getting 1.5 to accept my form input getting 1.5 to accept my form input
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

getting 1.5 to accept my form input

Started by durangod, January 12, 2011, 01:05:53 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

durangod

Hi, im alittle late in the game here, i finally saw that 1.4 support is shut down and im in the process of moving my data over to the new version.  And when i was finishished i wanted to share this with everyone but i cant get it to work on 1.5 and not sure why

Its not taking my user input into the form, the session answer is there i did an echo and the value is that, but its not grabbing the value of my answer when i click send an im not sure if i need to add the form key to the cage check or not...  can you point me in the right directions. is all post data sent thru a special filter in order to accept it.. 

here is the code, im not asking for you to do code for me just help me understand where im missing the boat here... thanks

first here is the form data funciton i added to the top of register php


/**
* display_security()
*
* Display the security question
*
**/
// added this function for security question
//security answer
$_SESSION['correct_answer'] = "5";
//display security question

function display_security()
{
global $CPG_PHP_SELF,$lang_register_php;

$sectext = "Please enter answer to security question";
echo <<<EOT
<center><em> STEP 1 - ANSWER SECURITY QUESTION </em>
<br />
<br />
<form method="post" action="$CPG_PHP_SELF">
EOT;
starttable(-1,$sectext);
    echo <<<EOT
<!-- added new sec check here -->

<tr>
            <td colspan="2" align="center" class="tablef">
Security Question: How many letter e's in the word "SecurityIntellegence"? <input name="response" type="text" class="textinput" id="response" size="1" maxlength="2" value="" />


<!-- stop new security check -->
&nbsp;&nbsp;
<input type="submit" name="submit" id="submit" value="submit" class="button" />
                </td>
</tr>
EOT;
    endtable();
    print '</form>';
//end of add

}//end display security



and here is the bottom of register php where i process the page process..  as you can see i just took the else that was there already and just added to it and included my process.



} else {
                pageheader($lang_register_php['page_title']);

                      //added  security                                                                   
                     
                              // tried this didnt work   if ($superCage->post->keyExists('answer'))

                                         if(isset($_POST['submit']))

                         { 

                                        $Sec_answer = getEscaped($_POST['response']);

                                                                                                   
      if($Sec_answer != $_SESSION['correct_answer'])
                                                    {
                                   $Incorrect = "<center><span style='font-size:10px;'>Security Question Answer is incorrect!! <br />
                                Please click register from main menu and try again!</span></center>";

                                   starttable(-1,$Incorrect);

                                   endtable();
                                   }else{                                           

              pageheader($lang_register_php['page_title']);
 
   if ($CONFIG['user_registration_disclaimer'] == 1 && !$superCage->post->keyExists('submit') && !$superCage->post->keyExists('agree'))
                                                             {

                                                // display the disclaimer page
                                                display_disclaimer();

                                                              } else {

                                                if (!$superCage->post->keyExists('submit'))
                                                                                      {
                                                                          input_user_info();
                                                                                      } else {
                                                                       if (!check_user_info($errors))
                                                                                                       {
                                                                               input_user_info($errors);
                                                                                                       }
                                                                                                }//close else
                                                                      }//close else
                                                                                 
                                            }//close else if correct answer ok
                     
                                                                         
                  } // close if post response
                     else{
                       // trap display security until corrrect answer given
                       display_security();
                            }

}//close else

pagefooter();

?>



i think this would be nice to share but i wanted to get it working first..

François Keller

Avez vous lu la DOC ? la FAQ ? et cherché sur le forum avant de poster ?
Did you read the DOC ? the FAQ ? and search the board before posting ?
Mon Blog

durangod

thanks you so kindly i got it... here ya go if anyone would like to use this in addition to whatever else you might use.  Tested and works.

in register php find this

/*****************************
* function definitions start *
*****************************/


and AFTER add this



// set the session for correct answer
//security answer
$_SESSION['correct_answer'] = "5";

// added this function for security question

/**
* display_security()
*
* Display the security question
*
**/

function display_security()
{
global $CPG_PHP_SELF,$lang_register_php;

$sectext = "Please enter answer to security question";
echo <<<EOT
<center><em> STEP 1 - ANSWER SECURITY QUESTION </em>
<br />
<br />
<form method="post" name="cpgform" id="cpgform" action="$CPG_PHP_SELF">
EOT;
starttable(-1,$sectext);
    echo <<<EOT
<!-- added new sec check here -->

<tr>
            <td colspan="2" align="center" class="tablef">
Security Question: How many letter e's in the word "SecurityIntellegence"? <input name="response" type="text" class="textinput" id="response" size="1" maxlength="2" value="" />

<!-- stop new security check -->
&nbsp;&nbsp;
<input type="submit" name="submitanswer" id="submitanswer" value="Submit" class="button" />
                </td>
</tr>
EOT;
    endtable();
    print '</form>';
//end of add

}//end display security



then to all the way to the bottom and find this




//user self-activated, gets message box that account was activated
        msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php');
    }

} else {



if you dont have any other mods that affect this file and you have the original file then just remove everything after that {  (on the else)

all the way to the bottom of the page and put this instead (this incorporates what was there and the security question process)



pageheader($lang_register_php['page_title']);

                        //added  security question process

                         //set cage and grab response input if any

                    $cage_POST = Inspekt::makePostCage();

                             $Given_answer = $cage_POST->getDigits('response');

            if ($Given_answer)
                   {                                                                 
                                                                                                                                           
                  if ($Given_answer != $_SESSION['correct_answer'])
                          {

                          $Incorrect = "<center><span style='font-size:11px;'>Security Question Answer is incorrect!! <br />
                                Please click register link from main menu and try again!</span></center>";
                                   
                                   starttable(-1,$Incorrect);

                                   endtable();
                                 
                                 
                            }else{
                                     //if correct answer then display the disclaimer
                                    display_disclaimer();
                                     }

                                   

                       }elseif($CONFIG['user_registration_disclaimer'] == 1 && $superCage->post->keyExists('agree'))
                            {

                                  if (!$superCage->post->keyExists('submit'))
                                  {
                                input_user_info();
                                   } else {
                                          if (!check_user_info($errors))
                                                         {
                                                         input_user_info($errors);
                                                           }
                                              }//close else
                           

                            }else{
                                //if no input answer and no disclaimer
                                    display_security();
                                 }


}//close else
                                                                       
         
pagefooter();

?>



durangod

i just forgot to say if anyone would like to make a plugin out of this security question routine go for it, all i ask is to mention  me someplace  "durango dave" in the credits but your welcome to do so if you like..  peace and enjoy i hope it helps you thats the whole point....

durangod

I just wanted to let everyone know that this still works on the current version 1.5.20  the only changes i made to the code above (not that i had to but i felt it better)  was i changed the double quotes to single quotes in this line.


$_SESSION['correct_answer'] = '20';


and i changed the question to this


Security Question: How many characters in the word "SecurityIntellegence"?


and thats it, still running great.  thanks