< in Passwords

**Brandin** · 07-03-2017, 06:33 PM

Hello!

I have found out that

Code:
<

special character in the password fields on the registration form does not work...thoughts? I haven't tried

Code:
>

but need this fixed ASAP for a user.

Thank you!

karsen · 07-09-2017, 07:28 PM

Hey Brandin, I think I have the answer (I've been unable to post for several days, sorry for a late reply!). The password that is sent to the validation script in login.php has been sanitized by Input::get(), which in turn calls Input: Confused

anitize and calls htmlentities. The < has been converted to < in the password string.

This is the offending line in login.php:

Code:
$login = $user->loginEmail(Input::get('username'), trim(Input::get('password')), $remember);

To get around this with minimal code changes, you could modify the Input class call to this:

Code:
public static function get($item, $bypassSanitize = false) {

and later in the function when sanitizing the get/post arrays or single items, run an if ($bypassSanitize === true) before the sanitizing code. Then, in login.php you'd simply change the line to this:

Code:
$login = $user->loginEmail(Input::get('username'), trim(Input::get('password', true)), $remember);

**Brandin** · 07-12-2017, 11:30 AM

Thank you @Karen, I will play with this and let you know the result!

**mudmin** · 07-12-2017, 12:26 PM

Yep. I totally forgot about that.

**Brandin** · 07-13-2017, 10:05 PM

@Karsen / @Mudmin

Where should I be running the

Code:
if ($bypassSanitize === true)

and should I be putting anything in the if statement or no? Sorry trying to catch this but I'm not.

Thank you!

karsen · 07-15-2017, 04:27 PM

Sorry, I knew I should have pasted all the code! I also saw a flaw in the logic I gave you. I've modified my own class though so I've gone back to the original US version; it'll be untested but should hopefully work without errors:

Code:
public static function get($item, $bypassSanitize = false){

Code:
if (isset($_POST[$item])) {

Code:
/*

Code:
If the $_POST item is an array, process each item independently, and return array of sanitized items.

Code:
*/

Code:
if (is_array($_POST[$item])){

Code:
$postItems=array();

Code:
foreach ($_POST[$item] as $postItem){

Code:
if (!$bypassSanitize) $postItem = self::sanitize($postItem);

Code:
$postItems[] = $postItem;

Code:
}

Code:
return $postItems;

Code:
}else{

Code:
if (!$bypassSanitize) $postItem = self::sanitize($_POST[$item]);

Code:
return $postItem;

Code:
}

Code:
} elseif(isset($_GET[$item])){

Code:
/*

Code:
If the $_GET item is an array, process each item independently, and return array of sanitized items.

Code:
*/

Code:
if (is_array($_GET[$item])){

Code:
$getItems=array();

Code:
foreach ($_GET[$item] as $getItem){

Code:
if (!$bypassSanitize) $getItem = self::sanitize($getItem);

Code:
$getItems[] = $getItem;

Code:
}

Code:
return $getItems;

Code:
}else{

Code:
if (!$bypassSanitize) $getItem = self::sanitize($_GET[$item]);

Code:
return $getItem;

Code:
}

Code:
}

Code:
return '';

Code:
}

**Brandin** · 07-16-2017, 06:10 PM

Hey guys,

So I went ahead and got into the process of deploying this and I left out one big thing: I noticed this on join.php - not login.php.

Although I am sure this will work with login.php - I can't even get my users registered if they want to put a < in their password because it fails on the registration form.

Where do I modify the code on this? I'm not finding any trim sadly Sad

It's saying the two passwords are not matching - so I am really not sure where the offense is coming.

Thank you!

karsen · 07-16-2017, 08:34 PM

Ah, I see in your original post that you said registration, not login! Apologies for that, I lost you some time.

The reason the passwords don't match is because in the "matches" validation rule, the ingoing value ($_POST['confirm']) is sanitized while the value it matches ($_POST['password']) is not. Change this line in 'classes/Validation/php' (at or around line 54):

Code:
case 'matches':

Code:
if ($value != $source[$rule_value]) {

to:

Code:
case 'matches':

Code:
if ($value != sanitize($source[$rule_value])) {

Also, don't forget to bypass sanitizing of the password you send to the User->create() method on join.php line 182, using the modification we made to the Input class before:

Code:
password_hash(Input::get('password'), PASSWORD_BCRYPT, array('cost' => 12)),

to

Code:
password_hash(Input::get('password', true), PASSWORD_BCRYPT, array('cost' => 12)),

Let me know if this works, I can't test it myself right now unfortunately.

**Brandin** · 07-18-2017, 12:15 PM

YOU ARE AH-MAZING.

This is perfect!

Plug and play!

For your reference @mudmin, ~line 77 is the change on login.php.

I cannot thank you enough Karsen!

**Brandin** · 07-18-2017, 12:18 PM

Well - almost there lol!

I broke all my other logins now lmao:

Notice: Undefined variable: postItem in /home/aircentralized/public_html/mydash/users/classes/Input.php on line 50

Looks like its an issue with this line:

Code:
if (!$bypassSanitize) $postItem = self::sanitize($_POST[$item]);

Code:
return $postItem;

In the first if in the Input class. Thoughts?

Login




Remember me Lost Password?