';
//end of add

}//end display security


then to all the way to the bottom and find this

Code: [Select]


//user self-activated, gets message box that account was activated
        msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php');
    }

} else {


if you dont have any other mods that affect this file and you have the original file then just remove everything after that {  (on the else)

all the way to the bottom of the page and put this instead (this incorporates what was there and the security question process)

Code: [Select]

 pageheader($lang_register_php['page_title']);

                        //added  security question process

                         //set cage and grab response input if any

                    $cage_POST = Inspekt::makePostCage();

                             $Given_answer = $cage_POST->getDigits('response');

            if ($Given_answer)
                   {                                                                 
                                                                                                                                           
                  if ($Given_answer != $_SESSION['correct_answer'])
                          {

                          $Incorrect = "<center><span style='font-size:11px;'>Security Question Answer is incorrect!! <br />
                                Please click register link from main menu and try again!</span></center>";
                                   
                                   starttable(-1,$Incorrect);

                                   endtable();
                                 
                                 
                            }else{
                                     //if correct answer then display the disclaimer
                                    display_disclaimer();
                                     }

                                   

                       }elseif($CONFIG['user_registration_disclaimer'] == 1 && $superCage->post->keyExists('agree'))
                            {

                                  if (!$superCage->post->keyExists('submit'))
                                  {
                                input_user_info();
                                   } else {
                                          if (!check_user_info($errors))
                                                         {
                                                         input_user_info($errors);
                                                           }
                                              }//close else
                           

                            }else{
                                //if no input answer and no disclaimer
                                    display_security();
                                 }


 }//close else
                                                                       
         
pagefooter();

?>


Logged

durangod

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 42
Re: getting 1.5 to accept my form input
« Reply #3 on: January 13, 2011, 04:31:39 am »
i just forgot to say if anyone would like to make a plugin out of this security question routine go for it, all i ask is to mention  me someplace  "durango dave" in the credits but your welcome to do so if you like..  peace and enjoy i hope it helps you thats the whole point....
Logged

durangod

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 42
Re: getting 1.5 to accept my form input
« Reply #4 on: March 30, 2012, 05:02:00 pm »
I just wanted to let everyone know that this still works on the current version 1.5.20  the only changes i made to the code above (not that i had to but i felt it better)  was i changed the double quotes to single quotes in this line.

Code: [Select]
$_SESSION['correct_answer'] = '20';

and i changed the question to this

Code: [Select]
Security Question: How many characters in the word "SecurityIntellegence"?

and thats it, still running great.  thanks
Logged
Pages: [1]   Go Up
« previous next »
 

Page created in 0.03 seconds with 20 queries.