adam/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-06-02 04:15:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Feature 0000796 fixed : Strengthen login handling

Browse Source 
git-svn-id: http://piwigo.org/svn/trunk@4429 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
Eric
2009-12-05 19:55:21 +00:00
parent 9c5cfbc789
commit 1b601a37de
2 changed files with 40 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/config_default.inc.php
+6
View File
@@ -325,6 +325,12 @@ $conf['default_redirect_method'] = 'http';
// Define using double password type in admin's users management panel
$conf['double_password_type_in_admin'] = false;
// Define if logins must be case sentitive or not at users registration. ie :
// If set true, the login "user" will equal "User" or "USER" or "user",
// etc. ... And it will be impossible to use such login variation to create a
// new user account.
$conf['no_case_sensitive_for_login'] = false;
// +-----------------------------------------------------------------------+
// | metadata |
// +-----------------------------------------------------------------------+
include/functions_user.inc.php
+34
View File
@@ -66,6 +66,31 @@ where upper('.$conf['user_fields']['email'].') = upper(\''.$mail_address.'\')
}
}
// validate_login_case:
// o check if login is not used by a other user
// If the login doesn't correspond, an error message is returned.
//
function validate_login_case($login)
{
global $conf;
if (defined("PHPWG_INSTALLED"))
{
$query = "
SELECT ".$conf['user_fields']['username']."
FROM ".USERS_TABLE."
WHERE LOWER(".stripslashes($conf['user_fields']['username']).") = '".strtolower($login)."'
;";
$count = pwg_db_num_rows(pwg_query($query));
if ($count > 0)
{
return l10n('reg_err_login5');
}
}
}
function register_user($login, $password, $mail_address,
$with_notification = true, $errors = array())
{
@@ -93,6 +118,15 @@ function register_user($login, $password, $mail_address,
array_push($errors, $mail_error);
}
if ($conf['no_case_sensitive_for_login'] == true)
{
$login_error = validate_login_case($login);
if ($login_error != '')
{
array_push($errors, $login_error);
}
}
$errors = trigger_event('register_user_check',
$errors,
array(