1 (edited by pradtf 2007-06-15 17:27)

Topic: new registration disabled unsuccessfully

i have set allow new registrations to NO.
i upgraded yesterday to 1.2.15.
but some how they are getting in anyway and i have to go and delete them manually.
they really aren't a problem  because they never post.

how can they register? i can't big_smile
they're showing up right in the postgresql database.

how can i stop these registrations?

i've read through several threads here regarding spambots - is that what i'm dealing with?
one of the ideas was to stop them via the time they are setting, but that seems like a temporary solution. captcha is a good idea if you want registrations, but i don't  so how do i stop it completely?

thanks in advance!

in friendship,
prad

Re: new registration disabled unsuccessfully

Hrmm, it seems register.php doesn't check if registration is enabled when processing the form at all... I'd see this as a bug actually.

3

Re: new registration disabled unsuccessfully

elbekko wrote:

Hrmm, it seems register.php doesn't check if registration is enabled when processing the form at all... I'd see this as a bug actually.

I may be missing the point of that sentence completely, but what then is this check in register.php?

if ($pun_config['o_regs_allow'] == '0')
{
        message($lang_register['No new regs']);
}

Re: new registration disabled unsuccessfully

Ack, sorry. Looked over that. I just didn't see it in the part where a user is being added =P

5 (edited by pradtf 2007-06-15 18:56)

Re: new registration disabled unsuccessfully

is it possible that

o_regs_allow = 0

in the config.php file only disables the registration form from showing up?

now if one were to parallel the registration uri directly, something like:
domain.com/register.php?name=me&email=me@whatever.com etc etc
thus simulating what would be sent by the registration form that the normal process would be circumvented?

in friendship,
prad

6

Re: new registration disabled unsuccessfully

elbekko wrote:

Ack, sorry. Looked over that. I just didn't see it in the part where a user is being added =P

big_smile big_smile You had me worried for a moment there. big_smile big_smile

Re: new registration disabled unsuccessfully

No, MattF is correct, it should stop the displaying of the whole page. Quite odd.

8

Re: new registration disabled unsuccessfully

pradtf wrote:

is it possible that

o_regs_allow = 0

in the config.php file only disables the registration form from showing up?

now if one were to parallel the registration uri directly, something like:
domain.com/register.php?name=me&email=me@whatever.com etc etc
thus simulating what would be sent by the registration form that the normal process would be circumvented?

Shouldn't be. Register.php is called to deal with whatever parameters are passed to it. Thereby, it will check the o_regs_allow setting before proceeding any further with it's processing on that demo above.

9

Re: new registration disabled unsuccessfully

Btw, is there anything in the server logs regarding these registrations that are getting through?

10

Re: new registration disabled unsuccessfully

MattF wrote:

Shouldn't be. Register.php is called to deal with whatever parameters are passed to it. Thereby, it will check the o_regs_allow setting before proceeding any further with it's processing on that demo above.

right! in fact, the action on the form is register.php (line 272):

<form id="register" method="post" action="register.php?action=register" onsubmit="this.register.disabled=true;if(process_form(this)){return true;}else{this.register.disabled=false;return false;}">

and if o_reg_allow is set to 0 you get message according to:

if ($pun_config['o_regs_allow'] == '0')
    message($lang_register['No new regs']);

end of story if you are using the normal form because you don't get to see the normal form.

however, the o_regs_allow appears only at the beginning of the file (line 43) and its purpose seems to be to print the message so people trying to register will go away. if you send info to register.php directly via the uri, won't the info go through regardless since you are actually sending information not requesting to input information because of

if (isset($_GET['cancel']))
    redirect('index.php', $lang_register['Reg cancel redirect']);
else if ($pun_config['o_rules'] == '1' && !isset($_GET['agree']) && !isset($_POST['form_sent']))
{ rest of file}

in other words, should the o_regs_allow be implemented this way perhaps:

if ($pun_config['o_regs_allow'] == '0') {
    message($lang_register['No new regs']);
        EXIT}
else {
        DO THE REST OF THE FORM
}

just a guess based on a quick look at the file and a limited understanding of php.

in friendship,
prad

11

Re: new registration disabled unsuccessfully

MattF wrote:

Btw, is there anything in the server logs regarding these registrations that are getting through?

didn't check, but they are showing up on the database.
i will check for it next time.
good idea!

in friendship,
prad

Re: new registration disabled unsuccessfully

No, the check is at the top of the page and should work just fine. Unless you've modified it, I believe the message function calls exit(); at the end.

13

Re: new registration disabled unsuccessfully

elbekko wrote:

No, the check is at the top of the page and should work just fine. Unless you've modified it, I believe the message function calls exit(); at the end.

register.php requires include/common.php which in turn requires include/functions.php

in the include/functions.php file there is the message function:

//
// Display a message
//
function message($message, $no_back_link = false)
{
    global $db, $lang_common, $pun_config, $pun_start, $tpl_main;

    if (!defined('PUN_HEADER'))
    {
        global $pun_user;

        $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_common['Info'];
        require PUN_ROOT.'header.php';
    }
?>

<div id="msg" class="block">
    <h2><span><?php echo $lang_common['Info'] ?></span></h2>
    <div class="box">
        <div class="inbox">
        <p><?php echo $message ?></p>
<?php if (!$no_back_link): ?>        <p><a href="javascript: history.go(-1)"><?php echo $lang_common['Go back'] ?></a></p>
<?php endif; ?>        </div>
    </div>
</div>
<?php

    require PUN_ROOT.'footer.php';
}

but this shouldn't call exit, should it?
because then it should do so for any message presumably?

now the require footer.php has

if (!defined('PUN'))
    exit;

which disallows running the script directly, but i don't think that has anything to do with exiting if message is run.

in friendship,
prad

14

Re: new registration disabled unsuccessfully

Once the message function gets called, message(), further processing of that script stops. (I found out the hard way). big_smile

Re: new registration disabled unsuccessfully

pradtf: Could you paste a copy of your register.php here?

16 (edited by pradtf 2007-06-15 21:09)

Re: new registration disabled unsuccessfully

Smartys wrote:

pradtf: Could you paste a copy of your register.php here?

certainly!
(i haven't changed anything since i really don't know enough php to feel confident in doing so.
this the same code as in 1.2.14 i think because i don't believe it got updated with 1.2.15 but i don't remember.)

<?php
/***********************************************************************

  Copyright (C) 2002-2005  Rickard Andersson (rickard@punbb.org)

  This file is part of PunBB.

  PunBB is free software; you can redistribute it and/or modify it
  under the terms of the GNU General Public License as published
  by the Free Software Foundation; either version 2 of the License,
  or (at your option) any later version.

  PunBB is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place, Suite 330, Boston,
  MA  02111-1307  USA

************************************************************************/


define('PUN_ROOT', './');
require PUN_ROOT.'include/common.php';


// If we are logged in, we shouldn't be here
if (!$pun_user['is_guest'])
{
    header('Location: index.php');
    exit;
}

// Load the register.php language file
require PUN_ROOT.'lang/'.$pun_user['language'].'/register.php';

// Load the register.php/profile.php language file
require PUN_ROOT.'lang/'.$pun_user['language'].'/prof_reg.php';

if ($pun_config['o_regs_allow'] == '0')
    message($lang_register['No new regs']);


// User pressed the cancel button
if (isset($_GET['cancel']))
    redirect('index.php', $lang_register['Reg cancel redirect']);


else if ($pun_config['o_rules'] == '1' && !isset($_GET['agree']) && !isset($_POST['form_sent']))
{
    $page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_register['Register'];
    require PUN_ROOT.'header.php';

?>
<div class="blockform">
    <h2><span><?php echo $lang_register['Forum rules'] ?></span></h2>
    <div class="box">
        <form method="get" action="register.php">
            <div class="inform">
                <fieldset>
                    <legend><?php echo $lang_register['Rules legend'] ?></legend>
                    <div class="infldset">
                        <p><?php echo $pun_config['o_rules_message'] ?></p>
                    </div>
                </fieldset>
            </div>
            <p><input type="submit" name="agree" value="<?php echo $lang_register['Agree'] ?>" /><input type="submit" name="cancel" value="<?php echo $lang_register['Cancel'] ?>" /></p>
        </form>
    </div>
</div>
<?php

    require PUN_ROOT.'footer.php';
}


else if (isset($_POST['form_sent']))
{
    // Check that someone from this IP didn't register a user within the last hour (DoS prevention)
    $result = $db->query('SELECT 1 FROM '.$db->prefix.'users WHERE registration_ip=\''.get_remote_address().'\' AND registered>'.(time() - 3600)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());

    if ($db->num_rows($result))
        message('A new user was registered with the same IP address as you within the last hour. To prevent registration flooding, at least an hour has to pass between registrations from the same IP. Sorry for the inconvenience.');


    $username = pun_trim($_POST['req_username']);
    $email1 = strtolower(trim($_POST['req_email1']));

    if ($pun_config['o_regs_verify'] == '1')
    {
        $email2 = strtolower(trim($_POST['req_email2']));

        $password1 = random_pass(8);
        $password2 = $password1;
    }
    else
    {
        $password1 = trim($_POST['req_password1']);
        $password2 = trim($_POST['req_password2']);
    }

    // Convert multiple whitespace characters into one (to prevent people from registering with indistinguishable usernames)
    $username = preg_replace('#\s+#s', ' ', $username);

    // Validate username and passwords
    if (strlen($username) < 2)
        message($lang_prof_reg['Username too short']);
    else if (pun_strlen($username) > 25)    // This usually doesn't happen since the form element only accepts 25 characters
        message($lang_common['Bad request']);
    else if (strlen($password1) < 4)
        message($lang_prof_reg['Pass too short']);
    else if ($password1 != $password2)
        message($lang_prof_reg['Pass not match']);
    else if (!strcasecmp($username, 'Guest') || !strcasecmp($username, $lang_common['Guest']))
        message($lang_prof_reg['Username guest']);
    else if (preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $username))
        message($lang_prof_reg['Username IP']);
    else if ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false)
        message($lang_prof_reg['Username reserved chars']);
    else if (preg_match('#\[b\]|\[/b\]|\[u\]|\[/u\]|\[i\]|\[/i\]|\[color|\[/color\]|\[quote\]|\[quote=|\[/quote\]|\[code\]|\[/code\]|\[img\]|\[/img\]|\[url|\[/url\]|\[email|\[/email\]#i', $username))
        message($lang_prof_reg['Username BBCode']);

    // Check username for any censored words
    if ($pun_config['o_censoring'] == '1')
    {
        // If the censored username differs from the username
        if (censor_words($username) != $username)
            message($lang_register['Username censor']);
    }

    // Check that the username (or a too similar username) is not already registered
    $result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE UPPER(username)=UPPER(\''.$db->escape($username).'\') OR UPPER(username)=UPPER(\''.$db->escape(preg_replace('/[^\w]/', '', $username)).'\')') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());

    if ($db->num_rows($result))
    {
        $busy = $db->result($result);
        message($lang_register['Username dupe 1'].' '.pun_htmlspecialchars($busy).'. '.$lang_register['Username dupe 2']);
    }


    // Validate e-mail
    require PUN_ROOT.'include/email.php';

    if (!is_valid_email($email1))
        message($lang_common['Invalid e-mail']);
    else if ($pun_config['o_regs_verify'] == '1' && $email1 != $email2)
        message($lang_register['E-mail not match']);

    // Check it it's a banned e-mail address
    if (is_banned_email($email1))
    {
        if ($pun_config['p_allow_banned_email'] == '0')
            message($lang_prof_reg['Banned e-mail']);

        $banned_email = true;    // Used later when we send an alert e-mail
    }
    else
        $banned_email = false;

    // Check if someone else already has registered with that e-mail address
    $dupe_list = array();

    $result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE email=\''.$email1.'\'') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
    if ($db->num_rows($result))
    {
        if ($pun_config['p_allow_dupe_email'] == '0')
            message($lang_prof_reg['Dupe e-mail']);

        while ($cur_dupe = $db->fetch_assoc($result))
            $dupe_list[] = $cur_dupe['username'];
    }

    // Make sure we got a valid language string
    if (isset($_POST['language']))
    {
        $language = preg_replace('#[\.\\\/]#', '', $_POST['language']);
        if (!file_exists(PUN_ROOT.'lang/'.$language.'/common.php'))
                message($lang_common['Bad request']);
    }
    else
        $language = $pun_config['o_default_lang'];

    $timezone = round($_POST['timezone'], 1);
    $save_pass = (!isset($_POST['save_pass']) || $_POST['save_pass'] != '1') ? '0' : '1';

    $email_setting = intval($_POST['email_setting']);
    if ($email_setting < 0 || $email_setting > 2) $email_setting = 1;

    // Insert the new user into the database. We do this now to get the last inserted id for later use.
    $now = time();

    $intial_group_id = ($pun_config['o_regs_verify'] == '0') ? $pun_config['o_default_user_group'] : PUN_UNVERIFIED;
    $password_hash = pun_hash($password1);

    // Add the user
    $db->query('INSERT INTO '.$db->prefix.'users (username, group_id, password, email, email_setting, save_pass, timezone, language, style, registered, registration_ip, last_visit) VALUES(\''.$db->escape($username).'\', '.$intial_group_id.', \''.$password_hash.'\', \''.$email1.'\', '.$email_setting.', '.$save_pass.', '.$timezone.' , \''.$db->escape($language).'\', \''.$pun_config['o_default_style'].'\', '.$now.', \''.get_remote_address().'\', '.$now.')') or error('Unable to create user', __FILE__, __LINE__, $db->error());
    $new_uid = $db->insert_id();


    // If we previously found out that the e-mail was banned
    if ($banned_email && $pun_config['o_mailing_list'] != '')
    {
        $mail_subject = 'Alert - Banned e-mail detected';
        $mail_message = 'User \''.$username.'\' registered with banned e-mail address: '.$email1."\n\n".'User profile: '.$pun_config['o_base_url'].'/profile.php?id='.$new_uid."\n\n".'-- '."\n".'Forum Mailer'."\n".'(Do not reply to this message)';

        pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message);
    }

    // If we previously found out that the e-mail was a dupe
    if (!empty($dupe_list) && $pun_config['o_mailing_list'] != '')
    {
        $mail_subject = 'Alert - Duplicate e-mail detected';
        $mail_message = 'User \''.$username.'\' registered with an e-mail address that also belongs to: '.implode(', ', $dupe_list)."\n\n".'User profile: '.$pun_config['o_base_url'].'/profile.php?id='.$new_uid."\n\n".'-- '."\n".'Forum Mailer'."\n".'(Do not reply to this message)';

        pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message);
    }

    // Should we alert people on the admin mailing list that a new user has registered?
    if ($pun_config['o_regs_report'] == '1')
    {
        $mail_subject = 'Alert - New registration';
        $mail_message = 'User \''.$username.'\' registered in the forums at '.$pun_config['o_base_url']."\n\n".'User profile: '.$pun_config['o_base_url'].'/profile.php?id='.$new_uid."\n\n".'-- '."\n".'Forum Mailer'."\n".'(Do not reply to this message)';

        pun_mail($pun_config['o_mailing_list'], $mail_subject, $mail_message);
    }

    // Must the user verify the registration or do we log him/her in right now?
    if ($pun_config['o_regs_verify'] == '1')
    {
        // Load the "welcome" template
        $mail_tpl = trim(file_get_contents(PUN_ROOT.'lang/'.$pun_user['language'].'/mail_templates/welcome.tpl'));

        // The first row contains the subject
        $first_crlf = strpos($mail_tpl, "\n");
        $mail_subject = trim(substr($mail_tpl, 8, $first_crlf-8));
        $mail_message = trim(substr($mail_tpl, $first_crlf));

        $mail_subject = str_replace('<board_title>', $pun_config['o_board_title'], $mail_subject);
        $mail_message = str_replace('<base_url>', $pun_config['o_base_url'].'/', $mail_message);
        $mail_message = str_replace('<username>', $username, $mail_message);
        $mail_message = str_replace('<password>', $password1, $mail_message);
        $mail_message = str_replace('<login_url>', $pun_config['o_base_url'].'/login.php', $mail_message);
        $mail_message = str_replace('<board_mailer>', $pun_config['o_board_title'].' '.$lang_common['Mailer'], $mail_message);

        pun_mail($email1, $mail_subject, $mail_message);

        message($lang_register['Reg e-mail'].' <a href="mailto:'.$pun_config['o_admin_email'].'">'.$pun_config['o_admin_email'].'</a>.', true);
    }

    pun_setcookie($new_uid, $password_hash, ($save_pass != '0') ? $now + 31536000 : 0);

    redirect('index.php', $lang_register['Reg complete']);
}


$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.$lang_register['Register'];
$required_fields = array('req_username' => $lang_common['Username'], 'req_password1' => $lang_common['Password'], 'req_password2' => $lang_prof_reg['Confirm pass'], 'req_email1' => $lang_common['E-mail'], 'req_email2' => $lang_common['E-mail'].' 2');
$focus_element = array('register', 'req_username');
require PUN_ROOT.'header.php';

?>
<div class="blockform">
    <h2><span><?php echo $lang_register['Register'] ?></span></h2>
    <div class="box">
        <form id="register" method="post" action="register.php?action=register" onsubmit="this.register.disabled=true;if(process_form(this)){return true;}else{this.register.disabled=false;return false;}">
            <div class="inform">
                <div class="forminfo">
                    <h3><?php echo $lang_common['Important information'] ?></h3>
                    <p><?php echo $lang_register['Desc 1'] ?></p>
                    <p><?php echo $lang_register['Desc 2'] ?></p>
                </div>
                <fieldset>
                    <legend><?php echo $lang_register['Username legend'] ?></legend>
                    <div class="infldset">
                        <input type="hidden" name="form_sent" value="1" />
                        <label><strong><?php echo $lang_common['Username'] ?></strong><br /><input type="text" name="req_username" size="25" maxlength="25" /><br /></label>
                    </div>
                </fieldset>
            </div>
<?php if ($pun_config['o_regs_verify'] == '0'): ?>            <div class="inform">
                <fieldset>
                    <legend><?php echo $lang_register['Pass legend 1'] ?></legend>
                    <div class="infldset">
                        <label class="conl"><strong><?php echo $lang_common['Password'] ?></strong><br /><input type="password" name="req_password1" size="16" maxlength="16" /><br /></label>
                        <label class="conl"><strong><?php echo $lang_prof_reg['Confirm pass'] ?></strong><br /><input type="password" name="req_password2" size="16" maxlength="16" /><br /></label>
                        <p class="clearb"><?php echo $lang_register['Pass info'] ?></p>
                    </div>
                </fieldset>
            </div>
<?php endif; ?>            <div class="inform">
                <fieldset>
                    <legend><?php echo ($pun_config['o_regs_verify'] == '1') ? $lang_prof_reg['E-mail legend 2'] : $lang_prof_reg['E-mail legend'] ?></legend>
                    <div class="infldset">
<?php if ($pun_config['o_regs_verify'] == '1'): ?>            <p><?php echo $lang_register['E-mail info'] ?></p>
<?php endif; ?>                    <label><strong><?php echo $lang_common['E-mail'] ?></strong><br />
                        <input type="text" name="req_email1" size="50" maxlength="50" /><br /></label>
<?php if ($pun_config['o_regs_verify'] == '1'): ?>                        <label><strong><?php echo $lang_register['Confirm e-mail'] ?></strong><br />
                        <input type="text" name="req_email2" size="50" maxlength="50" /><br /></label>
<?php endif; ?>                    </div>
                </fieldset>
            </div>
            <div class="inform">
                <fieldset>
                    <legend><?php echo $lang_prof_reg['Localisation legend'] ?></legend>
                    <div class="infldset">
                        <label><?php echo $lang_prof_reg['Timezone'] ?>: <?php echo $lang_prof_reg['Timezone info'] ?>
                        <br /><select id="time_zone" name="timezone">
                            <option value="-12"<?php if ($pun_config['o_server_timezone'] == -12 ) echo ' selected="selected"' ?>>-12</option>
                            <option value="-11"<?php if ($pun_config['o_server_timezone'] == -11) echo ' selected="selected"' ?>>-11</option>
                            <option value="-10"<?php if ($pun_config['o_server_timezone'] == -10) echo ' selected="selected"' ?>>-10</option>
                            <option value="-9.5"<?php if ($pun_config['o_server_timezone'] == -9.5) echo ' selected="selected"' ?>>-9.5</option>
                            <option value="-9"<?php if ($pun_config['o_server_timezone'] == -9 ) echo ' selected="selected"' ?>>-09</option>
                            <option value="-8.5"<?php if ($pun_config['o_server_timezone'] == -8.5) echo ' selected="selected"' ?>>-8.5</option>
                            <option value="-8"<?php if ($pun_config['o_server_timezone'] == -8 ) echo ' selected="selected"' ?>>-08 PST</option>
                            <option value="-7"<?php if ($pun_config['o_server_timezone'] == -7 ) echo ' selected="selected"' ?>>-07 MST</option>
                            <option value="-6"<?php if ($pun_config['o_server_timezone'] == -6 ) echo ' selected="selected"' ?>>-06 CST</option>
                            <option value="-5"<?php if ($pun_config['o_server_timezone'] == -5 ) echo ' selected="selected"' ?>>-05 EST</option>
                            <option value="-4"<?php if ($pun_config['o_server_timezone'] == -4 ) echo ' selected="selected"' ?>>-04 AST</option>
                            <option value="-3.5"<?php if ($pun_config['o_server_timezone'] == -3.5) echo ' selected="selected"' ?>>-3.5</option>
                            <option value="-3"<?php if ($pun_config['o_server_timezone'] == -3 ) echo ' selected="selected"' ?>>-03 ADT</option>
                            <option value="-2"<?php if ($pun_config['o_server_timezone'] == -2 ) echo ' selected="selected"' ?>>-02</option>
                            <option value="-1"<?php if ($pun_config['o_server_timezone'] == -1) echo ' selected="selected"' ?>>-01</option>
                            <option value="0"<?php if ($pun_config['o_server_timezone'] == 0) echo ' selected="selected"' ?>>00 GMT</option>
                            <option value="1"<?php if ($pun_config['o_server_timezone'] == 1) echo ' selected="selected"' ?>>+01 CET</option>
                            <option value="2"<?php if ($pun_config['o_server_timezone'] == 2 ) echo ' selected="selected"' ?>>+02</option>
                            <option value="3"<?php if ($pun_config['o_server_timezone'] == 3 ) echo ' selected="selected"' ?>>+03</option>
                            <option value="3.5"<?php if ($pun_config['o_server_timezone'] == 3.5 ) echo ' selected="selected"' ?>>+03.5</option>
                            <option value="4"<?php if ($pun_config['o_server_timezone'] == 4 ) echo ' selected="selected"' ?>>+04</option>
                            <option value="4.5"<?php if ($pun_config['o_server_timezone'] == 4.5 ) echo ' selected="selected"' ?>>+04.5</option>
                            <option value="5"<?php if ($pun_config['o_server_timezone'] == 5 ) echo ' selected="selected"' ?>>+05</option>
                            <option value="5.5"<?php if ($pun_config['o_server_timezone'] == 5.5 ) echo ' selected="selected"' ?>>+05.5</option>
                            <option value="6"<?php if ($pun_config['o_server_timezone'] == 6 ) echo ' selected="selected"' ?>>+06</option>
                            <option value="6.5"<?php if ($pun_config['o_server_timezone'] == 6.5 ) echo ' selected="selected"' ?>>+06.5</option>
                            <option value="7"<?php if ($pun_config['o_server_timezone'] == 7 ) echo ' selected="selected"' ?>>+07</option>
                            <option value="8"<?php if ($pun_config['o_server_timezone'] == 8 ) echo ' selected="selected"' ?>>+08</option>
                            <option value="9"<?php if ($pun_config['o_server_timezone'] == 9 ) echo ' selected="selected"' ?>>+09</option>
                            <option value="9.5"<?php if ($pun_config['o_server_timezone'] == 9.5 ) echo ' selected="selected"' ?>>+09.5</option>
                            <option value="10"<?php if ($pun_config['o_server_timezone'] == 10) echo ' selected="selected"' ?>>+10</option>
                            <option value="10.5"<?php if ($pun_config['o_server_timezone'] == 10.5 ) echo ' selected="selected"' ?>>+10.5</option>
                            <option value="11"<?php if ($pun_config['o_server_timezone'] == 11) echo ' selected="selected"' ?>>+11</option>
                            <option value="11.5"<?php if ($pun_config['o_server_timezone'] == 11.5 ) echo ' selected="selected"' ?>>+11.5</option>
                            <option value="12"<?php if ($pun_config['o_server_timezone'] == 12 ) echo ' selected="selected"' ?>>+12</option>
                            <option value="13"<?php if ($pun_config['o_server_timezone'] == 13 ) echo ' selected="selected"' ?>>+13</option>
                            <option value="14"<?php if ($pun_config['o_server_timezone'] == 14 ) echo ' selected="selected"' ?>>+14</option>
                        </select>
                        <br /></label>
<?php

        $languages = array();
        $d = dir(PUN_ROOT.'lang');
        while (($entry = $d->read()) !== false)
        {
            if ($entry != '.' && $entry != '..' && is_dir(PUN_ROOT.'lang/'.$entry) && file_exists(PUN_ROOT.'lang/'.$entry.'/common.php'))
                $languages[] = $entry;
        }
        $d->close();

        // Only display the language selection box if there's more than one language available
        if (count($languages) > 1)
        {

?>
                            <label><?php echo $lang_prof_reg['Language'] ?>: <?php echo $lang_prof_reg['Language info'] ?>
                            <br /><select name="language">
<?php

            while (list(, $temp) = @each($languages))
            {
                if ($pun_config['o_default_lang'] == $temp)
                    echo "\t\t\t\t\t\t\t\t".'<option value="'.$temp.'" selected="selected">'.$temp.'</option>'."\n";
                else
                    echo "\t\t\t\t\t\t\t\t".'<option value="'.$temp.'">'.$temp.'</option>'."\n";
            }

?>
                            </select>
                            <br /></label>
<?php

        }
?>
                    </div>
                </fieldset>
            </div>
            <div class="inform">
                <fieldset>
                    <legend><?php echo $lang_prof_reg['Privacy options legend'] ?></legend>
                    <div class="infldset">
                        <p><?php echo $lang_prof_reg['E-mail setting info'] ?></p>
                        <div class="rbox">
                            <label><input type="radio" name="email_setting" value="0" /><?php echo $lang_prof_reg['E-mail setting 1'] ?><br /></label>
                            <label><input type="radio" name="email_setting" value="1" checked="checked" /><?php echo $lang_prof_reg['E-mail setting 2'] ?><br /></label>
                            <label><input type="radio" name="email_setting" value="2" /><?php echo $lang_prof_reg['E-mail setting 3'] ?><br /></label>
                        </div>
                        <p><?php echo $lang_prof_reg['Save user/pass info'] ?></p>
                        <div class="rbox">
                            <label><input type="checkbox" name="save_pass" value="1" checked="checked" /><?php echo $lang_prof_reg['Save user/pass'] ?><br /></label>
                        </div>
                    </div>
                </fieldset>
            </div>
            <p><input type="submit" name="register" value="<?php echo $lang_register['Register'] ?>" /></p>
        </form>
    </div>
</div>
<?php

require PUN_ROOT.'footer.php';
in friendship,
prad

Re: new registration disabled unsuccessfully

What do you see when you visit the registration page directly?

Also, have you installed any mods (and if so, which)?

18 (edited by pradtf 2007-06-16 00:09)

Re: new registration disabled unsuccessfully

Smartys wrote:

What do you see when you visit the registration page directly?

the expected page with
=============
Info
This forum is not accepting new registrations.
Go back
=============

Smartys wrote:

Also, have you installed any mods (and if so, which)?

i don't think so - i don't know what mods are.
unless you mean mods as in the sense of apache mods like:
php5.conf php5.load perl.conf perl.load etc which are installed with apache when you want php or perl etc. is that what you mean or is it something else specifically related to punbb (i haven't explored much with pun because it did what i required perfectly).

in friendship,
prad

Re: new registration disabled unsuccessfully

I meant modifications to your PunBB forum. smile
Could you check through your site's access log and see if you can find any entries for the IPs?

20 (edited by pradtf 2007-06-16 03:04)

Re: new registration disabled unsuccessfully

Smartys wrote:

I meant modifications to your PunBB forum. smile

i have not made any modifications.
i've done something much worse!! sad sad

Smartys wrote:

Could you check through your site's access log and see if you can find any entries for the IPs?

i just checked the log.
i found that there was another pun forum that had been setup in a different directory, but with access to the same database. this was an oversight when we changed our operating system from openbsd to debian.
they were getting in through that register.php and the cache_config.php had the o_allow_reg set to 1.

i learned a bit about how pun is coded and a lot about how helpful people on this forum really are.
unfortunately, i'm afraid i've wasted your time - a little more care on my part and earlier examination of the logs would have saved everyone this unnecessary trouble. for this i apologize.

thank you very much for trying to solve this problem of my own creation.

in friendship,
prad

Re: new registration disabled unsuccessfully

Don't worry about it pradtf, we're always happy to help smile

22

Re: new registration disabled unsuccessfully

Smartys wrote:

Don't worry about it pradtf, we're always happy to help smile

you are very kind.

i run 3 pun forums on our servers and always make donations to any free software that i intend to stick with.

i'm going to stick with pun because of its quality and the quality of people like you smartys as well as the others who tried to help out in this thread. may be one day after learning more, i'll be able to pass on the favor to someone else.

for now though, i'm on my way to the donation button ...

in friendship,
prad

23

Re: new registration disabled unsuccessfully

Glad to hear you've found the cause of the problem. smile

24 (edited by pradtf 2007-06-16 03:21)

Re: new registration disabled unsuccessfully

MattF wrote:

Glad to hear you've found the cause of the problem. smile

ya it was me all the time big_smile big_smile big_smile
thanks mattf, for your inputs and the idea of looking at the log in the earlier post.
guess it's better to look at logs before looking at code big_smile

but now that i've done it, i think i'd still like to find out where that exit is implemented when o_new_reg=0.

in friendship,
prad

25 (edited by MattF 2007-06-16 03:37)

Re: new registration disabled unsuccessfully

pradtf wrote:
MattF wrote:

Glad to hear you've found the cause of the problem. smile

ya it was me all the time big_smile big_smile big_smile
thanks mattf, for your inputs and the idea of looking at the log in the earlier post.
guess it's better to look at logs before looking at code big_smile

but now that i've done it, i think i'd still like to find out where that exit is implemented when o_new_reg=0.

Logs are the easiest and most useful starting point every time. big_smile We've all had one, (or more), of those moments in the past of overlooking what seems obvious afterwards. big_smile

With regards to the exit, it's more a bypass. If you look at that function, you'll notice that once the message function is called, it terminates itself directly. The calling script can't continue on.

Edit: Think of it as the page that calls the message function is actually calling a separate page, so therefore it no longer has anything to process itself.