 |
|
Re:registration session expired and/or cookies are
|
|
Date: 2007/03/20 17:39
|
By: Raj
|
Status: 
|
|
|
Karma: 28
|
|
Gold Joomlapolitan
| Posts: 397 |   |
|
|
I commented out cbRegAntiSpamCheck() and was able to leave the registration screen open for an hour and still successfully register a test user. Here's some info:
PHP built On: Linux web1.nodid.net 2.6.9-42.0.8.ELsmp #1 SMP Tue Jan 23 13:01:26 EST 2007 i686
Database Version: 4.1.20
PHP Version: 4.3.9
Web Server: Apache/2.0.52 (CentOS)
WebServer to PHP interface: apache2handler
Joomla! Version: Joomla! 1.0.12 Stable [ Sunfire ] 25 December 2006 01:00 UTC
Post edited by: Raj, at: 2007/03/20 17:40
|
|
The administrator has disabled public write access. |
|
 |
|
Re:registration session expired and/or cookies are
|
|
Date: 2007/03/20 23:02
|
By: joomlaz
|
Status: User
|
|
|
Karma: 3
|
|
Fresh Joomlapolitan
| Posts: 22 | |
|
|
@all
The problem is related to the Harding Patch for PHP.
The following 2 parameters have to be increased in your php.ini (defaults are 64):
hphp.post.max_name_length = 150;
hphp.request.max_varname_length = 150;
You will have to contact your provider, if you don't have access to your php.ini file.
Or you can place a (complete) php.ini file all of your directories.
Take a look in Joomla! Backend in menu System > System Info > [PHP Info] and check out your actual values (Section: Hardening-Patch's variable filter support).
Hope this helps. My provider changed the values above and everything works now. There was no change of CB needed.
JoomlaZ
www.zechmann.com
|
|
|
The administrator has disabled public write access. |
|
|
|
|
Re:registration session expired and/or cookies are
|
|
Date: 2007/04/08 09:21
|
By: nightlord
|
Status: User
|
|
|
Karma: 0
|
|
Fresh Joomlapolitan
| Posts: 1 | |
|
|
Hi,
i got something figured out to solve the problem for users who are not able to edit the values in the php.ini.
I read about the problem, that was based on the length of the values been posted. Therefore i searched for the spoof functions an edited them in a way i think should do better than commenting them out. I finally found it in the "comprofiler.class.php" on line 1925. There are two functions "cbGetSpoofInputTag", which defines the spoof protection word, and the "cbSpoofCheck", which checks if the user has posted some valid value.
Now the "only" think you have to do is change the word being posted by the "cbGetSpoofInputTag" and the word being received by the "cbSpoofCheck" into a word that is short enought to fit with your server settings.
I did replace the | Code: |
$validate = 'cbj' . md5( $mainframe->getCfg('secret')) . md5( $mainframe->getCfg( 'db' ) . date( 'dmY' ) );
|
by a shorter one like
| Code: |
$validate = 'cbj' . md5( $mainframe->getCfg('secret').$mainframe->getCfg( 'db' ).date( 'dmY' ) );
|
For me it works fine.
EDIT: You can find the file "comprofiler.class.php" in the "administratorcomponentscom_comprofiler" directory
Ahh and a big thx to this amazing tool 
Post edited by: nightlord, at: 2007/04/08 09:22
Post edited by: nightlord, at: 2007/04/08 09:25
|
|
|
The administrator has disabled public write access. |
|
|
|
|
Re:registration session expired and/or cookies are
|
|
Date: 2007/04/19 10:17
|
By: Janner
|
Status: User
|
|
|
Karma: 0
|
|
Fresh Joomlapolitan
| Posts: 1 | |
|
|
nightlord wrote:
Hi,
I did replace the | Code: |
$validate = 'cbj' . md5( $mainframe->getCfg('secret')) . md5( $mainframe->getCfg( 'db' ) . date( 'dmY' ) );
|
by a shorter one like
| Code: |
$validate = 'cbj' . md5( $mainframe->getCfg('secret').$mainframe->getCfg( 'db' ).date( 'dmY' ) );
|
For me it works fine.
Worked fine for me too ... thanks for posting the info 
|
|
|
The administrator has disabled public write access. |
|
 |
|
[SOLV]:registration session expired and/or cookies
|
|
Date: 2007/04/26 23:29
|
By: beat
|
Status: Admin
|
|
|
Karma: 244
|
|
Admin
| Posts: 4066 | |
|
|
Ok, could finally - finally - reproduce it with an older Joomla version (1.0.10 or 1.0.11). At that time, joomla mosGetParam() function had a bug and was wrongly typing to int any numeric value even if default value was a string.
So the official fix is following:
in administrator/components/com_comprofiler/comprofiler.class.php search function cbRegAntiSpamCheck:
| Code: |
function cbRegAntiSpamCheck() {
for($i = 0; $i < 2; $i++) {
$validate = cbGetRegAntiSpams( $i );
$validateValuePost = mosGetParam( $_POST, $validate[0], 0 );
$validateValueCookie = mosGetParam( $_COOKIE, "cbrvs" );
if ( ( $validateValuePost === "1" ) && ( $validateValueCookie === $validate[1] ) ) {
break;
}
}
if ( $i == 2 ) {
header( 'HTTP/1.0 403 Forbidden' );
echo "<script>alert('Registration session expired and/or cookies are not enabled in your browser.');
window.history.go(-1);</script> \n";
exit;
}
}
|
and change the to
yes, just remove one equal sign from the first group of 3 ===, making them 2 == .
So it becomes:
| Code: |
function cbRegAntiSpamCheck() {
for($i = 0; $i < 2; $i++) {
$validate = cbGetRegAntiSpams( $i );
$validateValuePost = mosGetParam( $_POST, $validate[0], 0 );
$validateValueCookie = mosGetParam( $_COOKIE, "cbrvs" );
if ( ( $validateValuePost == "1" ) && ( $validateValueCookie === $validate[1] ) ) {
break;
}
}
if ( $i == 2 ) {
header( 'HTTP/1.0 403 Forbidden' );
echo "<script>alert('Registration session expired and/or cookies are not enabled in your browser.');
window.history.go(-1);</script> \n";
exit;
}
}
|
This relaxes the typecheck, without loosening security in this case. The second comparison is a string in all cases, so it's ok.
Please let us know if it works for you, as it will be fixed in upcomming cb release (together with the other problem of hardened php limitations).
Sorry for quite late reply, but let's try to fix that nasty one within next week.
Post edited by: beat, at: 2007/04/26 23:29
Post edited by: beat, at: 2007/04/26 23:30
Beat - Developer on Community Builder core Team
- If you like CB and this forum, you will love Nick's CB 1.1 reference manual ! : Click here to Get it now
- Would like to help us move faster ? Get it, and/or help us spend more time coding by helping others in this forum, many thanks
|
|
|
The administrator has disabled public write access. |
|
|
