Score: 3.50 Votes: 2
rate this

Passwords?

Starter: Aimode Posted: 16 years ago Views: 999
#4286046
Lvl 8
The log-in system does not deal with non alpha-numeric characters. I am currently unable to log into my normal account after adding a ' and > to my password.

Shouldn't passwords be tested for invalid characters when they are entered?
#4286047
Lvl 26
#4286048
Lvl 51
#4286049
Lvl 22


(no breaks given ? )
#4286050
Lvl 26
This has to-do with the password coming out of the database is non escaped and the password you entered is escaped.

Something like:

[php]
$strDb = "haha'haha";
$strUser = "haha\'haha";

if ($strDb == $strUser) {
echo "login succes";
} else {
echo "login incorrect, what happens in this case.";
}
[/php]

I have fixed this in next patch.
#4286051
Lvl 27
rofl @ dizzy **
#4286052
Lvl 18
#4286053
Lvl 8
@Donavan, Yeah I thought about posting that one myself.

Now that I have a few people's attention, anyone want to change the password on Aisorbma and send the new password to the associated email? A big thank you to anyone feeling so kind.

Glad to know it won't be an issue in the future. And for a little more amusement: I clicked on the lost password link hoping it would reset the password but it just sent the email with the password, the ' sitting in the middle was like a , , and all together.
#4286054
Lvl 28
Quote:
Originally posted by Aimode

I clicked on the lost password link hoping it would reset the password but it just sent the email with the password, the ' sitting in the middle was like a


I lol'd pretty hard at that.
#4286055
Lvl 11
Quote:
Originally posted by Aimode

@Donavan, Yeah I thought about posting that one myself.



.... so, that reply totally made me lower my sunglasses and do this with my eyebrows

#4286056
Lvl 10
Computerese...........does a Diz-X good.