Commit da19b403 authored by Cecilia Vela Gurovic's avatar Cecilia Vela Gurovic
Browse files

Security bug 1772774: change 'already taken username' message

Change-Id: Ieb4ebab6ac57ff0ef4f4f89b409884e9d6bc3db7
(cherry picked from commit d5b47224)
parent 5c378d47
......@@ -165,7 +165,7 @@ function accountprefs_validate(Pieform $form, $values) {
$form->set_error('username', get_string('usernameinvalidform', 'auth.internal'));
}
if (!$form->get_error('username') && record_exists_select('usr', 'LOWER(username) = ?', array(strtolower($values['username'])))) {
$form->set_error('username', get_string('usernamealreadytaken', 'auth.internal'));
$form->set_error('username', get_string('usernamealreadytaken1', 'auth.internal'));
}
}
......
......@@ -202,7 +202,7 @@ function adduser_validate(Pieform $form, $values) {
}
}
if (!$form->get_error('username') && record_exists_select('usr', 'LOWER(username) = ?', array(strtolower($username)))) {
$form->set_error('username', get_string('usernamealreadytaken', 'auth.internal'));
$form->set_error('username', get_string('usernamealreadytaken1', 'auth.internal'));
}
if (method_exists($authobj, 'is_password_valid') && !$authobj->is_password_valid($password)) {
......
......@@ -304,7 +304,7 @@ function edituser_site_validate(Pieform $form, $values) {
}
if (!$form->get_error('username') && record_exists_select('usr', 'LOWER(username) = ?', array(strtolower($values['username'])))) {
$form->set_error('username', get_string('usernamealreadytaken', 'auth.internal'));
$form->set_error('username', get_string('usernamealreadytaken1', 'auth.internal'));
}
}
else {
......
......@@ -52,7 +52,7 @@ $string['registrationexpiredkey'] = 'Sorry, your key has expired. Perhaps you wa
$string['registrationnosuchid'] = 'Sorry, this registration key does not exist. Perhaps it is already activated?';
$string['registrationnosuchkey1'] = 'Sorry, we don\'t have a key that matches your link. Perhaps your email program mangled it?';
$string['registrationunsuccessful'] = 'Sorry, your registration attempt was unsuccessful. This is our fault, not yours. Please try again later.';
$string['usernamealreadytaken'] = 'Sorry, this username is already taken.';
$string['usernamealreadytaken1'] = 'Sorry, you can\'t use this username. Please choose a new one.';
$string['usernameinvalidform'] = 'Usernames may contain letters, numbers and most common symbols and must be from 3 to 30 characters long. Spaces are not allowed.';
$string['usernameinvalidadminform'] = 'Usernames may contain letters, numbers and most common symbols and must be from 3 to 236 characters long. Spaces are not allowed.';
$string['youmaynotregisterwithouttandc'] = 'You may not register unless you agree to abide by the <a href="#user_acceptterms">Terms and Conditions</a>.';
......
......@@ -1000,7 +1000,7 @@ function requiredfields_validate(Pieform $form, $values) {
$form->set_error('username', get_string('usernameinvalidform', 'auth.internal'));
}
if (!$form->get_error('username') && record_exists_select('usr', 'LOWER(username) = ?', array(strtolower($values['username'])))) {
$form->set_error('username', get_string('usernamealreadytaken', 'auth.internal'));
$form->set_error('username', get_string('usernamealreadytaken1', 'auth.internal'));
}
}
}
......
......@@ -47,7 +47,6 @@ The %s Team</pre>';
$string['registeredok'] = '<p>You have successfully registered. Please check your email account for instructions on how to activate your account.</p>';
$string['registrationnosuchkey'] = 'Sorry, there does not seem to be a registration with this key. Perhaps you waited longer than 24 hours to complete your registration? Otherwise, it might be our fault.';
$string['registrationunsuccessful'] = 'Sorry, your registration attempt was unsuccessful. This is our fault, not yours. Please try again later.';
$string['usernamealreadytaken'] = 'Sorry, this username is already taken.';
$string['usernameinvalidform'] = 'Usernames may contain letters, numbers and most common symbols, and must be from 3 to 30 characters in length. Spaces are not allowed.';
$string['usernameinvalidadminform'] = 'Usernames may contain letters, numbers and most common symbols, and must be from 3 to 236 characters in length. Spaces are not allowed.';
$string['youmaynotregisterwithouttandc'] = 'You may not register unless you agree to abide by the <a href="terms.php">Terms and Conditions</a>.';
......@@ -359,7 +358,7 @@ $string['accessdenied'] = 'access denied';
$string['accessdeniedforinst'] = ' access denied for institution "%s"';
$string['accessdeniedforinstuser'] = ' access denied for institution "%s" with user "%s"';
$string['accessdeniedforinstgroup'] = ' access denied for institution "%s" on group "%s"';
$string['usernameexists1'] = 'Username "%s" already exists.';
$string['usernameexists2'] = 'Username "%s" is not valid.';
$string['invalidauthtype'] = 'Invalid authentication type "%s"';
$string['invalidauthtypeuser'] = 'Invalid authentication type "%s" with user "%s"';
$string['invalidsocialprofile'] = 'Invalid social profile "%s"';
......
......@@ -19,7 +19,7 @@ $string['changeusernameheading'] = 'Change username';
$string['changeusername'] = 'New username';
$string['changeusernamedesc'] = 'The username you use to log into %s. Usernames are 3-30 characters long and may contain letters, numbers, and most common symbols excluding spaces.';
$string['usernameexists'] = 'This username is taken, please choose another one.';
$string['usernameexists1'] = 'You can\'t use this username, please choose another one.';
$string['accountoptionsdesc'] = 'General account options';
......
......@@ -22,7 +22,7 @@ $string['noticeenabled'] = 'The LTI API is enabled.';
$string['noticenotenabled'] = 'The LTI API is <b>not</b> enabled.';
$string['oauthprotocolenabled'] = 'OAuth protocol enabled';
$string['restprotocolenabled'] = 'REST protocol enabled';
$string['usernameexists1'] = 'Username "%s" already exists.';
$string['usernameexists2'] = 'Username "%s" is not valid.';
$string['webserviceauthdisabled'] = 'Web service authentication is not enabled for this institution';
$string['webserviceproviderenabled'] = 'Incoming web service requests allowed';
$string['institutiondenied'] = 'Access to \'%s\' is denied. Please contact your institution administrator.';
......
......@@ -164,7 +164,7 @@ class module_lti_launch extends external_api {
FROM {usr}
WHERE LOWER(username) = ?", array(strtolower($user->email)))) {
$USER->logout();
throw new WebserviceInvalidParameterException(get_string('usernameexists1', 'module.lti', $user->email));
throw new WebserviceInvalidParameterException(get_string('usernameexists2', 'module.lti', $user->email));
}
$user->username = $user->email;
......
......@@ -245,7 +245,7 @@ class mahara_user_external extends external_api {
foreach ($params['users'] as $user) {
// Make sure that the username doesn't already exist
if (get_record('usr', 'username', $user['username'])) {
throw new WebserviceInvalidParameterException(get_string('usernameexists1', 'auth.webservice', $user['username']));
throw new WebserviceInvalidParameterException(get_string('usernameexists2', 'auth.webservice', $user['username']));
}
// check the institution is allowed
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment