Code for dynamic regcodes incomplete [#1346236]

I created a dynamic code in regcode on D7 here.
I'm single stepping through code and not find where it's calling the validation function anywhere so that regcode always fails...

Stepping through the code, I never see either of the validate methods in regcode_dynamic called.

Where are these supposed to be called then? Does the dynamic module work on D7 yet (am I barking up a sapling instead of a tree)?

Comments

Comment #1

IronWorker commented 21 November 2011 at 19:31

Category:

support

» bug

[edit: I retract the assertion that this double uses regcodes: The regcode is actually only used in one place due to the way the function is called, so no, this won't double use the regcode

However, it doesn't do dynamic regcodes because the validate event is checking for regcodes before the _user_presave even fires which would actually create the regcode to validate against.

There needs to be some code in there that fires a validate event(s) from dynamic (and other) codes in coupling with the lookup of regular regcodes (find any of them is valid) during the form validation.

Once validated and the user is being inserted, then the codes can actually be generated and the main module of regcode used to actually use it.

Comment #2

Xomby commented 17 January 2012 at 20:09

Would it be possible to just re-order the code?

I'm just installing this module, so if I run into this issue I'll post back with a workaround (everything is life or death for a client, except cutting checks...)

Comment #3

IronWorker commented 17 January 2012 at 21:10

it'll probably take a little more than that... This was predicated on D6, it looks like, and some of the calls don't happen in the same place. A person could edit up the code a tad but it'll take a little to do it.

Basically, the premise of the code is that it validate the code and then inserts it (as a static code) before the rest of regcode actually uses it.

The problem here is that regcode has apparently evolved a little since this was written....

Not that it can't get fixed but that it isn't going to work as it's written in D7

Also I'd like to see it rewritten a bit to handle plugin algorithms for dynamic codes too along with some custom outcomes. For instance, I've got a requirement where the code itself tells the system what to do with the user.... the code has a lexical meaning both for validity and what to do when inserting the user.

Comment #4

Xomby commented 22 April 2012 at 18:26

This would make a lot of sense. But predictability in the regcode itself would be a security concern, once someone realized the pattern, they'd be able to, via trial and error, predictably register an account with a potentially higher privilege.

OK so how about a user-defined or random(per system) salt added to the code and then the whole thing encrypted or encoded to obfuscate the original meaning. At least then it would look random again...

Comment #5

znerol commented 10 May 2012 at 08:06

Title:

Dynamic codes

» Code for dynamic regcodes incomplete

I've done the port to D7. I did not care too much about dynamic registration codes because the current implementation is really dangerous IMHO.

I removed all calls to regcode dynamic functions throughout the other modules. In order to make dynamic regcodes work, I suggest to implemet hook_form_FORM_ID_alter for the user_register form. There you just put in your custom #validate and #submit callbacks. Refer to the main regcode module to get an idea on how to do that.

Comment #6

aidanlis commented 7 January 2014 at 15:18

Issue summary:	View changes
Status:	Active	» Closed (won't fix)

This never really got any traction so I'm just going to remove it from the 7.x branch unless someone finishes it up.

Code for dynamic regcodes incomplete

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Comment #6

News items

Our community

Documentation

Drupal code base

Governance of community