Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-16605

SQL Registration errors do not trigger an error correctly

    XMLWordPrintable

    Details

      Description

      Let me start by saying this is not a common problem. It stems from an old phpBB installation where the user database table has been modified in someway, though there are likely other ways for it to be triggered.

      Any failed insert into the USERS_TABLE will not be logged and will not throw an error.

      Lets say for any reason the insert has failed. The $user_id that is returned will be (int) 0. The check in the ucp_register.php file looks for === false as an error, not == false (which would include 0). This means that a $user_id of 0, which is a failure, will not trigger a failure.

      The user will be displayed a successful registration screen AND receive an activation email (if enabled) where the $user_id is 0.

      Affected Files

      In functions_user.php (function user_add):

      $sql = 'INSERT INTO ' . USERS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary); $db->sql_query($sql);
       
      $user_id = $db->sql_nextid();
       
      ...
       
      return $user_id;

      In ucp_register.php (function main):

      // Register user... 
      $user_id = user_add($user_row, $cp_data);
       
      // This should not happen, because the required variables are listed above...
      if ($user_id === false) {
          trigger_error('NO_USER', E_USER_ERROR);
      }

       

      Proposed Solution

      Change the code in ucp_register.php to:

      if ($user_id == false) {
          trigger_error('NO_USER', E_USER_ERROR);
      }
      

      OR

      Add error checking to the SQL statement in the functions_user.php file.

       

        Attachments

          Activity

            People

            Assignee:
            Marc Marc
            Reporter:
            Ectoman AJ Quick
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: