From a4138b5454d7485a11b9c78e50cb13d2c5398da0 Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Mon, 31 Mar 2003 06:56:31 +0000
Subject: [PATCH] fixed a bug i invented. changed username validation to catch
 multiple spaces. Changed get_userdata to not get confused with usernames
 beginning with numbers (more stable).

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3768 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/admin/admin_groups.php          | 2 +-
 phpBB/admin/admin_ug_auth.php         | 2 +-
 phpBB/admin/admin_user_ban.php        | 2 +-
 phpBB/admin/admin_users.php           | 2 +-
 phpBB/includes/functions.php          | 9 ++++++---
 phpBB/includes/functions_validate.php | 3 +++
 6 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/phpBB/admin/admin_groups.php b/phpBB/admin/admin_groups.php
index b3fcf3fbd2..05742221c1 100644
--- a/phpBB/admin/admin_groups.php
+++ b/phpBB/admin/admin_groups.php
@@ -263,7 +263,7 @@ else if ( isset($HTTP_POST_VARS['group_update']) )
 			message_die(GENERAL_MESSAGE, $lang['No_group_moderator']);
 		}
 		
-		$this_userdata = get_userdata($group_moderator);
+		$this_userdata = get_userdata($group_moderator, true);
 		$group_moderator = $this_userdata['user_id'];
 
 		if ( !$group_moderator )
diff --git a/phpBB/admin/admin_ug_auth.php b/phpBB/admin/admin_ug_auth.php
index c31f1017cb..8e53331a35 100644
--- a/phpBB/admin/admin_ug_auth.php
+++ b/phpBB/admin/admin_ug_auth.php
@@ -510,7 +510,7 @@ else if ( ( $mode == 'user' && ( isset($HTTP_POST_VARS['username']) || $user_id
 {
 	if ( isset($HTTP_POST_VARS['username']) )
 	{
-		$this_userdata = get_userdata($HTTP_POST_VARS['username']);
+		$this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
 		if ( !is_array($this_userdata) )
 		{
 			message_die(GENERAL_MESSAGE, $lang['No_such_user']);
diff --git a/phpBB/admin/admin_user_ban.php b/phpBB/admin/admin_user_ban.php
index 230bb28bf1..f1f70c9c50 100644
--- a/phpBB/admin/admin_user_ban.php
+++ b/phpBB/admin/admin_user_ban.php
@@ -49,7 +49,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
 	$user_list = array();
 	if ( !empty($HTTP_POST_VARS['username']) )
 	{
-		$this_userdata = get_userdata($HTTP_POST_VARS['username']);
+		$this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
 		if( !$this_userdata )
 		{
 			message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
diff --git a/phpBB/admin/admin_users.php b/phpBB/admin/admin_users.php
index b45687fde2..0cdd92a5a6 100644
--- a/phpBB/admin/admin_users.php
+++ b/phpBB/admin/admin_users.php
@@ -725,7 +725,7 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
 		}
 		else
 		{
-			$this_userdata = get_userdata($HTTP_POST_VARS['username']);
+			$this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
 			if( !$this_userdata )
 			{
 				message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 6ceea44167..8269904331 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -74,16 +74,19 @@ function get_db_stat($mode)
 	return false;
 }
 
-function get_userdata($user)
+//
+// Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced.
+//
+function get_userdata($user, $force_str = false)
 {
 	global $db;
 
-	$user = ( is_string($user)) ? str_replace("\'", "''", htmlspecialchars(trim($user))) : intval($user);
+	$user = ((intval($user) == 0) || ($force_str)) ? str_replace("\'", "''", htmlspecialchars(trim($user))) : intval($user);
 
 	$sql = "SELECT *
 		FROM " . USERS_TABLE . " 
 		WHERE ";
-	$sql .= ( ( is_string($user) ) ? "username = '" .  $user . "'" : "user_id = $user" ) . " AND user_id <> " . ANONYMOUS;
+	$sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" .  $user . "'" ) . " AND user_id <> " . ANONYMOUS;
 	if ( !($result = $db->sql_query($sql)) )
 	{
 		message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql);
diff --git a/phpBB/includes/functions_validate.php b/phpBB/includes/functions_validate.php
index 2e97a36baa..b7231746ec 100644
--- a/phpBB/includes/functions_validate.php
+++ b/phpBB/includes/functions_validate.php
@@ -29,6 +29,9 @@ function validate_username($username)
 {
 	global $db, $lang, $userdata;
 
+	// Remove doubled up spaces
+	$username = preg_replace('#\s+#', ' ', $username); 
+	// Limit username length
 	$username = substr(str_replace("\'", "'", $username), 0, 25);
 	$username = str_replace("'", "''", $username);