2009-01-28, 10:37 AM
Hello,
recently i stumbled upon a strange code part in newreply.php. I am not sure if this a bug or if i simply don't get the logic...
First let me explain:
Yesterday we started a "release party" for the new KDE 4.2 release on forum.kde.org
For that, we decided to let congratulations in from every user who whishes to, no registration needed, only captcha and moderation. At least for this day
Then we got reports that submitting an entry with the "new reply" button doesn't work like expected (quick reply field works like a charm).
You need to fill in a username (guest as default) and a password. Leaving the pw field empty throws an usernametaken error. Looking at the code i have this:
And that's where it doesn't make much sense to me. I mean, it was expected behaviour to allow posts without being registered and having a valid pw.
So why this error check here?
recently i stumbled upon a strange code part in newreply.php. I am not sure if this a bug or if i simply don't get the logic...
First let me explain:
Yesterday we started a "release party" for the new KDE 4.2 release on forum.kde.org
For that, we decided to let congratulations in from every user who whishes to, no registration needed, only captcha and moderation. At least for this day
Then we got reports that submitting an entry with the "new reply" button doesn't work like expected (quick reply field works like a charm).
You need to fill in a username (guest as default) and a password. Leaving the pw field empty throws an usernametaken error. Looking at the code i have this:
if($mybb->input['action'] == "do_newreply" && $mybb->request_method == "post")
{
// Verify incoming POST request
verify_post_check($mybb->input['my_post_key']);
$plugins->run_hooks("newreply_do_newreply_start");
// If this isn't a logged in user, then we need to do some special validation.
if($mybb->user['uid'] == 0)
{
$username = htmlspecialchars_uni($mybb->input['username']);
// Check if username exists.
if(username_exists($mybb->input['username']))
{
// If it does and no password is given throw back "username is taken"
if(!$mybb->input['password'])
{
error($lang->error_usernametaken);
}
And that's where it doesn't make much sense to me. I mean, it was expected behaviour to allow posts without being registered and having a valid pw.
So why this error check here?