diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-01-14 06:23:42 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-01-14 06:23:42 +0000 |
| commit | f0706c9b948272642ac21d58c7077cacc8f80883 (patch) | |
| tree | 19f8cb0669b2d9473fb1dcfa25fe82795b50d2e7 | |
| parent | c19f5121801b2d0d8d922ccb68bfca8162d0df9c (diff) | |
| download | ampache-f0706c9b948272642ac21d58c7077cacc8f80883.tar.gz ampache-f0706c9b948272642ac21d58c7077cacc8f80883.tar.bz2 ampache-f0706c9b948272642ac21d58c7077cacc8f80883.zip | |
fix an issue with all numeric usernames... by preventing them for now this will be really fixed in the next version
| -rw-r--r-- | admin/users.php | 3 | ||||
| -rwxr-xr-x | docs/CHANGELOG | 1 | ||||
| -rw-r--r-- | lib/class/user.class.php | 4 | ||||
| -rw-r--r-- | lib/install.php | 5 |
4 files changed, 11 insertions, 2 deletions
diff --git a/admin/users.php b/admin/users.php index 962d2add..4aa8aff8 100644 --- a/admin/users.php +++ b/admin/users.php @@ -111,6 +111,9 @@ switch ($action) { if (empty($username)) { $GLOBALS['error']->add_error('username',_("Error Username Required")); } + if (is_numeric($username)) { + $GLOBALS['error']->add_error('username',"Error: Due to the incompetance of the programmer numeric usernames would cause the whole of existance to cease. Please add a letter or something"); + } /* make sure the username doesn't already exist */ if (!check_username($username)) { diff --git a/docs/CHANGELOG b/docs/CHANGELOG index 1f8ee4c4..7817d4a0 100755 --- a/docs/CHANGELOG +++ b/docs/CHANGELOG @@ -4,6 +4,7 @@ -------------------------------------------------------------------------- v.3.3.3 + - Fixed an issue with all numeric usernames - Fixed some minor catalog cleaning issues that could arrise due to the order of the clean functions - Added missing functions to the HttpQ controller, should now have diff --git a/lib/class/user.class.php b/lib/class/user.class.php index 48d36a29..97ae99c9 100644 --- a/lib/class/user.class.php +++ b/lib/class/user.class.php @@ -410,7 +410,7 @@ class User { $sql = "UPDATE user SET fullname='$new_fullname' WHERE username='$this->id'"; $db_results = mysql_query($sql, dbh()); - } // update_username + } // update_fullname /*! @function update_email @@ -575,7 +575,7 @@ class User { $fullname = sql_escape($fullname); $email = sql_escape($email); $access = sql_escape($access); - + /* Now Insert this new user */ $sql = "INSERT INTO user (username, fullname, email, password, access, create_date) VALUES" . " ('$username','$fullname','$email',PASSWORD('$password'),'$access','" . time() ."')"; diff --git a/lib/install.php b/lib/install.php index b9cf9cdd..0efdeaa7 100644 --- a/lib/install.php +++ b/lib/install.php @@ -256,6 +256,11 @@ function install_create_account($username,$password) { return false; } + if (is_numeric($username)) { + $GLOBALS['error']->add_error('general',"Error: Due to the incompotence of the programmer of this application usernames with all numbers will cause the world to come to an end, please add a letter"); + return false; + } + $username = sql_escape($username,$dbh); $password = sql_escape($password,$dbh); |