phpwcms Support Forum

Hello,

My password for both the db and the base phpwcms account are made of special chars including backslashes.
This is apparently not supported in the user input fields at the time of installation and login (tried on 1.1 and 1.2 DEV).

That would be so nice to fix this bug as I'm very concerned about secure passwords like those containing backslashes.

The only fix beside changing the php sources is to manually add the right password in conf files and db.

nbarraud wrote:to fix this bug

it's not an bug: it's php- and/or mysql-style
- some character have an spezial meaning - and PHP must be processing your input:
[\] - the next character is an control character
e.g.: you know \r or \n
['] or ["] - between this is an string
e.g.: "here comes an hallo"
[`] - between this is an command
e.g.: echo `pwd`;

Don't be it's not insecure, when you don't use this - use German/Swedish/Danish/... character

PW: {ä~xy9876µ²@._$%&Á®
------------------------------------------
No password is realy 100% secure - with or without backslashes ...

It's no php or mysql or whatever feature, it's about handling that type of character when processing user inputs. Some known php/mysql scripts handle this type of password correctly (like phpBB).

I guess it could be solved by adding some AddSlashes() function or whatever will do that particular job. I thought I would let the author know that some people are using such passwords so that he could handle this.

But changing my password to bypass this limitation will not solve it for sure

I found this:
#--[open]---
login.php
#---[find]---
$wcs_pass = slweg(trim($_POST['form_password']));

#---[replace with]---
$wcs_pass = trim($_POST['form_password']);


the Master kill the backslashes, if the sever-config will transmit (the spezial character above) escaped, means with additionally backslashes...
therewith the sql-statement will do, what you input (the spezial character above - not only backslashes )

mybe interesting: http://de3.php.net/manual/en/security.m ... es.why.php