diff options
| author | Patrick Davison <snapwilliam@gmail.com> | 2013-02-17 03:09:44 -0800 |
|---|---|---|
| committer | Patrick Davison <snapwilliam@gmail.com> | 2013-02-17 03:09:44 -0800 |
| commit | e72eb56bcefbd434624ef24601a1251713ba792e (patch) | |
| tree | 9d76f4642a39ff1b549aaf067d11965fe3fd3e6f /pages/cp.php | |
| parent | 4c5788d05a0d27d5672ad85094809be8659d07c6 (diff) | |
| download | pathery-e72eb56bcefbd434624ef24601a1251713ba792e.tar.xz | |
Modified restrictions for usernames.
Diffstat (limited to 'pages/cp.php')
| -rw-r--r-- | pages/cp.php | 31 |
1 files changed, 19 insertions, 12 deletions
diff --git a/pages/cp.php b/pages/cp.php index 5149ad3..8f4ead8 100644 --- a/pages/cp.php +++ b/pages/cp.php @@ -18,12 +18,10 @@ include('./includes/maps.php'); include_once('./includes/sqlEmbedded.php');
function validatename($name) {
- if (strlen($name) < 1)
- return false;
- if ($name != htmlentities($name))
- return false;
- if (strlen($name) > 14)
- return false;
+ if (strlen($name) < 1) return "Name to short";
+ if (strlen($name) > 20) return "Name is too long (".strlen($name)."/20)";
+ if (!preg_match("~[a-zA-Z0-9]\b~", $name)) return "Must contain atleast 1 Alpha-Numerical character";
+
return true;
}
@@ -54,10 +52,18 @@ function setOptedOutOfEmails($userID, $setting) { if (isset($_POST['updateSettings']) AND $_POST['updateSettings'] == 'true') {
$userID = $_SESSION['userID'];
if (isset($_POST['displayName'])) {
- $inputname = sql_clean($_POST['displayName']);
- $inputname = chatFilter($inputname);
- if (validatename($inputname)) {
+ //$inputname = stripSlashes($_POST['displayName']);
+ $inputname = $_POST['displayName'];
+ //Validate before replacements. To perevent < becoming > (longer)
+ $nameError = validatename($inputname);
+
+ //$inputname = htmlentities($inputname);
+ $inputname = htmlspecialchars($inputname, ENT_COMPAT | ENT_HTML5);
+ $inputname = chatFilter($inputname);
+
+ if ($nameError === true) {
+ $inputname = sql_clean($inputname);
$sql = "UPDATE `users`
SET `displayName` = '$inputname'
WHERE `ID` = '$userID'
@@ -66,7 +72,7 @@ if (isset($_POST['updateSettings']) AND $_POST['updateSettings'] == 'true') { $_SESSION['displayName'] = $inputname;
$r .= "<br />Name change success!";
} else {
- $r .= "<br />Invalid name";
+ $r .= "<br />Error: ".$nameError;
}
}
@@ -77,7 +83,7 @@ if (isset($_POST['updateSettings']) AND $_POST['updateSettings'] == 'true') { setOptedOutOfEmails($userID, false);
$r .= "<br />You are accepting emails";
}
- DoRedirect("Settings updated! Thank you!");
+ DoRedirect($r);
exit;
}
@@ -87,7 +93,8 @@ if (isOptedOutOfEmails($userID)) { $checked = 'checked="yes"';
}
-$displayName = htmlspecialchars($_SESSION['displayName'], ENT_COMPAT | ENT_HTML5);
+$displayName = $_SESSION['displayName'];
+//$displayName = htmlspecialchars($_SESSION['displayName'], ENT_COMPAT | ENT_HTML5);
?>
<div class="wrapper">
|