makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix various bugs; password length warning, proper warnings for username/email errors

Browse source 
git-svn-id: file:///svn/phpbb/trunk@1965 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2002-01-27 03:10:40 +00:00
parent 617008810f
commit 57fdecdc0e
4 changed files with 93 additions and 92 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

74
phpBB/includes/functions.php
View file

@ -191,7 +191,7 @@ function make_jumpbox($match_forum_id = 0)
if( isset($SID) ) if( isset($SID) )
{ {
// $boxstring .= '<input type="hidden" name="sid" value="' . $SID . '" />'; $boxstring .= '<input type="hidden" name="sid" value="' . $SID . '" />';
} }
return($boxstring); return($boxstring);
@ -304,7 +304,6 @@ function init_userprefs($userdata)
$new_value = str_replace("_lang", "_" . $board_config['default_lang'], $value); $new_value = str_replace("_lang", "_" . $board_config['default_lang'], $value);
$images[$key] = ( file_exists($new_value) ) ? $new_value : str_replace("_lang", "_english", $value); $images[$key] = ( file_exists($new_value) ) ? $new_value : str_replace("_lang", "_english", $value);
// list($images_width[$key], $images_height[$key]) = getimagesize($images[$key]);
} }
} }
@ -498,73 +497,42 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add
// //
function validate_username($username) function validate_username($username)
{ {
global $db; global $db, $lang;
switch(SQL_LAYER)
{
case 'mysql':
case 'mysql4':
$sql_users = "SELECT u.username, g.group_name
FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug
WHERE ug.user_id = u.user_id
AND g.group_id = ug.group_id
AND ( LOWER(u.username) = '" . strtolower(str_replace("\'", "''", $username)) . "'
OR LOWER(g.group_name) = '" . strtolower(str_replace("\'", "''", $username)) . "' )";
$sql_disallow = "SELECT disallow_username
FROM " . DISALLOW_TABLE . "
WHERE '" . str_replace("\'", "''", $username) . "' LIKE disallow_username";
if($result = $db->sql_query($sql_users))
{
if($db->sql_numrows($result) > 0)
{
return(FALSE);
}
}
if($result = $db->sql_query($sql_disallow))
{
if($db->sql_numrows($result) > 0)
{
return(FALSE);
}
}
break;
default:
$sql = "SELECT u.username, g.group_name $sql = "SELECT u.username, g.group_name
FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug
WHERE ug.user_id = u.user_id WHERE ug.user_id = u.user_id
AND g.group_id = ug.group_id AND g.group_id = ug.group_id
AND ( LOWER(u.username) = '" . strtolower(str_replace("\'", "''", $username)) . "' AND ( LOWER(u.username) = '" . strtolower(str_replace("\'", "''", $username)) . "'
OR LOWER(g.group_name) = '" . strtolower(str_replace("\'", "''", $username)) . "' ) OR LOWER(g.group_name) = '" . strtolower(str_replace("\'", "''", $username)) . "' )";
UNION if ( $result = $db->sql_query($sql) )
SELECT disallow_username, NULL {
if ( $db->sql_fetchrow($result) )
{
return array('error' => $lang['Username_taken']);
}
}
$sql = "SELECT disallow_username
FROM " . DISALLOW_TABLE . " FROM " . DISALLOW_TABLE . "
WHERE '" . str_replace("\'", "''", $username) . "' LIKE disallow_username"; WHERE '" . str_replace("\'", "''", $username) . "' LIKE disallow_username";
if($result = $db->sql_query($sql)) if ( $result = $db->sql_query($sql) )
{ {
if($db->sql_numrows($result) > 0) if ( $db->sql_fetchrow($result) )
{ {
return(FALSE); return array('error' => $lang['Username_disallowed']);
} }
} }
break;
}
$sql = "SELECT word $sql = "SELECT word
FROM " . WORDS_TABLE; FROM " . WORDS_TABLE;
if( !$words_result = $db->sql_query($sql) ) if ( $result = $db->sql_query($sql) )
{ {
message_die(GENERAL_ERROR, "Couldn't get censored words from database.", "", __LINE__, __FILE__, $sql); while( $row = $db->sql_fetchrow($result) )
}
else
{ {
$word_list = $db->sql_fetchrowset($words_result); if( preg_match("/\b(" . str_replace("\*", "\w*?", preg_quote($row['word'])) . ")\b/i", $username) )
for($i = 0; $i < count($word_list); $i++)
{ {
if( preg_match("/\b(" . str_replace("\*", "\w*?", preg_quote($word_list[$i]['word'])) . ")\b/i", $username) ) return array('error' => $lang['Username_disallowed']);
{
return(FALSE);
} }
} }
} }
@ -572,10 +540,10 @@ function validate_username($username)
// Don't allow " in username. // Don't allow " in username.
if ( strstr($username, '"') ) if ( strstr($username, '"') )
{ {
return FALSE; return array('error' => $lang['Username_invalid']);
} }
return(TRUE); return array('error' => '');
} }

11
phpBB/language/lang_english/lang_main.php
View file

@ -524,7 +524,7 @@ $lang['Search_user_posts'] = "Find all posts by %s"; // Find all posts by userna
$lang['No_user_id_specified'] = "Sorry but that user does not exist"; $lang['No_user_id_specified'] = "Sorry but that user does not exist";
$lang['Wrong_Profile'] = "You cannot modify a profile that is not your own."; $lang['Wrong_Profile'] = "You cannot modify a profile that is not your own.";
$lang['Sorry_banned_or_taken_email'] = "Sorry but the email address you gave has either been banned, is already registered to another user or is invalid. Please try an alternative address, if that is also banned you should contact the board administrator for advice";
$lang['Only_one_avatar'] = "Only one type of avatar can be specified"; $lang['Only_one_avatar'] = "Only one type of avatar can be specified";
$lang['File_no_data'] = "The file at the URL you gave contains no data"; $lang['File_no_data'] = "The file at the URL you gave contains no data";
$lang['No_connection_URL'] = "A connection could not be made to the URL you gave"; $lang['No_connection_URL'] = "A connection could not be made to the URL you gave";
@ -552,6 +552,7 @@ $lang['Public_view_email'] = "Always show my Email Address";
$lang['Current_password'] = "Current password"; $lang['Current_password'] = "Current password";
$lang['New_password'] = "New password"; $lang['New_password'] = "New password";
$lang['Confirm_password'] = "Confirm password"; $lang['Confirm_password'] = "Confirm password";
$lang['Confirm_password_explain'] = "You must confirm your current password if you wish to change it or alter your email address";
$lang['password_if_changed'] = "You only need to supply a password if you want to change it"; $lang['password_if_changed'] = "You only need to supply a password if you want to change it";
$lang['password_confirm_if_changed'] = "You only need to confirm your password if you changed it above"; $lang['password_confirm_if_changed'] = "You only need to confirm your password if you changed it above";
@ -583,7 +584,13 @@ $lang['Profile_updated_inactive'] = "Your profile has been updated, however you
$lang['Password_mismatch'] = "The passwords you entered did not match"; $lang['Password_mismatch'] = "The passwords you entered did not match";
$lang['Current_password_mismatch'] = "The current password you supplied does not match that stored in the database"; $lang['Current_password_mismatch'] = "The current password you supplied does not match that stored in the database";
$lang['Invalid_username'] = "The username you requested has been taken or disallowed, or contains invalid characters like the \" character"; $lang['Password_long'] = "Your password must be no more than 32 characters";
$lang['Username_taken'] = "Sorry but this username has already been taken";
$lang['Username_invalid'] = "Sorry but this username contains an invalid character such as \"";
$lang['Username_disallowed'] = "Sorry but this username has been disallowed";
$lang['Email_taken'] = "Sorry but that email address is already registered to a user";
$lang['Email_banned'] = "Sorry but this email address has been banned";
$lang['Email_invalid'] = "Sorry but this email address is invalid";
$lang['Signature_too_long'] = "Your signature is too long"; $lang['Signature_too_long'] = "Your signature is too long";
$lang['Fields_empty'] = "You must fill in the required fields"; $lang['Fields_empty'] = "You must fill in the required fields";
$lang['Avatar_filetype'] = "The avatar filetype must be .jpg, .gif or .png"; $lang['Avatar_filetype'] = "The avatar filetype must be .jpg, .gif or .png";

80
phpBB/profile.php
View file

@ -45,7 +45,7 @@ init_userprefs($userdata);
// //
function validate_email($email) function validate_email($email)
{ {
global $db; global $db, $lang;
if($email != "") if($email != "")
{ {
@ -53,43 +53,36 @@ function validate_email($email)
{ {
$sql = "SELECT ban_email $sql = "SELECT ban_email
FROM " . BANLIST_TABLE; FROM " . BANLIST_TABLE;
if(!$result = $db->sql_query($sql)) if ( $result = $db->sql_query($sql) )
{ {
message_die(GENERAL_ERROR, "Couldn't obtain email ban information.", "", __LINE__, __FILE__, $sql); while( $row = $db->sql_fetchrow($result) )
}
$ban_email_list = $db->sql_fetchrowset($result);
for($i = 0; $i < count($ban_email_list); $i++)
{ {
$match_email = str_replace("*@", ".*@", $ban_email_list[$i]['ban_email']); $match_email = str_replace("*@", ".*@", $row['ban_email']);
if( preg_match("/^" . $match_email . "$/is", $email) ) if ( preg_match("/^" . $match_email . "$/is", $email) )
{ {
return(0); return array('error' => $lang['Email_banned']);
} }
} }
}
$sql = "SELECT user_email $sql = "SELECT user_email
FROM " . USERS_TABLE . " FROM " . USERS_TABLE . "
WHERE user_email = '" . str_replace("\'", "''", $email) . "'"; WHERE user_email = '" . str_replace("\'", "''", $email) . "'";
if(!$result = $db->sql_query($sql)) if ( !($result = $db->sql_query($sql)) )
{ {
message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql); message_die(GENERAL_ERROR, "Couldn't obtain user email information.", "", __LINE__, __FILE__, $sql);
} }
$email_taken = $db->sql_fetchrow($result);
if($email_taken['user_email'] != "") if ( $email_taken = $db->sql_fetchrow($result) )
{ {
return false; return array('error' => $lang['Email_taken']);
} }
return true; return array('error' => '');
}
else
{
return false;
} }
} }
else
{ return array('error' => $lang['Email_invalid']);
return false;
}
} }
// //
@ -583,6 +576,11 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
$error = TRUE; $error = TRUE;
$error_msg = $lang['Password_mismatch']; $error_msg = $lang['Password_mismatch'];
} }
else if( strlen($password) > 32 )
{
$error = TRUE;
$error_msg = $lang['Password_long'];
}
else else
{ {
if( $mode == "editprofile" ) if( $mode == "editprofile" )
@ -624,14 +622,40 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
// //
if( $email != $userdata['user_email'] || $mode == "register" ) if( $email != $userdata['user_email'] || $mode == "register" )
{ {
if( !validate_email($email) ) $result = validate_email($email);
if( $result['error'] != '' )
{ {
$email = $userdata['user_email'];
$error = TRUE; $error = TRUE;
if(isset($error_msg)) if(isset($error_msg))
{ {
$error_msg .= "<br />"; $error_msg .= "<br />";
} }
$error_msg .= $lang['Sorry_banned_or_taken_email']; $error_msg .= $result['error'];
}
if ( $mode == "editprofile" )
{
$sql = "SELECT user_password
FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
if( $result = $db->sql_query($sql) )
{
$row = $db->sql_fetchrow($result);
if( $row['user_password'] != md5($password_current) )
{
$email = $userdata['user_email'];
$error = TRUE;
$error_msg = $lang['Current_password_mismatch'];
}
}
else
{
message_die(GENERAL_ERROR, "Couldn't obtain user_password information.", "", __LINE__, __FILE__, $sql);
}
} }
} }
@ -640,14 +664,15 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{ {
if( $username != $userdata['username'] || $mode == "register" ) if( $username != $userdata['username'] || $mode == "register" )
{ {
if( !validate_username($username) ) $result = validate_username($username);
if( $result['error'] != '' )
{ {
$error = TRUE; $error = TRUE;
if( isset($error_msg) ) if(isset($error_msg))
{ {
$error_msg .= "<br />"; $error_msg .= "<br />";
} }
$error_msg .= $lang['Invalid_username']; $error_msg .= $result['error'];
} }
else else
{ {
@ -1578,6 +1603,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
"L_CURRENT_PASSWORD" => $lang['Current_password'], "L_CURRENT_PASSWORD" => $lang['Current_password'],
"L_NEW_PASSWORD" => ( $mode == "register" ) ? $lang['Password'] : $lang['New_password'], "L_NEW_PASSWORD" => ( $mode == "register" ) ? $lang['Password'] : $lang['New_password'],
"L_CONFIRM_PASSWORD" => $lang['Confirm_password'], "L_CONFIRM_PASSWORD" => $lang['Confirm_password'],
"L_CONFIRM_PASSWORD_EXPLAIN" => ($mode == "editprofile") ? $lang['Confirm_password_explain'] : "",
"L_PASSWORD_IF_CHANGED" => ($mode == "editprofile") ? $lang['password_if_changed'] : "", "L_PASSWORD_IF_CHANGED" => ($mode == "editprofile") ? $lang['password_if_changed'] : "",
"L_PASSWORD_CONFIRM_IF_CHANGED" => ($mode == "editprofile") ? $lang['password_confirm_if_changed'] : "", "L_PASSWORD_CONFIRM_IF_CHANGED" => ($mode == "editprofile") ? $lang['password_confirm_if_changed'] : "",
"L_SUBMIT" => $lang['Submit'], "L_SUBMIT" => $lang['Submit'],

2
phpBB/templates/subSilver/profile_add_body.tpl
View file

@ -30,7 +30,7 @@
<!-- BEGIN edit_profile --> <!-- BEGIN edit_profile -->
<tr> <tr>
<td class="row1"><span class="gen">{L_CURRENT_PASSWORD}: *</span><br /> <td class="row1"><span class="gen">{L_CURRENT_PASSWORD}: *</span><br />
<span class="gensmall">{L_PASSWORD_IF_CHANGED}</span></td> <span class="gensmall">{L_CONFIRM_PASSWORD_EXPLAIN}</span></td>
<td class="row2"> <td class="row2">
<input type="password" class="post" style="width: 200px" name="cur_password" size="25" maxlength="100" value="{PASSWORD}" /> <input type="password" class="post" style="width: 200px" name="cur_password" size="25" maxlength="100" value="{PASSWORD}" />
</td> </td>