diff options
author | msquare <msquare@notrademark.de> | 2019-04-28 14:34:04 +0200 |
---|---|---|
committer | msquare <msquare@notrademark.de> | 2019-04-28 14:39:49 +0200 |
commit | 4f1cef546e2bd1ff21ed1031c46599010ee9033a (patch) | |
tree | 750f4b33647b3c60fe8534ab0b18d81ef66fe6a5 | |
parent | 819677c9025471c8951ead7905bcde2e3ed635c5 (diff) |
better nick validation, fixes #429
-rw-r--r-- | includes/model/User_model.php | 13 | ||||
-rw-r--r-- | includes/pages/admin_user.php | 5 | ||||
-rw-r--r-- | includes/pages/guest_login.php | 25 | ||||
-rw-r--r-- | includes/view/User_view.php | 1 |
4 files changed, 31 insertions, 13 deletions
diff --git a/includes/model/User_model.php b/includes/model/User_model.php index d47b2915..a928d895 100644 --- a/includes/model/User_model.php +++ b/includes/model/User_model.php @@ -112,11 +112,20 @@ function Users_by_angeltype($angeltype) * Nick is trimmed. * * @param string $nick - * @return string + * @return ValidationResult */ function User_validate_Nick($nick) { - return preg_replace('/([^\p{L}\p{N}\-_. ]+)/ui', '', trim($nick)); + $nick = trim($nick); + + if(strlen($nick) == 0 || strlen($nick) > 23) { + return new ValidationResult(false, $nick); + } + if(preg_match('/([^\p{L}\p{N}\-_. ]+)/ui', $nick)) { + return new ValidationResult(false, $nick); + } + + return new ValidationResult(true, $nick); } /** diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index a193aff7..e59c5baa 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -261,7 +261,10 @@ function admin_user() if ($user_source->settings->email_human) { $user_source->email = $request->postData('eemail'); } - $user_source->name = User_validate_Nick($request->postData('eNick')); + $nickValidation = User_validate_Nick($request->postData('eNick')); + if($nickValidation->isValid()) { + $user_source->name = $nickValidation->getValue(); + } $user_source->save(); $user_source->personalData->first_name = $request->postData('eVorname'); $user_source->personalData->last_name = $request->postData('eName'); diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index 7b6eb9c1..a0aa92a5 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -83,18 +83,21 @@ function guest_register() if ($request->hasPostData('submit')) { $valid = true; - if ($request->has('nick') && strlen(User_validate_Nick($request->input('nick'))) > 1) { - $nick = User_validate_Nick($request->input('nick')); + if ($request->has('nick')) { + $nickValidation = User_validate_Nick($request->input('nick')); + $nick = $nickValidation->getValue(); + + if(!$nickValidation->isValid()) { + $valid = false; + $msg .= error(sprintf(__('Please enter a valid nick.') . ' ' . __('Use up to 23 letters, numbers, connecting punctuations or spaces for your nickname.'), $nick), true); + } if (User::whereName($nick)->count() > 0) { $valid = false; $msg .= error(sprintf(__('Your nick "%s" already exists.'), $nick), true); } } else { $valid = false; - $msg .= error(sprintf( - __('Your nick "%s" is too short (min. 2 characters).'), - User_validate_Nick($request->input('nick')) - ), true); + $msg .= error(__('Please enter a nickname.'), true); } if ($request->has('mail') && strlen(strip_request_item('mail')) > 0) { @@ -283,7 +286,8 @@ function guest_register() div('col-md-6', [ div('row', [ div('col-sm-4', [ - form_text('nick', __('Nick') . ' ' . entry_required(), $nick) + form_text('nick', __('Nick') . ' ' . entry_required(), $nick), + form_info('', __('Use up to 23 letters, numbers, connecting punctuations or spaces for your nickname.')) ]), div('col-sm-8', [ form_email('mail', __('E-Mail') . ' ' . entry_required(), $mail), @@ -395,9 +399,10 @@ function guest_login() $session->remove('uid'); if ($request->hasPostData('submit')) { - if ($request->has('nick') && strlen(User_validate_Nick($request->input('nick'))) > 0) { - $nick = User_validate_Nick($request->input('nick')); - $login_user = User::whereName($nick)->first(); + if ($request->has('nick') && !empty($request->input('nick'))) { + $nickValidation = User_validate_Nick($request->input('nick')); + $nick = $nickValidation->getValue(); + $login_user = User::whereName($nickValidation->getValue())->first(); if ($login_user) { if ($request->has('password')) { if (!verify_password($request->postData('password'), $login_user->password, $login_user->id)) { diff --git a/includes/view/User_view.php b/includes/view/User_view.php index 718e89c6..87d767f8 100644 --- a/includes/view/User_view.php +++ b/includes/view/User_view.php @@ -36,6 +36,7 @@ function User_settings_view( form_info('', __('Here you can change your user details.')), form_info(entry_required() . ' = ' . __('Entry required!')), form_text('nick', __('Nick'), $user_source->name, true), + form_info('', __('Use up to 23 letters, numbers, connecting punctuations or spaces for your nickname.')), form_text('lastname', __('Last name'), $personalData->last_name), form_text('prename', __('First name'), $personalData->first_name), $enable_planned_arrival ? form_date( |