From 287395006b142e0aee8b04eb7b59c07b2ce1f862 Mon Sep 17 00:00:00 2001 From: Hugh Davenport Date: Wed, 4 May 2011 16:35:49 +1200 Subject: [PATCH] Add verification to username change on admin page The admin page did not verify the username before submitting the form This change adds in the verification of the form. Bug #776887 Change-Id: I22b221b951eec5a0b697c9a0c38f153b1b8721b7 Signed-off-by: Hugh Davenport --- htdocs/admin/users/add.php | 16 ++++++-- htdocs/admin/users/edit.php | 37 +++++++++++++++++++ htdocs/admin/users/uploadcsv.php | 11 +++++- .../internal/lang/en.utf8/auth.internal.php | 1 + 4 files changed, 60 insertions(+), 5 deletions(-) diff --git a/htdocs/admin/users/add.php b/htdocs/admin/users/add.php index 5d1e758500..70d7e368e0 100644 --- a/htdocs/admin/users/add.php +++ b/htdocs/admin/users/add.php @@ -88,7 +88,10 @@ $elements = array( 'username' => array( 'type' => 'text', 'title' => get_string('username'), - 'rules' => array('required' => true), + 'rules' => array( + 'required' => true, + 'maxlength' => 236, + ), ), 'password' => array( 'type' => 'text', @@ -172,8 +175,15 @@ function adduser_validate(Pieform $form, $values) { $email = $values['email']; $password = $values['password']; - if (method_exists($authobj, 'is_username_valid') && !$authobj->is_username_valid($username)) { - $form->set_error('username', get_string('usernameinvalidform', 'auth.internal')); + if (method_exists($authobj, 'is_username_valid_admin')) { + if (!$authobj->is_username_valid_admin($username)) { + $form->set_error('username', get_string('usernameinvalidadminform', 'auth.internal')); + } + } + else if (method_exists($authobj, 'is_username_valid')) { + if (!$authobj->is_username_valid($username)) { + $form->set_error('username', get_string('usernameinvalidform', 'auth.internal')); + } } if (!$form->get_error('username') && record_exists_select('usr', 'LOWER(username) = ?', strtolower($username))) { $form->set_error('username', get_string('usernamealreadytaken', 'auth.internal')); diff --git a/htdocs/admin/users/edit.php b/htdocs/admin/users/edit.php index 1161d4452b..582fb771aa 100644 --- a/htdocs/admin/users/edit.php +++ b/htdocs/admin/users/edit.php @@ -61,6 +61,9 @@ if (method_exists($authobj, 'change_username')) { 'title' => get_string('changeusername', 'admin'), 'description' => get_string('changeusernamedescription', 'admin'), 'defaultvalue' => $user->username, + 'rules' => array( + 'maxlength' => 236, + ), ); } @@ -184,6 +187,40 @@ function edituser_site_validate(Pieform $form, $values) { $SESSION->add_error_msg(get_string('maxquotaexceeded', 'artefact.file', display_size($maxquota))); } + $userobj = new User(); + $userobj = $userobj->find_by_id($user->id); + + if (isset($values['username']) && !empty($values['username']) && $values['username'] != $userobj->username) { + + if (!isset($values['authinstance'])) { + $authobj = AuthFactory::create($userobj->authinstance); + } + else { + $authobj = AuthFactory::create($values['authinstance']); + } + + if (method_exists($authobj, 'change_username')) { + + if (method_exists($authobj, 'is_username_valid_admin')) { + if (!$authobj->is_username_valid_admin($values['username'])) { + $form->set_error('username', get_string('usernameinvalidadminform', 'auth.internal')); + } + } + else if (method_exists($authobj, 'is_username_valid')) { + if (!$authobj->is_username_valid($values['username'])) { + $form->set_error('username', get_string('usernameinvalidform', 'auth.internal')); + } + } + + if (!$form->get_error('username') && record_exists_select('usr', 'LOWER(username) = ?', strtolower($values['username']))) { + $form->set_error('username', get_string('usernamealreadytaken', 'auth.internal')); + } + } + else { + $form->set_error('username', get_string('usernamechangenotallowed', 'admin')); + } + } + // Check that the external username isn't already in use if (isset($values['remoteusername']) && $usedby = get_record_select('auth_remote_user', diff --git a/htdocs/admin/users/uploadcsv.php b/htdocs/admin/users/uploadcsv.php index bf7366529e..c5f20e0ecf 100644 --- a/htdocs/admin/users/uploadcsv.php +++ b/htdocs/admin/users/uploadcsv.php @@ -208,8 +208,15 @@ function uploadcsv_validate(Pieform $form, $values) { $authobj = AuthFactory::create($authinstance); - if (method_exists($authobj, 'is_username_valid') && !$authobj->is_username_valid($username)) { - $CSVERRORS[] = get_string('uploadcsverrorinvalidusername', 'admin', $i); + if (method_exists($authobj, 'is_username_valid_admin')) { + if (!$authobj->is_username_valid_admin($username)) { + $CSVERRORS[] = get_string('uploadcsverrorinvalidusername', 'admin', $i); + } + } + else if (method_exists($authobj, 'is_username_valid')) { + if (!$authobj->is_username_valid($username)) { + $CSVERRORS[] = get_string('uploadcsverrorinvalidusername', 'admin', $i); + } } if (record_exists_select('usr', 'LOWER(username) = ?', strtolower($username)) || isset($usernames[strtolower($username)])) { $CSVERRORS[] = get_string('uploadcsverroruseralreadyexists', 'admin', $i, $username); diff --git a/htdocs/auth/internal/lang/en.utf8/auth.internal.php b/htdocs/auth/internal/lang/en.utf8/auth.internal.php index d7a20d3118..c4cac80518 100644 --- a/htdocs/auth/internal/lang/en.utf8/auth.internal.php +++ b/htdocs/auth/internal/lang/en.utf8/auth.internal.php @@ -63,4 +63,5 @@ $string['registrationnosuchkey'] = 'Sorry, there does not seem to be a registrat $string['registrationunsuccessful'] = 'Sorry, your registration attempt was unsuccessful. This is our fault, not yours. Please try again later.'; $string['usernamealreadytaken'] = 'Sorry, this username is already taken'; $string['usernameinvalidform'] = 'Usernames may contain letters, numbers and most common symbols, and must be from 3 to 30 characters in length. Spaces are not allowed.'; +$string['usernameinvalidadminform'] = 'Usernames may contain letters, numbers and most common symbols, and must be from 3 to 236 characters in length. Spaces are not allowed.'; $string['youmaynotregisterwithouttandc'] = 'You may not register unless you agree to abide by the Terms and Conditions'; -- GitLab