1 (edited by Cursed1 2007-03-01 23:37)

Topic: Two users with usernames that look the same

Well im admin of a site and we have hand picked a few trusty members you know the drill.

Anyways there is this person that keeps registering and somehow he is able to make an exact copy of one of the trusted peoples username. For example say someone was named Jared on the site and he was in a trusted usergroup and everything and people trusted him with everything. Then this guy using some weird bug registers under the exact username Jared and scams people because they think hes the trusted one. I hope i explained this well can anyone tell me what this is?

Just to be sure it wasn't something messed up when a mod was installed i logged out and tried registering under a name already taken and it wouldn't let me so obviously hes using some kind of tool.

I also noticed when we ip ban him he is able to re-register under the same exact ip without proxying.

2

Re: Two users with usernames that look the same

Its actually quite simple. What he's doing is registering with with the numeric character reference. If you search the userlist here for *aul you will find two members called Paul. The imposter actually registered with

 & # 80;aul

Find your troublemakers username somewhere and then view source and you will see what he actually used to register with.

3 (edited by Cursed1 2007-03-01 23:52)

Re: Two users with usernames that look the same

Ah i get it..how do you fix this from them doing it though?

Re: Two users with usernames that look the same

I've updated the subject to more accurately reflect the issue

5

Re: Two users with usernames that look the same

in register.php find:
message($lang_prof_reg['Username BBCode']);
and after add

else if (strpos($username, '&') !== false && strpos($username, ';') !== false)
message('Disallowed entity reference in username');

That should do it. Good luck

6 (edited by Cursed1 2007-03-02 00:24)

Re: Two users with usernames that look the same

Leet thanks kossu