aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric <eric@piwigo.org>2009-12-05 19:55:21 +0000
committerEric <eric@piwigo.org>2009-12-05 19:55:21 +0000
commit1b601a37de32f1b808970bc25ca9d6b5ccd34e35 (patch)
tree0692ae1fdf28ee5f8029c0ace341df320bf69efd
parent9c5cfbc789e691ff85eb6ab6928980577cadf203 (diff)
Feature 0000796 fixed : Strengthen login handling
git-svn-id: http://piwigo.org/svn/trunk@4429 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--include/config_default.inc.php6
-rw-r--r--include/functions_user.inc.php34
2 files changed, 40 insertions, 0 deletions
diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index 3ac0f5dae..45ef18468 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -325,6 +325,12 @@ $conf['default_redirect_method'] = 'http';
// Define using double password type in admin's users management panel
$conf['double_password_type_in_admin'] = false;
+// Define if logins must be case sentitive or not at users registration. ie :
+// If set true, the login "user" will equal "User" or "USER" or "user",
+// etc. ... And it will be impossible to use such login variation to create a
+// new user account.
+$conf['no_case_sensitive_for_login'] = false;
+
// +-----------------------------------------------------------------------+
// | metadata |
// +-----------------------------------------------------------------------+
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 850fad110..bed0c7962 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -66,6 +66,31 @@ where upper('.$conf['user_fields']['email'].') = upper(\''.$mail_address.'\')
}
}
+// validate_login_case:
+// o check if login is not used by a other user
+// If the login doesn't correspond, an error message is returned.
+//
+function validate_login_case($login)
+{
+ global $conf;
+
+ if (defined("PHPWG_INSTALLED"))
+ {
+ $query = "
+SELECT ".$conf['user_fields']['username']."
+FROM ".USERS_TABLE."
+WHERE LOWER(".stripslashes($conf['user_fields']['username']).") = '".strtolower($login)."'
+;";
+
+ $count = pwg_db_num_rows(pwg_query($query));
+
+ if ($count > 0)
+ {
+ return l10n('reg_err_login5');
+ }
+ }
+}
+
function register_user($login, $password, $mail_address,
$with_notification = true, $errors = array())
{
@@ -93,6 +118,15 @@ function register_user($login, $password, $mail_address,
array_push($errors, $mail_error);
}
+ if ($conf['no_case_sensitive_for_login'] == true)
+ {
+ $login_error = validate_login_case($login);
+ if ($login_error != '')
+ {
+ array_push($errors, $login_error);
+ }
+ }
+
$errors = trigger_event('register_user_check',
$errors,
array(