MyBB Community Forums

Found an exploit in your function as well as a problem that might prevent it working for some.

function ajax_cr_action()
{
    global $mybb, $db;
    if ($mybb->input['action'] == 'CheckUsername') {
    $query = $db->query("SELECT username FROM `".TABLE_PREFIX."users` WHERE `username` = '" . $db->escape_string($_GET['user']) . "'");
    $count = $db->num_rows($query); 
    if ($count > 0) { 
        $return_value = $_GET['user'] . ",Invalid"; 
    } else {
        $return_value = $_GET['user'] . ",Working";
    }
    echo $return_value;
}
}

Use that in the plugin file instead of the current function there.

labrocca Wrote:Found an exploit in your function as well as a problem that might prevent it working for some.

function ajax_cr_action()
{
    global $mybb, $db;
    if ($mybb->input['action'] == 'CheckUsername') {
    $query = $db->query("SELECT username FROM `".TABLE_PREFIX."users` WHERE `username` = '" . $db->escape_string($_GET['user']) . "'");
    $count = $db->num_rows($query); 
    if ($count > 0) { 
        $return_value = $_GET['user'] . ",Invalid"; 
    } else {
        $return_value = $_GET['user'] . ",Working";
    }
    echo $return_value;
}
}

Use that in the plugin file instead of the current function there.

Still doesn't work...

abi birde bu eklenti db bağlantılı olsa ve kullanıcı adını gerçekten kontrol etse daha iyi olur ya böyle sadece öyle yazım kontrolü oluyor

Updated. Please download the new package that in the first post and use it.

Hey cool plugin bro, does this works for myBB 1.2.x ?

Does this support the latest 1.4.8?

(2009-07-19, 03:58 AM)Prudens Wrote: [ -> ]Does this support the latest 1.4.8?

MyBB 1.4 include this.

Is that a yes or no?

You don't need this. As of 1.4x series of mybb the registration is already ajax. This plugin is useless.

Yea I just realized that lol. Btw it doesn't work. Username gets screwed up. Don't use it if you have 1.4.8.


Thanks!