From e72eb56bcefbd434624ef24601a1251713ba792e Mon Sep 17 00:00:00 2001 From: Patrick Davison Date: Sun, 17 Feb 2013 03:09:44 -0800 Subject: Modified restrictions for usernames. --- pages/cp.php | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) (limited to 'pages/cp.php') diff --git a/pages/cp.php b/pages/cp.php index 5149ad3..8f4ead8 100644 --- a/pages/cp.php +++ b/pages/cp.php @@ -18,12 +18,10 @@ include('./includes/maps.php'); include_once('./includes/sqlEmbedded.php'); function validatename($name) { - if (strlen($name) < 1) - return false; - if ($name != htmlentities($name)) - return false; - if (strlen($name) > 14) - return false; + if (strlen($name) < 1) return "Name to short"; + if (strlen($name) > 20) return "Name is too long (".strlen($name)."/20)"; + if (!preg_match("~[a-zA-Z0-9]\b~", $name)) return "Must contain atleast 1 Alpha-Numerical character"; + return true; } @@ -54,10 +52,18 @@ function setOptedOutOfEmails($userID, $setting) { if (isset($_POST['updateSettings']) AND $_POST['updateSettings'] == 'true') { $userID = $_SESSION['userID']; if (isset($_POST['displayName'])) { - $inputname = sql_clean($_POST['displayName']); - $inputname = chatFilter($inputname); - if (validatename($inputname)) { + //$inputname = stripSlashes($_POST['displayName']); + $inputname = $_POST['displayName']; + //Validate before replacements. To perevent < becoming > (longer) + $nameError = validatename($inputname); + + //$inputname = htmlentities($inputname); + $inputname = htmlspecialchars($inputname, ENT_COMPAT | ENT_HTML5); + $inputname = chatFilter($inputname); + + if ($nameError === true) { + $inputname = sql_clean($inputname); $sql = "UPDATE `users` SET `displayName` = '$inputname' WHERE `ID` = '$userID' @@ -66,7 +72,7 @@ if (isset($_POST['updateSettings']) AND $_POST['updateSettings'] == 'true') { $_SESSION['displayName'] = $inputname; $r .= "
Name change success!"; } else { - $r .= "
Invalid name"; + $r .= "
Error: ".$nameError; } } @@ -77,7 +83,7 @@ if (isset($_POST['updateSettings']) AND $_POST['updateSettings'] == 'true') { setOptedOutOfEmails($userID, false); $r .= "
You are accepting emails"; } - DoRedirect("Settings updated! Thank you!"); + DoRedirect($r); exit; } @@ -87,7 +93,8 @@ if (isOptedOutOfEmails($userID)) { $checked = 'checked="yes"'; } -$displayName = htmlspecialchars($_SESSION['displayName'], ENT_COMPAT | ENT_HTML5); +$displayName = $_SESSION['displayName']; +//$displayName = htmlspecialchars($_SESSION['displayName'], ENT_COMPAT | ENT_HTML5); ?>
-- cgit v1.2.3