Usernames cannot start or end with a space.

2002-09-13 01:55:20 +00:00 · 2002-09-13 01:55:20 +00:00 · 4de8575c30
commit 4de8575c30
parent 7e63f741c5
2 changed files with 36 additions and 31 deletions
--- a/docs/upgrades/upgrade_4.6.7-4.6.8.sql
+++ b/docs/upgrades/upgrade_4.6.7-4.6.8.sql
@ -5,6 +5,14 @@ INSERT INTO international VALUES (12,'Poll',7,'
 alter table page modify title varchar(255) null;
 update international set lastUpdated='1031510000' where lastUpdated='1031516049';
 insert into international (internationalId,languageId,namespace,message,lastUpdated) values (723,1,'WebGUI','Deprecated', 1031800566);
 delete from international where languageId=1 and namespace='WebGUI' and internationalId=727;
 insert into international (internationalId,languageId,namespace,message,lastUpdated) values (727,1,'WebGUI','Your password cannot be "password".', 1031880154);
 delete from international where languageId=1 and namespace='WebGUI' and internationalId=725;
 insert into international (internationalId,languageId,namespace,message,lastUpdated) values (725,1,'WebGUI','Your username cannot be blank.', 1031879612);
 delete from international where languageId=1 and namespace='WebGUI' and internationalId=724;
 insert into international (internationalId,languageId,namespace,message,lastUpdated) values (724,1,'WebGUI','Your username cannot begin or end with a space.', 1031879593);
 delete from international where languageId=1 and namespace='WebGUI' and internationalId=726;
 insert into international (internationalId,languageId,namespace,message,lastUpdated) values (726,1,'WebGUI','Your password cannot be blank.', 1031879567);
--- a/lib/WebGUI/Operation/Account.pm
+++ b/lib/WebGUI/Operation/Account.pm
@ -74,22 +74,34 @@ sub _accountOptions {
 #-------------------------------------------------------------------
 sub _hasBadPassword {
-	if ($_[0] ne $_[1] || $_[0] eq "") {
+	my ($error);
-		return 1;
+	if ($_[0] ne $_[1]) {
-	} else {
+		$error = '<li>'.WebGUI::International::get(78);
-		return 0;
+	} 
 	if ($_[0] eq "password") {
 		$error .= '<li>'.WebGUI::International::get(727);
 	}
 	if ($_[0] eq "") {
 		$error .= '<li>'.WebGUI::International::get(726);
 	}
 	return $error;
 }
 #-------------------------------------------------------------------
 sub _hasBadUsername {
-	my ($otherUser);
+	my ($error,$otherUser);
-	($otherUser) = WebGUI::SQL->quickArray("select username from users where username='$_[0]'");
+	if ($_[0] =~ /^\s/ || $_[0] =~ /\s$/) {
-	if (($otherUser ne "" && $otherUser ne $session{user}{username}) || $_[0] eq "") {
+		$error = '<li>'.WebGUI::International::get(724);
-		return 1;
+	} 
-	} else {
+	if ($_[0] eq "") {
-		return 0;
+		$error .= '<li>'.WebGUI::International::get(725);
 	}
 	($otherUser) = WebGUI::SQL->quickArray("select username from users where username='$_[0]'");
 	if ($otherUser ne "" && $otherUser ne $session{user}{username}) {
 		$error .= '<li>'.WebGUI::International::get(77).' "'.$_[0].'too", "'.$_[0].'2", '
                	.'"'.$_[0].'_'.WebGUI::DateTime::epochToHuman(time(),"%y").'"';
 	}
 	return $error;
 }
 #-------------------------------------------------------------------
@ -193,22 +205,14 @@ sub www_createAccount {
 #-------------------------------------------------------------------
 sub www_createAccountSave {
        my ($profile, $u, $username, $uri, $temp, $ldap, $port, %args, $search, 
-		$connectDN, $auth, $output, $error, $uid,  
+		$connectDN, $auth, $output, $error, $uid,  $encryptedPassword, $fieldName);
 		$encryptedPassword, $fieldName);
        if ($session{setting}{authMethod} eq "LDAP" && $session{setting}{usernameBinding}) {
                $username = $session{form}{ldapId};
        } else {
                $username = $session{form}{username};
        }
-        if (_hasBadUsername($username)) {
+	$error = _hasBadUsername($username);
-                $error = '<li>'.WebGUI::International::get(77);
+	$error .= _hasBadPassword($session{form}{identifier1},$session{form}{identifier2});
                $error .= ' "'.$username.'too", ';
                $error .= '"'.$username.'2", ';
                $error .= '"'.$username.'_'.WebGUI::DateTime::epochToHuman(time(),"%y").'"';
        }
        if (_hasBadPassword($session{form}{identifier1},$session{form}{identifier2})) {
                $error .= '<li>'.WebGUI::International::get(78);
        }
        if ($session{setting}{authMethod} eq "LDAP") {
                $uri = URI->new($session{setting}{ldapURL});
                if ($uri->port < 1) {
@ -533,21 +537,14 @@ sub www_recoverPasswordFinish {
 sub www_updateAccount {
        my ($output, $error, $encryptedPassword, $passwordStatement, $u);
        if ($session{var}{sessionId}) {
        	if (_hasBadUsername($session{form}{username})) {
                	$error = WebGUI::International::get(77);
 			$error .= ' "'.$session{form}{username}.'too", ';
                	$error .= '"'.$session{form}{username}.'2", ';
                	$error .= '"'.$session{form}{username}.'_'.WebGUI::DateTime::epochToHuman(time(),"%y").'"';
 			$error .= '<p>';
        	}
        	if ($session{form}{identifier1} ne "password") {
-			if (_hasBadPassword($session{form}{identifier1},$session{form}{identifier2})) {
+			$error = _hasBadPassword($session{form}{identifier1},$session{form}{identifier2});
-                		$error .= WebGUI::International::get(78).'<p>';
+        		unless ($error) {
        		} else {
                		$encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier1});
 				$passwordStatement = ', identifier='.quote($encryptedPassword);
 			}
 		}
 		$error .= _hasBadUsername($session{form}{username});
        	if ($error eq "") {
 			$u = WebGUI::User->new($session{user}{userId});
                	$encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier1});