Assigned ticket to user "Acyd Burn"
Action performed by Acyd Burn (Server Manager) on Jun 21st 2008, 17:07
Bug tracker
Banning username * results in SQL error (fix completed in vcs)
An attempt to enter a ban username as a single asterisk (*) results in an sql error in 3.0.1.
Comments / History
Posted by bantu (3.0 Release Manager) on Jun 17th 2008, 18:25
Would you please provide the error message you get?
Posted by Dog Cow on Jun 18th 2008, 17:26
Ok, well let's find out.... It turns out that I think that version of PHP or MySQL might mattter. you see I have two installations of 3.0.1: one live on a hosted server with PHP 4/MySQL 4 and over 100 users, and one I have at home running on OS X with 2 users and what I listed.
It turns out that on my live board, the error does not occurr, so I will have to go back and check the one where I did get an error-- and that error was repeatable, I made sure of that! I just didn't note the error message.
It turns out that on my live board, the error does not occurr, so I will have to go back and check the one where I did get an error-- and that error was repeatable, I made sure of that! I just didn't note the error message.
Posted by Schumi (QA Team) on Jun 18th 2008, 17:42
I can reproduce with PHP 5.2.4 and both MySQL 5.0.51a and PostgreSQL 8.3.3:
SQL ERROR [ postgres ]
ERROR: invalid input syntax for integer: "*" []
SQL
INSERT INTO phpbb_banlist (ban_userid, ban_start, ban_end, ban_exclude, ban_reason, ban_give_reason) VALUES ('*', 1213810677, 0, 0, '', '')
BACKTRACE
FILE: includes/db/postgres.php
LINE: 177
CALL: dbal->sql_error()
FILE: includes/db/dbal.php
LINE: 438
CALL: dbal_postgres->sql_query()
FILE: includes/functions_user.php
LINE: 992
CALL: dbal->sql_multi_insert()
FILE: includes/mcp/mcp_ban.php
LINE: 64
CALL: user_ban()
FILE: includes/functions_module.php
LINE: 471
CALL: mcp_ban->main()
FILE: mcp.php
LINE: 231
CALL: p_master->load_active()
Posted by Dog Cow on Jun 18th 2008, 20:17
MySQL:
basedir -- /usr/local/mysql-5.0.51b-osx10.5-x86_64/
version -- 5.0.51b
version comment -- MySQL Community Server (GPL)
version compile machine -- i686
version compile os -- apple-darwin9.0.0b5
PHP:
System -- Darwin macmini.local 9.0.0 Darwin Kernel Version 9.0.0: Thu Oct 11 19:23:39 PDT 2007; root:xnu-1228~3/RELEASE_I386 i386
Server API -- Apache 2.0 Handler
Apache:
Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7l DAV/2 PHP/5.2.4
phpBB 3.0.1:
banlist table -- is empty
users table -- contains standard bots, plus 1 main admin, and 2 standard users
Additional notes:
Problem seems to be with MySQL, normally most versions of MySQL will convert an incompatible data type (say if you try to enter text to an int column, it will convert to 0)
Seems that phpBB developers assumed all versions of MySQL would do that, but that's not the case here with my version of MySQL.
Here's what I changed to fix the error:
in functions_user.php I changed this line:
to this:
Also, it seems like wild card username banning is not well-implemented at all. The check_ban function has a part that looks for user_id = 0, but that is never called in session.php. Secondly, if one does ban all usernames, there is no way to unban; it does not show up in ACP ban. But the function user_ban() was clearly written with that potential in mind:
basedir -- /usr/local/mysql-5.0.51b-osx10.5-x86_64/
version -- 5.0.51b
version comment -- MySQL Community Server (GPL)
version compile machine -- i686
version compile os -- apple-darwin9.0.0b5
PHP:
System -- Darwin macmini.local 9.0.0 Darwin Kernel Version 9.0.0: Thu Oct 11 19:23:39 PDT 2007; root:xnu-1228~3/RELEASE_I386 i386
Server API -- Apache 2.0 Handler
Apache:
Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7l DAV/2 PHP/5.2.4
phpBB 3.0.1:
banlist table -- is empty
users table -- contains standard bots, plus 1 main admin, and 2 standard users
Additional notes:
Problem seems to be with MySQL, normally most versions of MySQL will convert an incompatible data type (say if you try to enter text to an int column, it will convert to 0)
Seems that phpBB developers assumed all versions of MySQL would do that, but that's not the case here with my version of MySQL.
Here's what I changed to fix the error:
in functions_user.php I changed this line:
- Code: Select all
$type => $ban_entry,
to this:
- Code: Select all
$type => ($type == 'ban_userid') ? intval($ban_entry) : $ban_entry,
Also, it seems like wild card username banning is not well-implemented at all. The check_ban function has a part that looks for user_id = 0, but that is never called in session.php. Secondly, if one does ban all usernames, there is no way to unban; it does not show up in ACP ban. But the function user_ban() was clearly written with that potential in mind:
- Code: Select all
if (in_array('*', $ban_list))
{
// Ban all users (it's a good thing that you can exclude people)
$banlist_ary[] = '*';
}
ban_userid_err.jpg (66.2 KB)
Posted by Acyd Burn (Server Manager) on Jun 21st 2008, 16:59
Also, it seems like wild card username banning is not well-implemented at all.
Wildcard username banning is not implemented at all and should not be possible.
Changed ticket status from "New" to "Fix completed in SVN"
Action performed by Acyd Burn (Server Manager) on Jun 21st 2008, 17:07
Linked ticket with changeset: r8668
Action performed by Anonymous (I am too lazy to register) on Jun 21st 2008, 17:08