Bug in Lost Password: mail_password function

Posted: Sun Jan 04, 2004 12:36 am

This may be a hidden bug which most phpnuke site owners might not notice but I have found this to be an anoying bug.

A user who does not remember thier password can simply access the Lost Password function of the phpnuke website. By typing in the username, the script will look for, then verify the account and send off a new password to the email address which is set for that user account.

Well, here is the bug. You can input any invalid username, example "jambajulalee", then hit the Send Password button and the script will say that the password has been mailed off. Well, being that there is no such user by that username, how can the password be mailed off?

What actually happens is the script sends off an email to no email address at all. Below is an example of the returned mail error which I would then receive:

Quote:

A message that you sent contained no recipient addresses, and therefore no delivery could be attempted.

------ This is a copy of your message, including all the headers. ------

Received: from #### by server.domain.net with local (Exim 4.24)
id 1Ad3Sa-00035q-B9; Sun, 04 Jan 2004 00:18:08 -0800
To:
Subject: User Password for jambajulalee
From: webmaster@phpnukesite.com
X-Mailer: PHP/4.3.4
Message-Id: <E1Ad3Sa-00035q-B9@server.domain.net>
Date: Sun, 04 Jan 2004 00:18:08 -0800

The user account 'jambajulalee' at Nuke Powered Website has this email associated with it. A Web user from <ip address> has just requested that password be sent.

Your new Password is: <random>

You can change it after you login at http://www.phpnukesite.com/modules.php?name=Your_Account

If you didn't asked for this, don't worry. You are seeing this message, not 'them'. If this was an error just login with your new password.

Being that the email was sent off to no email address, the system on which the phpnuke site is on will return the email. If you have a catch-all in place as I do, then you will receive every error message as the one above.

The fix to this problem is simple. In the index.php file in the modules/Your_Account directory, find the following code, ussually around line 641:

Code:

$sql = "SELECT user_email, user_password FROM ".$user_prefix."_users WHERE username='$username'";
$result = $db->sql_query($sql);
if(!$result) {
include("header.php");

and replace it with the following:

Code:

$sql = "SELECT user_email, user_password FROM ".$user_prefix."_users WHERE username='$username'";
$result = $db->sql_query($sql);
// if(!$result) { // Removed Line
$user_count = sql_num_rows($result); // Added New Lines
if($user_count==0) { // Added New Lines
include("header.php");

Or as RAVEN mentions below...

A simpler fix is to change this lineCode:

Code:

if(!$result) {

toCode:

Code:

if(!sql_num_rows($result)) {

Hope that helps anyone who might be receiving the same anoying error emails.

Support Mod Joined: Mar 19, 2003 Posts: 308

Chican0,

that's exactly what I was looking for today! Did you quick forum-search and this topic came up first! I did the necessary changes and it works just great! I believe that a lot of people think: did I allready register or not, and if they read="password has been mailed" they think they registered before and thus will not do so again.

great tool! greetz,

Bart

Posted: Sun Jan 04, 2004 6:00 am

I am glad it helped you out. I had actually found this problem many versions of PHPNuke back. I just never got off my rear end and let others know. A friend of mine who actually helped me out with this reminded me about making it public to others. So now here you have it. Hopefully, it will be implemented in future version updates of PHPNuke. I really hate having to apply it each time.

Support Mod Joined: Mar 19, 2003 Posts: 308

Chican0,

I have submitted this as a news-article, I hope it gets accepted because this is a very handy tool!

greetz,

Bart

General Joined: Mar 22, 2003 Posts: 5233 Location: USA

A simpler fix is to change this line

Code:

if(!$result) {

to

Code:

if(!sql_num_rows($result)) {

.

Posted: Sun Jan 04, 2004 7:53 am

I knew there had to be something more simple. I am not a php guru! Smile

Thanks for that one.

Maybe you can help me with my current problem:
http://www.nukecops.com/postlite18261-.html

Smile

Private Joined: Jan 07, 2004 Posts: 45

I just used the one line fix and it works beautifully.
Thanx for Sharing
Miss Vicky

Captain Joined: Oct 20, 2003 Posts: 335

Raven to rescue (again).

I think we ought to compile a list of Ravens fixes.

Posted: Wed Jan 07, 2004 5:12 pm

Well I can say I tried! Very Happy

Posted: Sat Jan 10, 2004 9:44 am

I just created a new Fix for the Your_Account Registration function of the Your_Account module...

chican0 wrote:

If you have a web server where you have catch-all emails setup, You may find this modification (bug fix) useful.

What this fix does it adds a check email address function to the New User Registration of your PhpNuke website.

Examples of the problems:

- User registers with an invalid email address such as www.user@domain.com, user@www.domain.com,, user@(your nuke site.com)
phpNuke will let the user that his/her registration is completed and to look for a confirmation email coming to them soon. Meanwhile, your mail system to return an invalid email to your catch-all account and the user will be wondering where thier confirmation email is.

Apply this fix and the user is returned a specific error message based on thier invalid formatted email address.

You can find it at http://nukecops.com/postp85180.html

Posted: Sat Feb 21, 2004 7:15 am

just tried it, works a treat, thanks very much for that one Very Happy

Posted: Tue Jul 20, 2004 3:54 pm

Very welcome.