Commit 28739500 authored by Hugh Davenport's avatar Hugh Davenport

Add verification to username change on admin page

The admin page did not verify the username before submitting the form
This change adds in the verification of the form.

Bug #776887

Change-Id: I22b221b951eec5a0b697c9a0c38f153b1b8721b7
Signed-off-by: default avatarHugh Davenport <hugh@catalyst.net.nz>
parent cf35fdce
...@@ -88,7 +88,10 @@ $elements = array( ...@@ -88,7 +88,10 @@ $elements = array(
'username' => array( 'username' => array(
'type' => 'text', 'type' => 'text',
'title' => get_string('username'), 'title' => get_string('username'),
'rules' => array('required' => true), 'rules' => array(
'required' => true,
'maxlength' => 236,
),
), ),
'password' => array( 'password' => array(
'type' => 'text', 'type' => 'text',
...@@ -172,8 +175,15 @@ function adduser_validate(Pieform $form, $values) { ...@@ -172,8 +175,15 @@ function adduser_validate(Pieform $form, $values) {
$email = $values['email']; $email = $values['email'];
$password = $values['password']; $password = $values['password'];
if (method_exists($authobj, 'is_username_valid') && !$authobj->is_username_valid($username)) { if (method_exists($authobj, 'is_username_valid_admin')) {
$form->set_error('username', get_string('usernameinvalidform', 'auth.internal')); if (!$authobj->is_username_valid_admin($username)) {
$form->set_error('username', get_string('usernameinvalidadminform', 'auth.internal'));
}
}
else if (method_exists($authobj, 'is_username_valid')) {
if (!$authobj->is_username_valid($username)) {
$form->set_error('username', get_string('usernameinvalidform', 'auth.internal'));
}
} }
if (!$form->get_error('username') && record_exists_select('usr', 'LOWER(username) = ?', strtolower($username))) { if (!$form->get_error('username') && record_exists_select('usr', 'LOWER(username) = ?', strtolower($username))) {
$form->set_error('username', get_string('usernamealreadytaken', 'auth.internal')); $form->set_error('username', get_string('usernamealreadytaken', 'auth.internal'));
......
...@@ -61,6 +61,9 @@ if (method_exists($authobj, 'change_username')) { ...@@ -61,6 +61,9 @@ if (method_exists($authobj, 'change_username')) {
'title' => get_string('changeusername', 'admin'), 'title' => get_string('changeusername', 'admin'),
'description' => get_string('changeusernamedescription', 'admin'), 'description' => get_string('changeusernamedescription', 'admin'),
'defaultvalue' => $user->username, 'defaultvalue' => $user->username,
'rules' => array(
'maxlength' => 236,
),
); );
} }
...@@ -184,6 +187,40 @@ function edituser_site_validate(Pieform $form, $values) { ...@@ -184,6 +187,40 @@ function edituser_site_validate(Pieform $form, $values) {
$SESSION->add_error_msg(get_string('maxquotaexceeded', 'artefact.file', display_size($maxquota))); $SESSION->add_error_msg(get_string('maxquotaexceeded', 'artefact.file', display_size($maxquota)));
} }
$userobj = new User();
$userobj = $userobj->find_by_id($user->id);
if (isset($values['username']) && !empty($values['username']) && $values['username'] != $userobj->username) {
if (!isset($values['authinstance'])) {
$authobj = AuthFactory::create($userobj->authinstance);
}
else {
$authobj = AuthFactory::create($values['authinstance']);
}
if (method_exists($authobj, 'change_username')) {
if (method_exists($authobj, 'is_username_valid_admin')) {
if (!$authobj->is_username_valid_admin($values['username'])) {
$form->set_error('username', get_string('usernameinvalidadminform', 'auth.internal'));
}
}
else if (method_exists($authobj, 'is_username_valid')) {
if (!$authobj->is_username_valid($values['username'])) {
$form->set_error('username', get_string('usernameinvalidform', 'auth.internal'));
}
}
if (!$form->get_error('username') && record_exists_select('usr', 'LOWER(username) = ?', strtolower($values['username']))) {
$form->set_error('username', get_string('usernamealreadytaken', 'auth.internal'));
}
}
else {
$form->set_error('username', get_string('usernamechangenotallowed', 'admin'));
}
}
// Check that the external username isn't already in use // Check that the external username isn't already in use
if (isset($values['remoteusername']) && if (isset($values['remoteusername']) &&
$usedby = get_record_select('auth_remote_user', $usedby = get_record_select('auth_remote_user',
......
...@@ -208,8 +208,15 @@ function uploadcsv_validate(Pieform $form, $values) { ...@@ -208,8 +208,15 @@ function uploadcsv_validate(Pieform $form, $values) {
$authobj = AuthFactory::create($authinstance); $authobj = AuthFactory::create($authinstance);
if (method_exists($authobj, 'is_username_valid') && !$authobj->is_username_valid($username)) { if (method_exists($authobj, 'is_username_valid_admin')) {
$CSVERRORS[] = get_string('uploadcsverrorinvalidusername', 'admin', $i); if (!$authobj->is_username_valid_admin($username)) {
$CSVERRORS[] = get_string('uploadcsverrorinvalidusername', 'admin', $i);
}
}
else if (method_exists($authobj, 'is_username_valid')) {
if (!$authobj->is_username_valid($username)) {
$CSVERRORS[] = get_string('uploadcsverrorinvalidusername', 'admin', $i);
}
} }
if (record_exists_select('usr', 'LOWER(username) = ?', strtolower($username)) || isset($usernames[strtolower($username)])) { if (record_exists_select('usr', 'LOWER(username) = ?', strtolower($username)) || isset($usernames[strtolower($username)])) {
$CSVERRORS[] = get_string('uploadcsverroruseralreadyexists', 'admin', $i, $username); $CSVERRORS[] = get_string('uploadcsverroruseralreadyexists', 'admin', $i, $username);
......
...@@ -63,4 +63,5 @@ $string['registrationnosuchkey'] = 'Sorry, there does not seem to be a registrat ...@@ -63,4 +63,5 @@ $string['registrationnosuchkey'] = 'Sorry, there does not seem to be a registrat
$string['registrationunsuccessful'] = 'Sorry, your registration attempt was unsuccessful. This is our fault, not yours. Please try again later.'; $string['registrationunsuccessful'] = 'Sorry, your registration attempt was unsuccessful. This is our fault, not yours. Please try again later.';
$string['usernamealreadytaken'] = 'Sorry, this username is already taken'; $string['usernamealreadytaken'] = 'Sorry, this username is already taken';
$string['usernameinvalidform'] = 'Usernames may contain letters, numbers and most common symbols, and must be from 3 to 30 characters in length. Spaces are not allowed.'; $string['usernameinvalidform'] = 'Usernames may contain letters, numbers and most common symbols, and must be from 3 to 30 characters in length. Spaces are not allowed.';
$string['usernameinvalidadminform'] = 'Usernames may contain letters, numbers and most common symbols, and must be from 3 to 236 characters in length. Spaces are not allowed.';
$string['youmaynotregisterwithouttandc'] = 'You may not register unless you agree to abide by the <a href="terms.php">Terms and Conditions</a>'; $string['youmaynotregisterwithouttandc'] = 'You may not register unless you agree to abide by the <a href="terms.php">Terms and Conditions</a>';
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment