Hello,
My password for both the db and the base phpwcms account are made of special chars including backslashes.
This is apparently not supported in the user input fields at the time of installation and login (tried on 1.1 and 1.2 DEV).
That would be so nice to fix this bug as I'm very concerned about secure passwords like those containing backslashes.
The only fix beside changing the php sources is to manually add the right password in conf files and db.
Backslashes in fields (especially passwords) not supported
Re: Backslashes in fields (especially passwords) not support
it's not an bug: it's php- and/or mysql-stylenbarraud wrote:to fix this bug
- some character have an spezial meaning - and PHP must be processing your input:
[\] - the next character is an control character
e.g.: you know \r or \n
['] or ["] - between this is an string
e.g.: "here comes an hallo"
[`] - between this is an command
e.g.: echo `pwd`;
Don't be
it's not insecure, when you don't use this - use German/Swedish/Danish/... character 
PW: {ä~xy9876µ²@._$%&Á®
------------------------------------------
No password is realy 100% secure - with or without backslashes ...
Erfahrung ist das, was man besitzt, kurz nach dem es gebraucht wurde.
Warning: I have no foggiest idea of English/German, but I do
-ha{p}{p}y day/night/dia/noche-
Warning: I have no foggiest idea of English/German, but I do
-ha{p}{p}y day/night/dia/noche-
It's no php or mysql or whatever feature, it's about handling that type of character when processing user inputs. Some known php/mysql scripts handle this type of password correctly (like phpBB).
I guess it could be solved by adding some AddSlashes() function or whatever will do that particular job. I thought I would let the author know that some people are using such passwords so that he could handle this.
But changing my password to bypass this limitation will not solve it for sure
I guess it could be solved by adding some AddSlashes() function or whatever will do that particular job. I thought I would let the author know that some people are using such passwords so that he could handle this.
But changing my password to bypass this limitation will not solve it for sure
Re
I found this:
#--[open]---
login.php
#---[find]---
$wcs_pass = slweg(trim($_POST['form_password']));
#---[replace with]---
$wcs_pass = trim($_POST['form_password']);
the Master kill the backslashes, if the sever-config will transmit (the spezial character above) escaped, means with additionally backslashes...
therewith the sql-statement will do, what you input (the spezial character above - not only backslashes
)
mybe interesting: http://de3.php.net/manual/en/security.m ... es.why.php
#--[open]---
login.php
#---[find]---
$wcs_pass = slweg(trim($_POST['form_password']));
#---[replace with]---
$wcs_pass = trim($_POST['form_password']);
the Master kill the backslashes, if the sever-config will transmit (the spezial character above) escaped, means with additionally backslashes...
therewith the sql-statement will do, what you input (the spezial character above - not only backslashes
) mybe interesting: http://de3.php.net/manual/en/security.m ... es.why.php
Erfahrung ist das, was man besitzt, kurz nach dem es gebraucht wurde.
Warning: I have no foggiest idea of English/German, but I do
-ha{p}{p}y day/night/dia/noche-
Warning: I have no foggiest idea of English/German, but I do
-ha{p}{p}y day/night/dia/noche-