oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Usernames cannot start or end with a space.

Browse source
This commit is contained in:
JT Smith 2002-09-13 01:55:20 +00:00
parent 7e63f741c5
commit 4de8575c30
2 changed files with 36 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

8
docs/upgrades/upgrade_4.6.7-4.6.8.sql
View file

@ -5,6 +5,14 @@ INSERT INTO international VALUES (12,'Poll',7,'
alter table page modify title varchar(255) null;
update international set lastUpdated='1031510000' where lastUpdated='1031516049';
insert into international (internationalId,languageId,namespace,message,lastUpdated) values (723,1,'WebGUI','Deprecated', 1031800566);
delete from international where languageId=1 and namespace='WebGUI' and internationalId=727;
insert into international (internationalId,languageId,namespace,message,lastUpdated) values (727,1,'WebGUI','Your password cannot be "password".', 1031880154);
delete from international where languageId=1 and namespace='WebGUI' and internationalId=725;
insert into international (internationalId,languageId,namespace,message,lastUpdated) values (725,1,'WebGUI','Your username cannot be blank.', 1031879612);
delete from international where languageId=1 and namespace='WebGUI' and internationalId=724;
insert into international (internationalId,languageId,namespace,message,lastUpdated) values (724,1,'WebGUI','Your username cannot begin or end with a space.', 1031879593);
delete from international where languageId=1 and namespace='WebGUI' and internationalId=726;
insert into international (internationalId,languageId,namespace,message,lastUpdated) values (726,1,'WebGUI','Your password cannot be blank.', 1031879567);

59
lib/WebGUI/Operation/Account.pm
View file

@ -74,22 +74,34 @@ sub _accountOptions {
#-------------------------------------------------------------------
sub _hasBadPassword {
if ($_[0] ne $_[1] || $_[0] eq "") {
return 1;
} else {
return 0;
my ($error);
if ($_[0] ne $_[1]) {
$error = '<li>'.WebGUI::International::get(78);
}
if ($_[0] eq "password") {
$error .= '<li>'.WebGUI::International::get(727);
}
if ($_[0] eq "") {
$error .= '<li>'.WebGUI::International::get(726);
}
return $error;
}
#-------------------------------------------------------------------
sub _hasBadUsername {
my ($otherUser);
($otherUser) = WebGUI::SQL->quickArray("select username from users where username='$_[0]'");
if (($otherUser ne "" && $otherUser ne $session{user}{username}) || $_[0] eq "") {
return 1;
} else {
return 0;
my ($error,$otherUser);
if ($_[0] =~ /^\s/ || $_[0] =~ /\s$/) {
$error = '<li>'.WebGUI::International::get(724);
}
if ($_[0] eq "") {
$error .= '<li>'.WebGUI::International::get(725);
}
($otherUser) = WebGUI::SQL->quickArray("select username from users where username='$_[0]'");
if ($otherUser ne "" && $otherUser ne $session{user}{username}) {
$error .= '<li>'.WebGUI::International::get(77).' "'.$_[0].'too", "'.$_[0].'2", '
.'"'.$_[0].'_'.WebGUI::DateTime::epochToHuman(time(),"%y").'"';
}
return $error;
}
#-------------------------------------------------------------------
@ -193,22 +205,14 @@ sub www_createAccount {
#-------------------------------------------------------------------
sub www_createAccountSave {
my ($profile, $u, $username, $uri, $temp, $ldap, $port, %args, $search,
$connectDN, $auth, $output, $error, $uid,
$encryptedPassword, $fieldName);
$connectDN, $auth, $output, $error, $uid, $encryptedPassword, $fieldName);
if ($session{setting}{authMethod} eq "LDAP" && $session{setting}{usernameBinding}) {
$username = $session{form}{ldapId};
} else {
$username = $session{form}{username};
}
if (_hasBadUsername($username)) {
$error = '<li>'.WebGUI::International::get(77);
$error .= ' "'.$username.'too", ';
$error .= '"'.$username.'2", ';
$error .= '"'.$username.'_'.WebGUI::DateTime::epochToHuman(time(),"%y").'"';
}
if (_hasBadPassword($session{form}{identifier1},$session{form}{identifier2})) {
$error .= '<li>'.WebGUI::International::get(78);
}
$error = _hasBadUsername($username);
$error .= _hasBadPassword($session{form}{identifier1},$session{form}{identifier2});
if ($session{setting}{authMethod} eq "LDAP") {
$uri = URI->new($session{setting}{ldapURL});
if ($uri->port < 1) {
@ -533,21 +537,14 @@ sub www_recoverPasswordFinish {
sub www_updateAccount {
my ($output, $error, $encryptedPassword, $passwordStatement, $u);
if ($session{var}{sessionId}) {
if (_hasBadUsername($session{form}{username})) {
$error = WebGUI::International::get(77);
$error .= ' "'.$session{form}{username}.'too", ';
$error .= '"'.$session{form}{username}.'2", ';
$error .= '"'.$session{form}{username}.'_'.WebGUI::DateTime::epochToHuman(time(),"%y").'"';
$error .= '<p>';
}
if ($session{form}{identifier1} ne "password") {
if (_hasBadPassword($session{form}{identifier1},$session{form}{identifier2})) {
$error .= WebGUI::International::get(78).'<p>';
} else {
$error = _hasBadPassword($session{form}{identifier1},$session{form}{identifier2});
unless ($error) {
$encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier1});
$passwordStatement = ', identifier='.quote($encryptedPassword);
}
}
$error .= _hasBadUsername($session{form}{username});
if ($error eq "") {
$u = WebGUI::User->new($session{user}{userId});
$encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier1});