Changeset 4429

Timestamp:

Dec 5, 2009, 8:55:21 PM (14 years ago)

Author:

Eric

Message:

Feature 0000796 fixed : Strengthen login handling

Location:

trunk/include

Files:

• config_default.inc.php (modified) (1 diff)
• functions_user.inc.php (modified) (2 diffs)

trunk/include/config_default.inc.php

@@ -325 +325 @@
 // Define using double password type in admin's users management panel
 $conf['double_password_type_in_admin'] = false;
+
+// Define if logins must be case sentitive or not at users registration. ie :
+// If set true, the login "user" will equal "User" or "USER" or "user",
+// etc. ... And it will be impossible to use such login variation to create a
+// new user account. 
+$conf['no_case_sensitive_for_login'] = false;
 
 // +-----------------------------------------------------------------------+

trunk/include/functions_user.inc.php

@@ -67 +67 @@
 }
 
+// validate_login_case:
+//   o check if login is not used by a other user
+// If the login doesn't correspond, an error message is returned.
+//
+function validate_login_case($login)
+{
+  global $conf;
+  
+  if (defined("PHPWG_INSTALLED"))
+  {
+    $query = "
+SELECT ".$conf['user_fields']['username']."
+FROM ".USERS_TABLE."
+WHERE LOWER(".stripslashes($conf['user_fields']['username']).") = '".strtolower($login)."'
+;";
+
+    $count = pwg_db_num_rows(pwg_query($query));
+
+    if ($count > 0)
+    {
+      return l10n('reg_err_login5');
+    }
+  }
+}
+
 function register_user($login, $password, $mail_address,
   $with_notification = true, $errors = array())
@@ -92 +117 @@
   {
     array_push($errors, $mail_error);
+  }
+
+  if ($conf['no_case_sensitive_for_login'] == true)
+  {
+    $login_error = validate_login_case($login);
+    if ($login_error != '')
+    {
+      array_push($errors, $login_error);
+    }
   }