diff options
author | Eric <eric@piwigo.org> | 2009-12-05 19:55:21 +0000 |
---|---|---|
committer | Eric <eric@piwigo.org> | 2009-12-05 19:55:21 +0000 |
commit | 1b601a37de32f1b808970bc25ca9d6b5ccd34e35 (patch) | |
tree | 0692ae1fdf28ee5f8029c0ace341df320bf69efd /include | |
parent | 9c5cfbc789e691ff85eb6ab6928980577cadf203 (diff) |
Feature 0000796 fixed : Strengthen login handling
git-svn-id: http://piwigo.org/svn/trunk@4429 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include')
-rw-r--r-- | include/config_default.inc.php | 6 | ||||
-rw-r--r-- | include/functions_user.inc.php | 34 |
2 files changed, 40 insertions, 0 deletions
diff --git a/include/config_default.inc.php b/include/config_default.inc.php index 3ac0f5dae..45ef18468 100644 --- a/include/config_default.inc.php +++ b/include/config_default.inc.php @@ -325,6 +325,12 @@ $conf['default_redirect_method'] = 'http'; // Define using double password type in admin's users management panel $conf['double_password_type_in_admin'] = false; +// Define if logins must be case sentitive or not at users registration. ie : +// If set true, the login "user" will equal "User" or "USER" or "user", +// etc. ... And it will be impossible to use such login variation to create a +// new user account. +$conf['no_case_sensitive_for_login'] = false; + // +-----------------------------------------------------------------------+ // | metadata | // +-----------------------------------------------------------------------+ diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 850fad110..bed0c7962 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -66,6 +66,31 @@ where upper('.$conf['user_fields']['email'].') = upper(\''.$mail_address.'\') } } +// validate_login_case: +// o check if login is not used by a other user +// If the login doesn't correspond, an error message is returned. +// +function validate_login_case($login) +{ + global $conf; + + if (defined("PHPWG_INSTALLED")) + { + $query = " +SELECT ".$conf['user_fields']['username']." +FROM ".USERS_TABLE." +WHERE LOWER(".stripslashes($conf['user_fields']['username']).") = '".strtolower($login)."' +;"; + + $count = pwg_db_num_rows(pwg_query($query)); + + if ($count > 0) + { + return l10n('reg_err_login5'); + } + } +} + function register_user($login, $password, $mail_address, $with_notification = true, $errors = array()) { @@ -93,6 +118,15 @@ function register_user($login, $password, $mail_address, array_push($errors, $mail_error); } + if ($conf['no_case_sensitive_for_login'] == true) + { + $login_error = validate_login_case($login); + if ($login_error != '') + { + array_push($errors, $login_error); + } + } + $errors = trigger_event('register_user_check', $errors, array( |