AAC Gesior registration - Special Characters

Adorius Black · Jan 23, 2024

Hi. I am using gesior account and I am wonder if I can somehow allowed special characters for password on registration: I have whole form done with requiring one special character but when I click register i get this error:

PHP:

        if(!check_password($reg_password))
            $reg_form_errors[] = "Password contains illegal chars (a-z, A-Z and 0-9 only!) or lenght.";
    }

Can i Somewhere change it to accept these characters !@#$%^&* ? I guess removing this line from code will not do good things because people will able to use also .'~ etc. Anybody know where is hidden this piece of code where I can allow exacly my special characters !@#$%^&* ?

Solved:

system/load.compat.php

line: 174

PHP:

function check_password($pass)
{
    $pass = (string) $pass;
    $temp = strspn("$pass", "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890");
    if($temp != strlen($pass))
        return false;
    if(strlen($pass) > 40)
        return false;
    return true;
}

I hope it will not make any unexpectedly problems

highsanta · Jan 23, 2024

look for stuff like aAbBcCdDeEfF

Fjorda · Jan 23, 2024

Adorius Black said:
Hi. I am using gesior account and I am wonder if I can somehow allowed special characters for password on registration: I have whole form done with requiring one special character but when I click register i get this error:

PHP:

if(!check_password($reg_password)) $reg_form_errors[] = "Password contains illegal chars (a-z, A-Z and 0-9 only!) or lenght."; }

Can i Somewhere change it to accept these characters !@#$%^&* ? I guess removing this line from code will not do good things because people will able to use also .'~ etc. Anybody know where is hidden this piece of code where I can allow exacly my special characters !@#$%^&* ?

Solved:

line: 174

PHP:

function check_password($pass) { $pass = (string) $pass; $temp = strspn("$pass", "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890"); if($temp != strlen($pass)) return false; if(strlen($pass) > 40) return false; return true; }

I hope it will not make any unexpectedly problems

PHP:

$temp = strspn("$pass", "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890!@#$%^&*?");

Adorius Black · Jan 24, 2024

Fjorda said:

I wrote that its Solved. but anyway Thank you

Fjorda · Jan 24, 2024

Ah sorry, didn't see that, I just thought you wanted to know how to edit that function xD

highsanta · Jan 24, 2024

II mean ur asking for sql injection

Far as i kmow should be okay withou , ( )

Fjorda · Jan 24, 2024

highsanta said:
II mean ur asking for sql injection

Far as i kmow should be okay withou , ( )

This should be used for simple validation. If you want to protect yourself against injection, then you should be using prepared statements using mysqli or pdo, which you can pass in an array of variables, and they will prepare them for you.

Don't just escape the strings and use concatenated query strings, it's very ugly and old.

AAC Gesior registration - Special Characters

Adorius Black

Advanced OT User

highsanta

Advanced OT User

Fjorda

Advanced OT User

Adorius Black

Advanced OT User

Fjorda

Advanced OT User

highsanta

Advanced OT User

Fjorda

Advanced OT User

Similar threads