From 4de8575c30fb3d84d3b1dc05c9612ce6a88d4a97 Mon Sep 17 00:00:00 2001 From: JT Smith Date: Fri, 13 Sep 2002 01:55:20 +0000 Subject: [PATCH] Usernames cannot start or end with a space. --- docs/upgrades/upgrade_4.6.7-4.6.8.sql | 8 ++++ lib/WebGUI/Operation/Account.pm | 59 +++++++++++++-------------- 2 files changed, 36 insertions(+), 31 deletions(-) diff --git a/docs/upgrades/upgrade_4.6.7-4.6.8.sql b/docs/upgrades/upgrade_4.6.7-4.6.8.sql index 6f7f37277..4d1d709ff 100644 --- a/docs/upgrades/upgrade_4.6.7-4.6.8.sql +++ b/docs/upgrades/upgrade_4.6.7-4.6.8.sql @@ -5,6 +5,14 @@ INSERT INTO international VALUES (12,'Poll',7,' alter table page modify title varchar(255) null; update international set lastUpdated='1031510000' where lastUpdated='1031516049'; insert into international (internationalId,languageId,namespace,message,lastUpdated) values (723,1,'WebGUI','Deprecated', 1031800566); +delete from international where languageId=1 and namespace='WebGUI' and internationalId=727; +insert into international (internationalId,languageId,namespace,message,lastUpdated) values (727,1,'WebGUI','Your password cannot be "password".', 1031880154); +delete from international where languageId=1 and namespace='WebGUI' and internationalId=725; +insert into international (internationalId,languageId,namespace,message,lastUpdated) values (725,1,'WebGUI','Your username cannot be blank.', 1031879612); +delete from international where languageId=1 and namespace='WebGUI' and internationalId=724; +insert into international (internationalId,languageId,namespace,message,lastUpdated) values (724,1,'WebGUI','Your username cannot begin or end with a space.', 1031879593); +delete from international where languageId=1 and namespace='WebGUI' and internationalId=726; +insert into international (internationalId,languageId,namespace,message,lastUpdated) values (726,1,'WebGUI','Your password cannot be blank.', 1031879567); diff --git a/lib/WebGUI/Operation/Account.pm b/lib/WebGUI/Operation/Account.pm index e97f9a0c7..f130d5abf 100644 --- a/lib/WebGUI/Operation/Account.pm +++ b/lib/WebGUI/Operation/Account.pm @@ -74,22 +74,34 @@ sub _accountOptions { #------------------------------------------------------------------- sub _hasBadPassword { - if ($_[0] ne $_[1] || $_[0] eq "") { - return 1; - } else { - return 0; + my ($error); + if ($_[0] ne $_[1]) { + $error = '
  • '.WebGUI::International::get(78); + } + if ($_[0] eq "password") { + $error .= '
  • '.WebGUI::International::get(727); } + if ($_[0] eq "") { + $error .= '
  • '.WebGUI::International::get(726); + } + return $error; } #------------------------------------------------------------------- sub _hasBadUsername { - my ($otherUser); - ($otherUser) = WebGUI::SQL->quickArray("select username from users where username='$_[0]'"); - if (($otherUser ne "" && $otherUser ne $session{user}{username}) || $_[0] eq "") { - return 1; - } else { - return 0; + my ($error,$otherUser); + if ($_[0] =~ /^\s/ || $_[0] =~ /\s$/) { + $error = '
  • '.WebGUI::International::get(724); + } + if ($_[0] eq "") { + $error .= '
  • '.WebGUI::International::get(725); } + ($otherUser) = WebGUI::SQL->quickArray("select username from users where username='$_[0]'"); + if ($otherUser ne "" && $otherUser ne $session{user}{username}) { + $error .= '
  • '.WebGUI::International::get(77).' "'.$_[0].'too", "'.$_[0].'2", ' + .'"'.$_[0].'_'.WebGUI::DateTime::epochToHuman(time(),"%y").'"'; + } + return $error; } #------------------------------------------------------------------- @@ -193,22 +205,14 @@ sub www_createAccount { #------------------------------------------------------------------- sub www_createAccountSave { my ($profile, $u, $username, $uri, $temp, $ldap, $port, %args, $search, - $connectDN, $auth, $output, $error, $uid, - $encryptedPassword, $fieldName); + $connectDN, $auth, $output, $error, $uid, $encryptedPassword, $fieldName); if ($session{setting}{authMethod} eq "LDAP" && $session{setting}{usernameBinding}) { $username = $session{form}{ldapId}; } else { $username = $session{form}{username}; } - if (_hasBadUsername($username)) { - $error = '
  • '.WebGUI::International::get(77); - $error .= ' "'.$username.'too", '; - $error .= '"'.$username.'2", '; - $error .= '"'.$username.'_'.WebGUI::DateTime::epochToHuman(time(),"%y").'"'; - } - if (_hasBadPassword($session{form}{identifier1},$session{form}{identifier2})) { - $error .= '
  • '.WebGUI::International::get(78); - } + $error = _hasBadUsername($username); + $error .= _hasBadPassword($session{form}{identifier1},$session{form}{identifier2}); if ($session{setting}{authMethod} eq "LDAP") { $uri = URI->new($session{setting}{ldapURL}); if ($uri->port < 1) { @@ -533,21 +537,14 @@ sub www_recoverPasswordFinish { sub www_updateAccount { my ($output, $error, $encryptedPassword, $passwordStatement, $u); if ($session{var}{sessionId}) { - if (_hasBadUsername($session{form}{username})) { - $error = WebGUI::International::get(77); - $error .= ' "'.$session{form}{username}.'too", '; - $error .= '"'.$session{form}{username}.'2", '; - $error .= '"'.$session{form}{username}.'_'.WebGUI::DateTime::epochToHuman(time(),"%y").'"'; - $error .= '

    '; - } if ($session{form}{identifier1} ne "password") { - if (_hasBadPassword($session{form}{identifier1},$session{form}{identifier2})) { - $error .= WebGUI::International::get(78).'

    '; - } else { + $error = _hasBadPassword($session{form}{identifier1},$session{form}{identifier2}); + unless ($error) { $encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier1}); $passwordStatement = ', identifier='.quote($encryptedPassword); } } + $error .= _hasBadUsername($session{form}{username}); if ($error eq "") { $u = WebGUI::User->new($session{user}{userId}); $encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier1});