summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormsquare <msquare@notrademark.de>2019-04-28 14:34:04 +0200
committermsquare <msquare@notrademark.de>2019-04-28 14:39:49 +0200
commit4f1cef546e2bd1ff21ed1031c46599010ee9033a (patch)
tree750f4b33647b3c60fe8534ab0b18d81ef66fe6a5
parent819677c9025471c8951ead7905bcde2e3ed635c5 (diff)
better nick validation, fixes #429
-rw-r--r--includes/model/User_model.php13
-rw-r--r--includes/pages/admin_user.php5
-rw-r--r--includes/pages/guest_login.php25
-rw-r--r--includes/view/User_view.php1
4 files changed, 31 insertions, 13 deletions
diff --git a/includes/model/User_model.php b/includes/model/User_model.php
index d47b2915..a928d895 100644
--- a/includes/model/User_model.php
+++ b/includes/model/User_model.php
@@ -112,11 +112,20 @@ function Users_by_angeltype($angeltype)
* Nick is trimmed.
*
* @param string $nick
- * @return string
+ * @return ValidationResult
*/
function User_validate_Nick($nick)
{
- return preg_replace('/([^\p{L}\p{N}\-_. ]+)/ui', '', trim($nick));
+ $nick = trim($nick);
+
+ if(strlen($nick) == 0 || strlen($nick) > 23) {
+ return new ValidationResult(false, $nick);
+ }
+ if(preg_match('/([^\p{L}\p{N}\-_. ]+)/ui', $nick)) {
+ return new ValidationResult(false, $nick);
+ }
+
+ return new ValidationResult(true, $nick);
}
/**
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index a193aff7..e59c5baa 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -261,7 +261,10 @@ function admin_user()
if ($user_source->settings->email_human) {
$user_source->email = $request->postData('eemail');
}
- $user_source->name = User_validate_Nick($request->postData('eNick'));
+ $nickValidation = User_validate_Nick($request->postData('eNick'));
+ if($nickValidation->isValid()) {
+ $user_source->name = $nickValidation->getValue();
+ }
$user_source->save();
$user_source->personalData->first_name = $request->postData('eVorname');
$user_source->personalData->last_name = $request->postData('eName');
diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php
index 7b6eb9c1..a0aa92a5 100644
--- a/includes/pages/guest_login.php
+++ b/includes/pages/guest_login.php
@@ -83,18 +83,21 @@ function guest_register()
if ($request->hasPostData('submit')) {
$valid = true;
- if ($request->has('nick') && strlen(User_validate_Nick($request->input('nick'))) > 1) {
- $nick = User_validate_Nick($request->input('nick'));
+ if ($request->has('nick')) {
+ $nickValidation = User_validate_Nick($request->input('nick'));
+ $nick = $nickValidation->getValue();
+
+ if(!$nickValidation->isValid()) {
+ $valid = false;
+ $msg .= error(sprintf(__('Please enter a valid nick.') . ' ' . __('Use up to 23 letters, numbers, connecting punctuations or spaces for your nickname.'), $nick), true);
+ }
if (User::whereName($nick)->count() > 0) {
$valid = false;
$msg .= error(sprintf(__('Your nick &quot;%s&quot; already exists.'), $nick), true);
}
} else {
$valid = false;
- $msg .= error(sprintf(
- __('Your nick &quot;%s&quot; is too short (min. 2 characters).'),
- User_validate_Nick($request->input('nick'))
- ), true);
+ $msg .= error(__('Please enter a nickname.'), true);
}
if ($request->has('mail') && strlen(strip_request_item('mail')) > 0) {
@@ -283,7 +286,8 @@ function guest_register()
div('col-md-6', [
div('row', [
div('col-sm-4', [
- form_text('nick', __('Nick') . ' ' . entry_required(), $nick)
+ form_text('nick', __('Nick') . ' ' . entry_required(), $nick),
+ form_info('', __('Use up to 23 letters, numbers, connecting punctuations or spaces for your nickname.'))
]),
div('col-sm-8', [
form_email('mail', __('E-Mail') . ' ' . entry_required(), $mail),
@@ -395,9 +399,10 @@ function guest_login()
$session->remove('uid');
if ($request->hasPostData('submit')) {
- if ($request->has('nick') && strlen(User_validate_Nick($request->input('nick'))) > 0) {
- $nick = User_validate_Nick($request->input('nick'));
- $login_user = User::whereName($nick)->first();
+ if ($request->has('nick') && !empty($request->input('nick'))) {
+ $nickValidation = User_validate_Nick($request->input('nick'));
+ $nick = $nickValidation->getValue();
+ $login_user = User::whereName($nickValidation->getValue())->first();
if ($login_user) {
if ($request->has('password')) {
if (!verify_password($request->postData('password'), $login_user->password, $login_user->id)) {
diff --git a/includes/view/User_view.php b/includes/view/User_view.php
index 718e89c6..87d767f8 100644
--- a/includes/view/User_view.php
+++ b/includes/view/User_view.php
@@ -36,6 +36,7 @@ function User_settings_view(
form_info('', __('Here you can change your user details.')),
form_info(entry_required() . ' = ' . __('Entry required!')),
form_text('nick', __('Nick'), $user_source->name, true),
+ form_info('', __('Use up to 23 letters, numbers, connecting punctuations or spaces for your nickname.')),
form_text('lastname', __('Last name'), $personalData->last_name),
form_text('prename', __('First name'), $personalData->first_name),
$enable_planned_arrival ? form_date(