Revcms important new username fix!
If you are using a default revcms build, then people can register with some unknown characters to most emulators. (Tested on 10 retros that were on topretros and on 6 of them i could do this)
So, while i was trying out stuff on my hotel, some guy came in with the name "ªnoobª" and he was like "Try a command on me" and i did, and that does not work as most emulators won't recognise those characters.
So what is the exploit? Well, if some user comes in your hotel and starts advertising you can't do anything about it until you restart the emulator and manualy add him to the ban list, and no one wants to do that so.
+ On some hotels, when you enter the client it offers you the ":flagme" aka change name function, and if some hotels have disabled that because it's exploitable then people can activate it by registering with an unknown name for the emulator.
Screen shots of it in "action"
https://i.gyazo.com/0121aa0efc01d3b0...6e0806ce01.png
https://i.gyazo.com/801b02bbb179d42e...1ffcd343a2.png
And here is the fix for it...
Go in app and open class.users
and find the validname function which looks like this for most revcms users
PHP Code:
final public function validName($username)
{
if(strlen($username) <= 25 && ctype_alnum($username))
{
return true;
}
return false;
}
And you replace that with this.
PHP Code:
final public function validName($username)
{
if(strlen($username) <= 25 && preg_match("/^[a-zA-Z0-9]+$/", $username))
{
return true;
}
return false;
}
This code will only allow letters from a-z and numbers. So if you want people to register with . - and things like that, you will need to change /^[a-zA-Z0-9]+$/ to something else, you can easily learn how to customisze that by googling preg_match allowing different characters.
If you want characters from a-z 0-9 and . -
Replace /^[a-zA-Z0-9]+$/
with this /^[a-z0-9\.\-]+$/i
Thx to @3M1L for helping me with this :)
Re: Revcms important new username fix!
No need for the redundant if/else statement.
Code:
final public function validName($username)
{
return strlen($username) <= 25 && preg_match("/^[a-zA-Z0-9]+$/", $username);
}
Re: Revcms important new username fix!
Quote:
Originally Posted by
Eronisch
No need for the redundant if/else statement.
Code:
final public function validName($username)
{
return strlen($username) <= 25 && preg_match("/^[a-zA-Z0-9]+$/", $username);
}
I believe that this function was written originally by the RevCMS creator.
Re: Revcms important new username fix!
Heres the one for the characters such as . - etc
if(strlen($username) <= 25 && preg_match("/^[a-z0-9 .\-]+$/i", $username))
Re: Revcms important new username fix!
I see you have used Tardis as one of the screenshots, I don't use REV I use sleeve but I don't understand why you just can't be banned from MOD Tools, don't get me wrong this is a great release as I know the hotel that does this and goes on to hotels using this which I think is pretty bad considering they are a MOD here. I saw them dump jaycustoms hotel the other day I literally sat in disbelief as he did it.
I applaud you for the release and hope the other hotels take this on, if you don't just ban them from mod tools.
Re: Revcms important new username fix!
But with :flagme you can change your name back to this right, or can't you?
https://gyazo.com/283861408ab40324bb031725fa62974f.png
Re: Revcms important new username fix!
Quote:
Originally Posted by
</Meap>
Heres the one for the characters such as . - etc
if(strlen($username) <= 25 && preg_match("/^[a-z0-9\.\-]+$/i", $username))
Thank me later ;)
Re: Revcms important new username fix!
Quote:
Originally Posted by
</Meap>
thank u for wut
He added an backward slash \
Re: Revcms important new username fix!
Quote:
Originally Posted by
3M1L
He added an backward slash \
I already had a backward slash
Re: Revcms important new username fix!
Quote:
Originally Posted by
DutchenL
Depending on how the emulator is coded, the characters allowed are different. But no most emulators don't allow such characters.
Re: Revcms important new username fix!
Quote:
Originally Posted by
</Meap>
I already had a backward slash
Not before the "." Which indicates any char except a new line.
Re: Revcms important new username fix!
Quote:
Originally Posted by
Joopie
Thank me later ;)
Updated the thread with this, thanks to you and @</Meap>