summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/controllers/Users.class.php12
-rw-r--r--src/models/Auth.class.php13
2 files changed, 17 insertions, 8 deletions
diff --git a/src/controllers/Users.class.php b/src/controllers/Users.class.php
index c30461f..1d947e1 100644
--- a/src/controllers/Users.class.php
+++ b/src/controllers/Users.class.php
@@ -8,8 +8,6 @@ Router::register('users' , 'Users', 'index_dir');
Router::register('users/*' , 'Users', 'individual');
class Users extends Controller {
- public static $illegal_names = array('', 'new', 'index');
-
// Index Views ///////////////////////////////////////////////
public function index($routed, $remainder) {
@@ -143,7 +141,7 @@ class Users extends Controller {
$vars['errors'] = array();
if ($db->getUID($vars['username'])!==false)
$vars['errors'][] = 'user exists';
- if (in_array($vars['username'], self::$illegal_names))
+ if (!Auth::isNameLegal($vars['username']))
$vars['errors'][] = 'illegal name';
$matches = ($vars['password1'] == $vars['password2']);
if (!$matches) {
@@ -187,11 +185,9 @@ class Users extends Controller {
if (isset($_POST['auth_name'])) {
$new_name = $_POST['auth_name'];
if ($new_name != $username) {
- if (!in_array($new_name, $this->illegal_names)) {
- $changed_name = $user->setName($new_name);
- $username = $user->getName();
- $vars['changed name'] = $changed_name;
- }
+ $changed_name = $user->setName($new_name);
+ $username = $user->getName();
+ $vars['changed name'] = $changed_name;
}
}
diff --git a/src/models/Auth.class.php b/src/models/Auth.class.php
index 975c25f..25570bf 100644
--- a/src/models/Auth.class.php
+++ b/src/models/Auth.class.php
@@ -21,6 +21,18 @@ class Auth {
}
return self::$users[$uid];
}
+
+ public static function isNameLegal($name) {
+ // Current rules:
+ // * Not in "$illegal_names"
+ // * Does not contain '.'
+ // * Less <256 characters
+ $illegal_names = array('', 'new', 'index');
+ return true
+ && (!in_array($name, $illegal_names))
+ && (strpos($name,'.')===false)
+ && (strlen($name)<=256);
+ }
protected $db = null;
protected $uid = false;
@@ -106,6 +118,7 @@ class Auth {
}
public function setName($new_name) {
if (!$this->canEdit()) return false;
+ if (!self::isNameLegal($new_name)) return false;
return $this->db->setUsername($this->uid, $new_name);
}