Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | For self-registered accounts, increase the minimum userID length to 6 and check both the EVENT and USER tables for conflicting userIDs. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
b13b651da2bbcf94528fba9e7f1e6e89 |
| User & Date: | drh 2020-04-01 12:57:19 |
Context
|
2020-04-01
| ||
| 16:14 | Fix the file_copy() procedure so that it sets the EXE bit on the copy if it was set on the source. ... (check-in: cb2f2540 user: drh tags: trunk) | |
| 12:57 | For self-registered accounts, increase the minimum userID length to 6 and check both the EVENT and USER tables for conflicting userIDs. ... (check-in: b13b651d user: drh tags: trunk) | |
| 00:00 | Fix warnings on possible uninitialized variable use. ... (check-in: 0ba1528f user: ashepilko tags: trunk) | |
Changes
Changes to src/login.c.
| ︙ | ︙ | |||
1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 |
if( g.okCsrf ) return;
if( fossil_strcmp(P("csrf"), g.zCsrfToken)==0 ){
g.okCsrf = 1;
return;
}
fossil_fatal("Cross-site request forgery attempt");
}
/*
** WEBPAGE: register
**
** Page to allow users to self-register. The "self-register" setting
** must be enabled for this page to operate.
*/
| > > > > > > > > > > > > > > > | 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 |
if( g.okCsrf ) return;
if( fossil_strcmp(P("csrf"), g.zCsrfToken)==0 ){
g.okCsrf = 1;
return;
}
fossil_fatal("Cross-site request forgery attempt");
}
/*
** Check to see if the candidate username zUserID is already used.
** Return 1 if it is already in use. Return 0 if the name is
** available for a self-registeration.
*/
static int login_self_choosen_userid_already_exists(const char *zUserID){
int rc = db_exists(
"SELECT 1 FROM user WHERE login=%Q "
"UNION ALL "
"SELECT 1 FROM event WHERE user=%Q OR euser=%Q",
zUserID, zUserID, zUserID
);
return rc;
}
/*
** WEBPAGE: register
**
** Page to allow users to self-register. The "self-register" setting
** must be enabled for this page to operate.
*/
|
| ︙ | ︙ | |||
1489 1490 1491 1492 1493 1494 1495 |
/* Verify user imputs */
if( P("new")==0 || !cgi_csrf_safe(1) ){
/* This is not a valid form submission. Fall through into
** the form display */
}else if( !captcha_is_correct(1) ){
iErrLine = 6;
zErr = "Incorrect CAPTCHA";
| | | | | 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 |
/* Verify user imputs */
if( P("new")==0 || !cgi_csrf_safe(1) ){
/* This is not a valid form submission. Fall through into
** the form display */
}else if( !captcha_is_correct(1) ){
iErrLine = 6;
zErr = "Incorrect CAPTCHA";
}else if( strlen(zUserID)<6 ){
iErrLine = 1;
zErr = "User ID too short. Must be at least 6 characters.";
}else if( sqlite3_strglob("*[^-a-zA-Z0-9_.]*",zUserID)==0 ){
iErrLine = 1;
zErr = "User ID may not contain spaces or special characters.";
}else if( zDName[0]==0 ){
iErrLine = 2;
zErr = "Required";
}else if( zEAddr[0]==0 ){
iErrLine = 3;
zErr = "Required";
}else if( email_address_is_valid(zEAddr,0)==0 ){
iErrLine = 3;
zErr = "Not a valid email address";
}else if( strlen(zPasswd)<6 ){
iErrLine = 4;
zErr = "Password must be at least 6 characters long";
}else if( fossil_strcmp(zPasswd,zConfirm)!=0 ){
iErrLine = 5;
zErr = "Passwords do not match";
}else if( login_self_choosen_userid_already_exists(zUserID) ){
iErrLine = 1;
zErr = "This User ID is already taken. Choose something different.";
}else if(
/* If the email is found anywhere in USER.INFO... */
db_exists("SELECT 1 FROM user WHERE info LIKE '%%%q%%'", zEAddr)
||
/* Or if the email is a verify subscriber email with an associated
|
| ︙ | ︙ |