aboutsummaryrefslogtreecommitdiffstats
path: root/include/functions_user.inc.php
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2005-07-17 15:06:39 +0000
committerplegall <plg@piwigo.org>2005-07-17 15:06:39 +0000
commite96510957cd6fb539fcaacb80e47f6f78abdefb7 (patch)
treeca28bd145aac1a5523765d4b995cabdb506e08cc /include/functions_user.inc.php
parenteb189de80066ce353e472cd9067defd67102177f (diff)
- new feature : use Apache authentication. If $conf['apache_authentication']
is set true : if no user matches $_SERVER['REMOTE_USER'] in "users" table, PWG automatically creates one. This way, users can customize the behaviour of the application. - template : new organisation of identification menu (category.php). Simplification is required for Apache authentication (no logout link even if user is externally logged in) - new : usernames can contain quotes (required because Apache authentication authorized quotes in usernames) git-svn-id: http://piwigo.org/svn/trunk@804 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/functions_user.inc.php')
-rw-r--r--include/functions_user.inc.php23
1 files changed, 8 insertions, 15 deletions
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 3e8588cf7..1a2709254 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -54,7 +54,6 @@ function register_user($login, $password, $password_conf,
// login must not
// 1. be empty
// 2. start ou end with space character
- // 3. include ' or " characters
// 4. be already used
if ($login == '')
{
@@ -69,23 +68,17 @@ function register_user($login, $password, $password_conf,
array_push($errors, $lang['reg_err_login3']);
}
- if (ereg("'", $login) or ereg("\"", $login))
- {
- array_push($errors, $lang['reg_err_login4']);
- }
- else
- {
- $query = '
+ $query = '
SELECT id
FROM '.USERS_TABLE.'
- WHERE username = \''.$login.'\'
+ WHERE username = \''.mysql_escape_string($login).'\'
;';
- $result = pwg_query($query);
- if (mysql_num_rows($result) > 0)
- {
- array_push($errors, $lang['reg_err_login5']);
- }
+ $result = pwg_query($query);
+ if (mysql_num_rows($result) > 0)
+ {
+ array_push($errors, $lang['reg_err_login5']);
}
+
// given password must be the same as the confirmation
if ($password != $password_conf)
{
@@ -102,7 +95,7 @@ SELECT id
if (count($errors) == 0)
{
$insert = array();
- $insert['username'] = $login;
+ $insert['username'] = mysql_escape_string($login);
$insert['password'] = md5($password);
$insert['status'] = $status;
$insert['template'] = $conf['default_template'];