makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

fixed a bug i invented. changed username validation to catch multiple spaces. Changed get_userdata to not get confused with usernames beginning with numbers (more stable).

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@3768 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2003-03-31 06:56:31 +00:00
parent 3617af0360
commit a4138b5454
6 changed files with 13 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/admin/admin_groups.php
View file

@ -263,7 +263,7 @@ else if ( isset($HTTP_POST_VARS['group_update']) )
message_die(GENERAL_MESSAGE, $lang['No_group_moderator']);
}
$this_userdata = get_userdata($group_moderator);
$this_userdata = get_userdata($group_moderator, true);
$group_moderator = $this_userdata['user_id'];
if ( !$group_moderator )

2
phpBB/admin/admin_ug_auth.php
View file

@ -510,7 +510,7 @@ else if ( ( $mode == 'user' && ( isset($HTTP_POST_VARS['username']) || $user_id
{
if ( isset($HTTP_POST_VARS['username']) )
{
$this_userdata = get_userdata($HTTP_POST_VARS['username']);
$this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
if ( !is_array($this_userdata) )
{
message_die(GENERAL_MESSAGE, $lang['No_such_user']);

2
phpBB/admin/admin_user_ban.php
View file

@ -49,7 +49,7 @@ if ( isset($HTTP_POST_VARS['submit']) )
$user_list = array();
if ( !empty($HTTP_POST_VARS['username']) )
{
$this_userdata = get_userdata($HTTP_POST_VARS['username']);
$this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
if( !$this_userdata )
{
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );

2
phpBB/admin/admin_users.php
View file

@ -725,7 +725,7 @@ if ( $mode == 'edit' || $mode == 'save' && ( isset($HTTP_POST_VARS['username'])
}
else
{
$this_userdata = get_userdata($HTTP_POST_VARS['username']);
$this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
if( !$this_userdata )
{
message_die(GENERAL_MESSAGE, $lang['No_user_id_specified'] );

9
phpBB/includes/functions.php
View file

@ -74,16 +74,19 @@ function get_db_stat($mode)
return false;
}
function get_userdata($user)
//
// Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced.
//
function get_userdata($user, $force_str = false)
{
global $db;
$user = ( is_string($user)) ? str_replace("\'", "''", htmlspecialchars(trim($user))) : intval($user);
$user = ((intval($user) == 0) || ($force_str)) ? str_replace("\'", "''", htmlspecialchars(trim($user))) : intval($user);
$sql = "SELECT *
FROM " . USERS_TABLE . "
WHERE ";
$sql .= ( ( is_string($user) ) ? "username = '" . $user . "'" : "user_id = $user" ) . " AND user_id <> " . ANONYMOUS;
$sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" . $user . "'" ) . " AND user_id <> " . ANONYMOUS;
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql);

3
phpBB/includes/functions_validate.php
View file

@ -29,6 +29,9 @@ function validate_username($username)
{
global $db, $lang, $userdata;
// Remove doubled up spaces
$username = preg_replace('#\s+#', ' ', $username);
// Limit username length
$username = substr(str_replace("\'", "'", $username), 0, 25);
$username = str_replace("'", "''", $username);