Jump to content

minor spamcop forum registration glitch


mMerlin

Recommended Posts

I have tried searching to forum for anything related, but all combinations of search terms I can think of just give me a whole lot of references to reporting of spam <_< . I also took a few hours to read the announcements, pinned/sticky posts and faq info :blink: . This seems to be the least unreasonable place to report this.

I am a new registered user of the forum. During the registration process, I filled in the password fields using a 32 character tool generated password. The submit kept failing saying there was a problem with the password fields. Deleting the final character of the password got the submit to work. The password section *had* a green checkmark, supposedly showing that everything was OK, but on submit it turned red with error message again.

Context: Windows 7 64 bit, Firefox Nightly 18.0a1 (2010-09-23)

It appears that: [one of]

  • the 3 to 32 character limit shown in the popup should be 3 to 31
  • the underlying form processing code is truncating [only] one of the password fields [causing a mismatch]
  • some characters are not allowed in the password, and the ">" that happened to be the final character caused problems

Link to comment
Share on other sites

I have tried searching to forum for anything related, but all combinations of search terms I can think of just give me a whole lot of references to reporting of spam <_< . I also took a few hours to read the announcements, pinned/sticky posts and faq info :blink: . This seems to be the least unreasonable place to report this.

<snip>

...Wow, thank you, we (well, I -- tinw [there is no "we"]) appreciate all that work! I would have given up after a few minutes; I would not have blamed you if you had done the same. It is little surprise (to me, as a long-time Forum member) that you found nothing in your search -- I can't recall a problem with Forum registration anything like this ever having been reported. And, FWIW, I agree with your choice of Forum to use for your post.

...As for your specific problem, hopefully our "acting" Forum admin, Steve (Farelf), will drop by as he normally does daily, and look into this. As he is in Australia, that might be overnight (assuming you, like me, are in the Western hemisphere).

Link to comment
Share on other sites

Thanks guys. Interesting, I could find nothing about this in the admin notes. All this stuff is "deep down" in the forum code, well out of my reach which is undoubtedly just as well. :D

However, investigation indicates that 32 characters ARE allowed on registration BUT it appears those are limited to alpha-numerics. I didn't test that rigorously but in each test with a non A-N I got the "The password section is incomplete" when trying to submit the registration despite, as mMerlin observes, the "green tick" while filling out the form (after confirming the entered password).

What I next found was, after registration, the "Password Change" under "My Controls" will accept those same non A-N characters - and log-in with the altered password is, needless to say, successful. The second-last password successfully tried for (banned) member Farelf2 was T~vbds9#p{L.+W9O 4uCfu4p-2Z(Gf*> (which includes a blank).

What I can do and have done is add an item under the Forum "Help" link (on each page, below the Reporting Server Status graphic):

Forum passwords

Character set restrictions for Forum passwords

Hopefully that

  • is true (NOT rigorously tested or verified with Invision PB)
  • explains the restriction applying to the registration stage

I'm sure there's a rational explanation somewhere - different character sets or provision for same, maybe? mMerlin may be the first member EVER to try a *really* strong password in these forums. If so, I share the shame of the rest of the more lackadaisical league. :blush:

Link to comment
Share on other sites

[at]turetzsr I needed to go over most of that anyway, if I was planning on doing other posts. I just found it very difficult [in the searches] to separate problems with the web site versus problems doing reporting.

[at]Farelf

To add to your mix of symptoms, the successful 31 character password contains several non A-N characters, so that only seems to be a limit when using the full 32.

One possibility is that the password gets URLencoded as some point, THEN checked against the 32 character limit. Only specific characters would cause the string size to expand when encoding, and the ">" is one, which would normally be replaced with ">"

In fact it might only be a problem when the 'special' character is at the end, where the encoded version would then end with a "&" (&) character, causing processing to choke on the now incomplete 'entity' [after truncation to 32 characters]

As far as using a *really* strong password goes, that is the point of having a *good* password management system. :D

Link to comment
Share on other sites

...

To add to your mix of symptoms, the successful 31 character password contains several non A-N characters, so that only seems to be a limit when using the full 32. ...

Thanks for that - help file qualified accordingly, in a minimal sort of way since there are still "unknowns". I now wonder if some of the higher-level characters like ¢ £ ¥ ﺵ etc. (Unicode) might be allowable as well? Probably easier to research the Invision PB documentation, whatever of that is public. Will have to wait for another time. Or maybe another member "here" knows already? Thanks again mMerlin.
Link to comment
Share on other sites

Yep, those are accepted - so that's upper ASCII and Unicode/UTF16 characters. Will revise the help file again (soon) - at a guess, I would say any "hashable" character will work in a Forum password change - ¡ʞɹoʍ ʇɥƃıɯ ʇxǝʇ pǝddılɟ uǝʌǝ ǝʞıl sʞool ʇı 'ʞɔǝɥ. Not so sure about initial password on registration - obviously there are differences between the cases with the full 32 character places not always available and "The password section is incomplete" message with the registrations.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...