Commit 52ce6a21 authored by Doris Tam's avatar Doris Tam 🌷
Browse files

Bug 1714082: prevent users from emails being case sensitive. 

All emails are checked case-insensitively, but are kept in the db in
the way user has typed
- institution regisistrations are pending and don't appear in usr,
  artefact, or artefact_internal_profile_email, but in usr_registration
  so added additonal check
- placed helper function inside user.php
- putting in a special character before the @ will give single error
- putting in a special char after the @ will flag a spam checker and out
  two errors

behatnotneeded

Change-Id: Iac1b740bc34878978ccf207d241f2399d7641040
parent 97f50e0c

htdocs/admin/users/add.php

+1 −2
Original line number Diff line number Diff line
@@ -274,8 +274,7 @@ function adduser_validate(Pieform $form, $values) { 
                $form->set_error('email', get_string('invalidemailaddress', 'artefact.internal'));

            }



            if (record_exists('usr', 'email', $email)

                || record_exists('artefact_internal_profile_email', 'email', $email)) {

            if (check_email_exist($email)) {

                $form->set_error('email', get_string('emailalreadytaken', 'auth.internal'));

            }

        }

htdocs/admin/users/edit.php

+1 −8
Original line number Diff line number Diff line
@@ -426,14 +426,7 @@ function edituser_site_validate(Pieform $form, $values) { 
                $form->set_error('email', get_string('invalidemailaddress', 'artefact.internal'));

            }



            if (record_exists_sql('

                    SELECT id

                    FROM {usr}

                    WHERE deleted != 1 AND email = ? AND id != ?', array($email, $user->id))

                || record_exists_sql('

                    SELECT owner

                    FROM {artefact_internal_profile_email}

                    WHERE email = ? AND owner != ?', array($email, $user->id))) {

            if (check_email_exists($email, $user->id)) {

                $form->set_error('email', get_string('emailalreadytakenbyothers', 'auth.internal'));

            }

        }

htdocs/artefact/internal/index.php

+1 −1
Original line number Diff line number Diff line
@@ -266,7 +266,7 @@ function profileform_validate(Pieform $form, $values) { 
                $form->set_error('email', get_string('invalidemailaddress', 'artefact.internal') . ': ' . hsc($email));

                break;

            }

            else if (record_exists('artefact_internal_profile_email', 'email', $email)) {

            else if (check_email_exist($email)) {

                $form->set_error('email', get_string('unvalidatedemailalreadytaken', 'artefact.internal'));

                break;

            }

htdocs/auth/lib.php

+8 −4
Original line number Diff line number Diff line
@@ -2785,11 +2785,15 @@ function auth_register_validate(Pieform $form, $values) { 
    }



    // The e-mail address cannot already be in the system

    if (!$form->get_error('email')

        && (record_exists('usr', 'email', $values['email'])

        || record_exists('artefact_internal_profile_email', 'email', $values['email']))) {

    if (!$form->get_error('email')) {

        if (!$form->get_error('email') && empty($values['email'])) {

            $form->set_error('email', get_string('invalidemailaddress', 'artefact.internal'));

        }



        if (check_email_exist($values['email'])) {

            $form->set_error('email', get_string('emailalreadytaken', 'auth.internal'));

        }

    }



    $institution = get_record_sql('

        SELECT

htdocs/lib/antispam/SimpleSpamTrap.php

+1 −3
Original line number Diff line number Diff line
@@ -20,9 +20,7 @@ require_once('NoneSpamTrap.php'); 
class SimpleSpamTrap extends NoneSpamTrap {



    protected function email_form($email) {

        // pieforms does some email validation, but it's somewhat imperfect.

        // it allows multiple @ characters, for example

        if (preg_match("/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i", $email)) {

        if (sanitize_email($email)) {

            return true;

        }

        return false;