Bug Reports by hcs at 9:48 AM EDT on May 24, 2005
Please be so kind as to reply to this thread with any bug reports.
One I can think of that I'm going to fix right now is the creation of a thread with a blank subject... there'd be no link to click on.
Also I don't perform any checking to see if you're actually trying to reply to a thread that exists.

Minior issues...
by PdZ at 11:45 PM EDT on May 31, 2005
I Think, its nor really necessary to tell it but.. look at Kojis Last Thread...

I dont think, that this is normal ^^
by CaitSith2 at 1:15 AM EDT on June 1, 2005
Nor is my thread, with the image tag embedded.
Seems to work here as well. by CaitSith2 at 1:21 AM EDT on June 1, 2005
test #2
Should be bold.Test #4 by CaitSith2 at 1:26 AM EDT on June 1, 2005
Should be bold.Test #4 by CaitSith2 at 1:27 AM EDT on June 1, 2005
sd
by Anonymous at 4:50 AM EDT on June 1, 2005
by hcs at 3:02 PM EDT on June 1, 2005
now while I don't specifically consider that to be a bug it is readily abusable...
fine, I'll disable tags in subjects
by hcs at 3:04 PM EDT on June 1, 2005
Which also means I'll be clearing out all your random acts of exploitation.
ミスタードリラー by hcs at 3:09 PM EDT on June 1, 2005
[url=http://www.google.com]ミスタードリラー[/url] by hcs at 3:11 PM EDT on June 1, 2005



by hcs at 3:30 PM EDT on June 1, 2005
There, are we happy now?

I also went and finally put in the "no blank thread subject" check. Yes, it also checks for subjects consisting of only spaces, and you can't use a nonbreaking space (even numerically specified) because I've disabled even the numeric entity processing for subjects.
ミスタードリラー by hcs at 3:34 PM EDT on June 1, 2005
so no Japanese in subjects
by hcs at 3:41 PM EDT on June 1, 2005
Here's the source if you want to look through it:
source
the only thing I changed was the user name and password.
by unknownfile at 4:43 PM EDT on June 1, 2005
I am thinking of using this for my forums.

However, it sez:

Table 'unknownforums.board' doesn't exist

Ack?
by hcs at 5:32 PM EDT on June 1, 2005
You'll have to create the table, bucko.

CREATE TABLE `board` (
`idx` int(11) NOT NULL auto_increment,
`postedtime` datetime NOT NULL default '0000-00-00 00:00:00',
`lasttime` datetime NOT NULL default '0000-00-00 00:00:00',
`author` int(11) NOT NULL default '0',
`replyto` int(11) NOT NULL default '0',
`subject` varchar(255) NOT NULL default '',
`message` text NOT NULL,
`ip` varchar(15) NOT NULL default '',
KEY `idx` (`idx`)
)

you'll need a table for users, too:

CREATE TABLE `users` (
`idx` int(11) NOT NULL auto_increment,
`joined` datetime NOT NULL default '0000-00-00 00:00:00',
`uname` varchar(31) NOT NULL default '',
`pass` varchar(31) NOT NULL default '',
KEY `idx` (`idx`)
)
by Koji at 9:20 PM EDT on June 1, 2005
"I Think, its nor really necessary to tell it but.. look at Kojis Last Thread..."

Yes, it was on purpose once I saw that hcs made tags available on subjects. It was just to point it out. In a somewhat funny way too. ;)
by unknownfile at 10:56 AM EDT on June 2, 2005
Donez0r.

http://petersconway.dynu.com/forum.php

Also, let it be noted that my main page has been converted to php.
New user creation bug by hcs at 3:00 AM EDT on July 2, 2005
Er, sorry to any and everyone who tried to join over the last week or so, I made a minor change to the database without thinking of how it would affect the forum, it caused the user creation process to fail silently. Everything should be up and running again, and I'll add a check to the registration code to make sure it actually *works*.
by Mouser X at 8:45 PM EDT on August 17, 2005
Okay, based on what I can see, the most recent message in this thread (other than my own) is from HCS back in July, but the main page says that one has been added here today (again, other than my own). I don't see it. Was it deleted, but the thread still received its "update" information? I'm just curious to know what it is I'm missing. Mouser X over and out.

edited 12:46 AM EDT August 18, 2005
by hcs at 9:06 PM EDT on August 17, 2005
Correct, I had added some test posts to this thread but I deleted them. The first post in the thread contains the last updated value for the whole thread and I didn't set that back.
Test by Richter X at 10:11 PM EDT on September 26, 2007
Test
Cool, about 5 years from last comment ;-D by NewUserInTheForum at 1:53 AM EDT on September 5, 2012
BTW, VGMStream reaches the 1000th revision!
Keep up the good work!

edited 3:00 AM EDT September 5, 2012
by Josh W at 5:36 AM EDT on September 5, 2012
by NewUserInTheForum at 2:01 AM EDT on September 6, 2012
by henke37 at 3:37 PM EDT on October 3, 2012

You did check for odd protocols in image urls right?

edited 3:40 PM EDT October 3, 2012
by hcs at 7:24 PM EDT on October 3, 2012
No. Does that actually work in some browsers?
by Elven Spellmaker at 3:59 AM EDT on October 4, 2012
Doesn't work in IE10.
by Toad King at 5:06 PM EDT on October 4, 2012
It shouldn't work in any modern browser at least.
WTF? by NewUserInTheForum at 9:02 AM EST on November 27, 2012
Well, I'll answer your stupid comments...

henke37: You did check for odd protocols in image urls right?

If you think the HTTPS protocol is odd, then you should consider y'self a noob, sorry. It's the standard for secure HTTP connections. Go search Wikipedia if you don't know what the HTTP protocol is.

Toad King: It shouldn't work in any modern browser at least.

The HTTPS protocol appears on almost any webpage that uses sensitive information, like logins, personal data, etc. so it needs to be supported on all web browsers. And, of course, secured and non-secured webpages can access secured resources, like images, too.

Elven Spellmaker: Doesn't work in IE10.

Maybe, as a security feature, IE10 disallows access to secure HTTPS content using a non-secure webpage, which may be correct in some situations, I guess.

hcs: No. Does that actually work in some browsers?

I personally use Google Chrome for browsing, the image gets correctly displayed for me...

So, don't blame me if your browser/OS/whatever sucks!
by fridgey at 1:22 PM EST on November 27, 2012
Was that... a joke? Or did you really just snarkily answer a bunch of questions you mistakenly thought were directed at you but actually had nothing whatsoever to do with you?
by NewUserInTheForum at 6:05 AM EST on November 29, 2012
Well, I'm confused now. If your comment is right, sorry then, although I guess someone else needs to clarify this...

edited 2:28 PM EST November 29, 2012
by Lunar at 7:17 AM EST on November 29, 2012
Please, read carefully the date of the last post before bumping a thread for no real reason.

??????????

:)
by fridgey at 11:54 AM EST on November 29, 2012
Yeah, except they WEREN'T directed at your image. They were directed at the dumb javascript trick henke37 tried to pull right before asking the question. Congrats on your enlightened use of tls though, we were all very impressed.
by hcs at 4:24 PM EDT on August 16, 2016
Nisto sez:
may I ask you to fix the bug where the authentication fails if you are logged out and are trying to make a post while also logging in (filling out the username and password fields along with a message)?

I don't understand what bug you mean. You can either post while logged in (in which case the user name and password fields are just text instead of form fields) or you can post with your user name and password, which just posts without logging you in.

by Nisto at 4:47 PM EDT on August 16, 2016
Well, see, I tried the latter, but when I hit "submit" it just said "authentication failed" on a blank page, even though I'm sure I entered my correct name and password. It has happened more than a couple of times now.
by hcs at 6:26 PM EDT on August 16, 2016
Weird. Can you check if maybe you have some old login cookies sitting around? Authentication is supposed to use the user name/password before checking the cookie, though, so I don't know why it would work that way.

I know the post-without-logging-in thing works in general, it's usually the way I use the forum.

edited 6:28 PM EDT August 16, 2016
by Nisto at 7:23 PM EDT on August 16, 2016
Nope, none. In fact, I'm on a fresh OS install. I also tested it again on a new, clean browser profile as well, in case an add-on was responsible in some way. Is the forum source linked at the bottom the actual production code? I had a look myself and honestly don't see why it would fail either (other than perhaps that I would use quoted array keys, heh).
by hcs at 8:52 PM EDT on August 16, 2016
Yeah, that's the code. It's never been rewritten, so it's a tremendous mess.

What browser? If you create a new user does it do the same?
by Nisto at 9:07 PM EDT on August 16, 2016
Like I already said, I tried it on a new browser profile (if that's what you meant by "new user"? or did you want me to create a new forum user account?) I've also tried it on another browser (Chrome instead of Firefox).

edited 9:10 PM EDT August 16, 2016
by hcs at 9:21 PM EDT on August 16, 2016
Yeah, try a new user, just to see if it's something with your account.

edited 9:22 PM EDT August 16, 2016
by NistoTest at 10:34 PM EDT on August 16, 2016
Well, looks like that worked.
by hcs at 11:02 PM EDT on August 16, 2016
Hmm...

Is your password by any chance longer than 31 characters? I noticed that the login form limits it to 31 chars, as do most of the forms besides the one for submitting a post or thread.

Whether it is or not, maybe you could try changing it, on the chance that it is sticking things up somehow? Again no good reason, I'm calling password_verify pretty much the same way on both paths...

edited 11:06 PM EDT August 16, 2016
by Nisto at 11:05 PM EDT on August 16, 2016
Ah, yep, that's probably it then. It's one right above that..
by hcs at 11:08 PM EDT on August 16, 2016
Aha! Silly that, nothing should have the 31 limit, I think; I just shouldn't bother limiting password length to the size of the fixed width field since I'm storing the hash in the db now instead of just storing it in plaintext like I did for a decade.

But if I lift the limit everywhere, then anyone else in your situation isn't going to be able to log in anymore (unless they manually leave off the chars). More consistent would be to "enforce" the same limit everywhere; as the new user and password change forms already have that limit, that's the password the forum already expects.

edited 11:16 PM EDT August 16, 2016
by Nisto at 11:16 PM EDT on August 16, 2016
It is a good idea to have some limit though, it seems. Strings longer than 72 characters for bcrypt hashes will be truncated, according to the PHP docs.
by hcs at 11:17 PM EDT on August 16, 2016
But all I care about it being able to compute the same hash, so it doesn't matter.

edited 11:25 PM EDT August 16, 2016
by Nisto at 10:45 AM EDT on October 11, 2017
I bumped into an authentication bug that at least affects posting and editing stuff. This is how it can be reproduced:

- Log in using any browser
- Log in using a different browser, without logging out from the first browser
- Try to make a post with the first browser

I looked at the source code and it seems the authentication fails because the login token is updated in the database while the token in the cookies remains different between the browsers, so only the most recent login works properly. You should probably have a user_tokens table or something. (I can see the concerns with that approach myself, though.)


Go to Page 0

Search this thread

Show all threads

Reply to this thread:

User Name Tags:

bold: [b]bold[/b]
italics: [i]italics[/i]
emphasis: [em]emphasis[/em]
underline: [u]underline[/u]
small: [small]small[/small]
Link: [url=http://www.google.com]Link[/url]

[img=https://www.hcs64.com/images/mm1.png]
Password
Subject
Message

HCS Forum Index
Halley's Comet Software
forum source