• Welcome to Simple Machines Community Forum. Please login or sign up.
December 03, 2021, 09:51:46 AM

News:

Want to get involved in developing SMF, then why not lend a hand on our github!


[SMF 2.0] security question causes registration error

Started by rtil, September 19, 2011, 03:38:50 AM

Previous topic - Next topic

rtil

follow-up on this. i have pinpointed where this error is being triggered. in /Sources/Subs-Editor.php, the following code:

// This cannot happen!
if (!isset($_SESSION[$verificationOptions['id'] . '_vv']['count']))
fatal_lang_error('no_access', false);


I am not entirely sure what this means, but i am 100% sure this is where registrations are being stopped at (i changed the exception to die();, tried to register and got a blank page. no other no_access error did this).

if anyone knows why this might be happening and how to fix it please let me know. in the meantime i will try to figure it out myself as now i know the source of the problem and some more clues.

also, if i comment out this if statement, the error pops up on the next if statement right underneath it as well.

seems like somehow the answers to the verification question are not making it to register2. how could this happen?

Angelina Belle

September 30, 2011, 08:54:04 AM #21 Last Edit: September 30, 2011, 09:01:54 AM by AngelinaBelle
I am really not certain what is going on here.
What were the results of this:
Quote from: Norv on September 27, 2011, 03:19:40 AM
I would do the following, to be sure: dump the settings table of a new 2.0/2.0.1 installation, into a file, and do the same with the settings table of your live forum. If you wish, you can compare them yourself, or you can PM me the dump of your live installation settings table, to take a quick look.
If that doesn't help, then we can try to take a look at permissions too (sounds unlikely though). Also, during attempted registration, does the page show any js errors or other errors in the browser console?
Never attribute to malice that which is adequately explained by stupidity. -- Hanlon's Razor

Norv

rtil,

Quote from: rtil on September 23, 2011, 04:00:10 PM
when users tried to register with my security question, after registering it would just take them to an error page that said
QuoteAn Error Has Occurred!
You are not allowed to access this section

when i turned the registration question off, this didn't happen anymore.

however, now my forum is being flooded with spambots because CAPTCHA just doesn't show up (blank image). so i have no registration security at the moment.

this is my forum link: http://www.thebackalleys.com/forum/

i have no mods that interfere with CAPTCHA or registration questions.

any ideas as to why a security question would cause an error?

the question was "what is 5+3?" with the answer "8".

when i enabled security question, it gave me 4 rows of questions with no options to add or remove rows. i left the rest of the rows blank.

Can you please check, after you do this, that in the field:
"Number of verification questions user must answer
(0 to disable; questions are set below)"
there's also "1" ? (for 1 question, if you only entered one question below all this).
(no quotes, just the 1)
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker


Also known as Norv on D* | Norv N. on G+ | Norv on Github

rtil

yes, for the second time, there is already a 1 in that field. i would not miss something like that.

there were many settings missing from my forum when i compared the smf_settings to a clean installation. i manually added many that were missing, but none of them had anything to do with registration. the _admin_info_files table was also empty so i restored that as well.

if you'd like to see them i can attach them, but it's quite tedious to go through as you might imagine.

no js errors to be found.

rtil

i doubt this will ever be solved so i disabled the security question and installed notCaptcha instead.

my best guess is that it is some sort of session problem, but beyond that i don't know.

rtil

follow-up on this.

i resolved this myself.

how? well, it was basically me fixing a problem that i created myself.

in the index template, i had done a php include of a part of my website i integrate into every part of my site. and in that file, a mysql database that is not smf's is selected. well, because of that, the forum was having session problems that i was unaware of the cause of for quite some time.

i was clued in to this problem when one page was telling me that a table wasn't found under a database that i had made way before i ever had this forum, and asked myself, why is it looking for that table in my database?

well, it was only a few minutes later that i found the file, and added an exception so that if a user is in the forum, it re-selects the smf database once it's done running the queries it needs from mine.

this has not only solved the registration error for security questions, but a lot of other issues i was having with the forum that no one else has really ever suffered from - which makes sense to me, because what i did to cause it is a pretty unique situation.

thanks for those who tried to help, though. there was no way you could have known  :P

busterone

Great. Yep, would have never guessed that one, but I am glad you found it.  :)

Angelina Belle

Never attribute to malice that which is adequately explained by stupidity. -- Hanlon's Razor

Advertisement: