From e96510957cd6fb539fcaacb80e47f6f78abdefb7 Mon Sep 17 00:00:00 2001 From: plegall Date: Sun, 17 Jul 2005 15:06:39 +0000 Subject: - new feature : use Apache authentication. If $conf['apache_authentication'] is set true : if no user matches $_SERVER['REMOTE_USER'] in "users" table, PWG automatically creates one. This way, users can customize the behaviour of the application. - template : new organisation of identification menu (category.php). Simplification is required for Apache authentication (no logout link even if user is externally logged in) - new : usernames can contain quotes (required because Apache authentication authorized quotes in usernames) git-svn-id: http://piwigo.org/svn/trunk@804 68402e56-0260-453c-a942-63ccdbb3a9ee --- include/functions_user.inc.php | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) (limited to 'include/functions_user.inc.php') diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 3e8588cf7..1a2709254 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -54,7 +54,6 @@ function register_user($login, $password, $password_conf, // login must not // 1. be empty // 2. start ou end with space character - // 3. include ' or " characters // 4. be already used if ($login == '') { @@ -69,23 +68,17 @@ function register_user($login, $password, $password_conf, array_push($errors, $lang['reg_err_login3']); } - if (ereg("'", $login) or ereg("\"", $login)) - { - array_push($errors, $lang['reg_err_login4']); - } - else - { - $query = ' + $query = ' SELECT id FROM '.USERS_TABLE.' - WHERE username = \''.$login.'\' + WHERE username = \''.mysql_escape_string($login).'\' ;'; - $result = pwg_query($query); - if (mysql_num_rows($result) > 0) - { - array_push($errors, $lang['reg_err_login5']); - } + $result = pwg_query($query); + if (mysql_num_rows($result) > 0) + { + array_push($errors, $lang['reg_err_login5']); } + // given password must be the same as the confirmation if ($password != $password_conf) { @@ -102,7 +95,7 @@ SELECT id if (count($errors) == 0) { $insert = array(); - $insert['username'] = $login; + $insert['username'] = mysql_escape_string($login); $insert['password'] = md5($password); $insert['status'] = $status; $insert['template'] = $conf['default_template']; -- cgit v1.2.3