Entropy/phpBB3AuthInterface:

- improve phpbb username validation on registration


git-svn-id: http://svn.sabayonlinux.org/projects/entropy/trunk@2736 cd1c1023-2f26-0410-ae45-c471fc1f0318
This commit is contained in:
lxnay
2008-12-08 09:11:52 +00:00
parent fd85e10164
commit 0172841210
+19 -8
View File
@@ -19849,9 +19849,9 @@ class phpBB3AuthInterface(DistributionAuthInterface,RemoteDbSkelInterface):
return True
return False
def does_username_exist(self, username):
def does_username_exist(self, username, username_clean):
self.check_connection()
self.cursor.execute('SELECT user_id FROM '+self.TABLE_PREFIX+'users WHERE `username` = %s ', (username,))
self.cursor.execute('SELECT user_id FROM '+self.TABLE_PREFIX+'users WHERE `username_clean` = %s OR LOWER(`username`) = %s', (username_clean,username.lower(),))
data = self.cursor.fetchone()
if not data: return False
if not isinstance(data,dict): return False
@@ -19876,7 +19876,7 @@ class phpBB3AuthInterface(DistributionAuthInterface,RemoteDbSkelInterface):
if not data.has_key('disallow_id'): return True
return False
def validate_username_string(self, username):
def validate_username_string(self, username, username_clean):
try:
x = unicode(username.encode('utf-8'),'raw_unicode_escape')
@@ -19893,7 +19893,7 @@ class phpBB3AuthInterface(DistributionAuthInterface,RemoteDbSkelInterface):
if not valid:
return False,'Invalid username'
exists = self.does_username_exist(username)
exists = self.does_username_exist(username, username_clean)
if exists: return False,'Username already taken'
allowed = self.is_username_allowed(username)
@@ -19910,6 +19910,14 @@ class phpBB3AuthInterface(DistributionAuthInterface,RemoteDbSkelInterface):
self.cursor.execute('UPDATE '+self.TABLE_PREFIX+'users SET user_type = %s WHERE `user_id` = %s', (self.USER_NORMAL,user_id,))
return True, user_id
def generate_username_clean(self, username):
import re
username_clean = username.lower()
username_clean = re.sub(r'(?:[\x00-\x1F\x7F]+|(?:\xC2[\x80-\x9F])+)', '', username_clean)
username_clean = re.sub(r' {2,}',' ',username_clean)
username_clean = username_clean.strip()
return username_clean
def register_user(self, username, password, email, activate = False):
if len(username) not in self.USERNAME_LENGTH_RANGE:
@@ -19920,8 +19928,11 @@ class phpBB3AuthInterface(DistributionAuthInterface,RemoteDbSkelInterface):
if not valid:
return False,'Invalid email'
# create the clean one
username_clean = self.generate_username_clean(username)
# check username validity
status, err_msg = self.validate_username_string(username)
status, err_msg = self.validate_username_string(username, username_clean)
if not status: return False,err_msg
# check email
@@ -19929,12 +19940,12 @@ class phpBB3AuthInterface(DistributionAuthInterface,RemoteDbSkelInterface):
if exists: return False,'Email already in use'
# now cross fingers
user_id = self.__register(username, password, email, activate)
user_id = self.__register(username, username_clean, password, email, activate)
return True, user_id
def __register(self, username, password, email, activate):
def __register(self, username, username_clean, password, email, activate):
email_hash = self._generate_email_hash(email)
password_hash = self._get_password_hash(password.encode('utf-8'))
@@ -19945,7 +19956,7 @@ class phpBB3AuthInterface(DistributionAuthInterface,RemoteDbSkelInterface):
registration_data = {
'username': username,
'username_clean': username,
'username_clean': username_clean,
'user_password': password_hash,
'user_pass_convert': 0,
'user_email': email.lower(),