fixed a bug i invented. changed username validation to catch multiple spaces. Changed get_userdata to not get confused with usernames beginning with numbers (more stable).

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3768 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-28 06:08:52 +00:00 · 2003-03-31 06:56:31 +00:00 · 2003-03-31 06:56:31 +00:00 · a4138b5454
commit a4138b5454
parent 3617af0360
6 changed files with 13 additions and 7 deletions
--- a/phpBB/admin/admin_groups.php
+++ b/phpBB/admin/admin_groups.php
@ -263,7 +263,7 @@ else if ( isset($HTTP_POST_VARS['group_update']) )
 			message_die(GENERAL_MESSAGE, $lang['No_group_moderator']);
 		}
-		$this_userdata = get_userdata($group_moderator);
+		$this_userdata = get_userdata($group_moderator, true);
 		$group_moderator = $this_userdata['user_id'];
 		if ( !$group_moderator )
--- a/phpBB/admin/admin_ug_auth.php
+++ b/phpBB/admin/admin_ug_auth.php
@ -510,7 +510,7 @@ else if ( ( $mode == 'user' && ( isset($HTTP_POST_VARS['username']) || $user_id
 {
 	if ( isset($HTTP_POST_VARS['username']) )
 	{
-		$this_userdata = get_userdata($HTTP_POST_VARS['username']);
+		$this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
 		if ( !is_array($this_userdata) )
 		{
 			message_die(GENERAL_MESSAGE, $lang['No_such_user']);
--- a/phpBB/admin/admin_user_ban.php
+++ b/phpBB/admin/admin_user_ban.php
@ -49,7 +49,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
 	$user_list = array();
 	if ( !empty($HTTP_POST_VARS['username']) )
 	{
-		$this_userdata = get_userdata($HTTP_POST_VARS['username']);
+		$this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
 		if( !$this_userdata )
 		{
 			message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
--- a/phpBB/admin/admin_users.php
+++ b/phpBB/admin/admin_users.php
@ -725,7 +725,7 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
 		}
 		else
 		{
-			$this_userdata = get_userdata($HTTP_POST_VARS['username']);
+			$this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
 			if( !$this_userdata )
 			{
 				message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@ -74,16 +74,19 @@ function get_db_stat($mode)
 	return false;
 }
-function get_userdata($user)
+//
 // Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced.
 //
 function get_userdata($user, $force_str = false)
 {
 	global $db;
-	$user = ( is_string($user)) ? str_replace("\'", "''", htmlspecialchars(trim($user))) : intval($user);
+	$user = ((intval($user) == 0) || ($force_str)) ? str_replace("\'", "''", htmlspecialchars(trim($user))) : intval($user);
 	$sql = "SELECT *
 		FROM " . USERS_TABLE . " 
 		WHERE ";
-	$sql .= ( ( is_string($user) ) ? "username = '" .  $user . "'" : "user_id = $user" ) . " AND user_id <> " . ANONYMOUS;
+	$sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" .  $user . "'" ) . " AND user_id <> " . ANONYMOUS;
 	if ( !($result = $db->sql_query($sql)) )
 	{
 		message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql);
--- a/phpBB/includes/functions_validate.php
+++ b/phpBB/includes/functions_validate.php
@ -29,6 +29,9 @@ function validate_username($username)
 {
 	global $db, $lang, $userdata;
 	// Remove doubled up spaces
 	$username = preg_replace('#\s+#', ' ', $username); 
 	// Limit username length
 	$username = substr(str_replace("\'", "'", $username), 0, 25);
 	$username = str_replace("'", "''", $username);