Thread: EAB File Server
View Single Post
Old 30 October 2017, 12:22   #1568
Turran
Moderator

Turran's Avatar
 
Join Date: May 2012
Location: Stockholm / Sweden
Age: 45
Posts: 1,106
I dont think we understand each other. If the user "Turbo" tries to add an EAB FTP account, he is going to be denied because eab_post_count.py is going to report
print("* Found more than one user: " + username), when he indeed has a valid EAB Forums account.
This is because there are three other usernames also containing "Turbo" (RobTurbo, Turbo2Xs & TurboCrash).


We have no way to get the postcount from the user "Turbo" using the existing script, therefor he can not create an FTP account, even though he is a valid user (Well, he does not exist right now. Its just an example).

So my suggestion would here, here. Instead of the sys.exit(2):
print("* Found more than one user: " + username)
sys.exit(2)

go through all the results we got back, check if the username is an exact match to any of the result. If it is, grab the post count and return that.
If no user in all the results are a match, return
print("* User not found: " + username)
sys.exit(1)

But then again, do not spend time on this because its easy to exploit anyway by just browsing the eab member list and creating an FTP user with the same name as an existing member.
Turran is online now  
 
Page generated in 0.04027 seconds with 11 queries