Author: dgoette Date: Mon May 18 16:44:52 2009 New Revision: 416
URL: http://svn.reactos.org/svn/reactos?rev=416&view=rev Log: * fix problem with unicode nicknames * fix login with case sensitive names * fix registration(new database structure wasn't applied)
Modified: branches/danny-web/www/www.reactos.org/roscms/convert3to4.sql branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Login.class.php branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Profile.class.php branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Register.class.php
Modified: branches/danny-web/www/www.reactos.org/roscms/convert3to4.sql URL: http://svn.reactos.org/svn/reactos/branches/danny-web/www/www.reactos.org/ro... ============================================================================== --- branches/danny-web/www/www.reactos.org/roscms/convert3to4.sql [iso-8859-1] (original) +++ branches/danny-web/www/www.reactos.org/roscms/convert3to4.sql [iso-8859-1] Mon May 18 16:44:52 2009 @@ -571,7 +571,7 @@ -- -------------------------------------------------------- CREATE TABLE roscms_accounts ( id bigint(20) unsigned NOT NULL auto_increment, - name varchar(20) collate utf8_unicode_ci NOT NULL, + name varchar(20) collate utf8_bin NOT NULL, password varchar(32) collate utf8_unicode_ci NOT NULL COMMENT 'md5 encoded', email varchar(150) collate utf8_unicode_ci NOT NULL, lang_id bigint(20) unsigned COMMENT '->languages(id)',
Modified: branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Login.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/www/www.reactos.org/ro... ============================================================================== --- branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Login.class.php [iso-8859-1] (original) +++ branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Login.class.php [iso-8859-1] Mon May 18 16:44:52 2009 @@ -112,7 +112,7 @@ }
// get user data - $stmt=&DBConnection::getInstance()->prepare("SELECT id, password, logins, disabled, match_session FROM ".ROSCMST_USERS." WHERE name = :user_name LIMIT 1"); + $stmt=&DBConnection::getInstance()->prepare("SELECT id, password, logins, disabled, match_session FROM ".ROSCMST_USERS." WHERE LOWER(name) = LOWER(:user_name) LIMIT 1"); $stmt->bindParam('user_name',$user_name,PDO::PARAM_STR); $stmt->execute() or die('DB error (user login #1)!'); $user = $stmt->fetchOnce();
Modified: branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Profile.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/www/www.reactos.org/ro... ============================================================================== --- branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Profile.class.php [iso-8859-1] (original) +++ branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Profile.class.php [iso-8859-1] Mon May 18 16:44:52 2009 @@ -56,14 +56,14 @@ if ($this->search && empty($_GET['user_id'])) {
if (isset($_GET['search'])) { - $stmt=&DBConnection::getInstance()->prepare("SELECT COUNT(*) FROM ".ROSCMST_USERS." WHERE name LIKE :nickname OR fullname LIKE :fullname"); + $stmt=&DBConnection::getInstance()->prepare("SELECT COUNT(*) FROM ".ROSCMST_USERS." WHERE LOWER(name) LIKE LOWER(:nickname) OR fullname LIKE :fullname"); $stmt->bindValue('nickname','%'.$_GET['search'].'%',PDO::PARAM_STR); $stmt->bindValue('fullname','%'.$_GET['search'].'%',PDO::PARAM_STR); $stmt->execute(); $users_found = $stmt->fetchColumn();
if ($users_found == 1) { - $stmt=&DBConnection::getInstance()->prepare("SELECT id FROM ".ROSCMST_USERS." WHERE name LIKE :nickname OR fullname LIKE :fullname LIMIT 1"); + $stmt=&DBConnection::getInstance()->prepare("SELECT id FROM ".ROSCMST_USERS." WHERE LOWER(name) LIKE LOWER(:nickname) OR fullname LIKE :fullname LIMIT 1"); $stmt->bindValue('nickname','%'.$_GET['search'].'%',PDO::PARAM_STR); $stmt->bindValue('fullname','%'.$_GET['search'].'%',PDO::PARAM_STR); $stmt->execute(); @@ -102,7 +102,7 @@ if (isset($_GET['search']) && $_GET['search'] != '') { echo '<ul>';
- $stmt=&DBConnection::getInstance()->prepare("SELECT name, fullname, id FROM ".ROSCMST_USERS." WHERE name LIKE :nickname OR fullname LIKE :fullname ORDER BY name ASC LIMIT 100"); + $stmt=&DBConnection::getInstance()->prepare("SELECT name, fullname, id FROM ".ROSCMST_USERS." WHERE LOWER(name) LIKE LOWER(:nickname) OR fullname LIKE :fullname ORDER BY name ASC LIMIT 100"); $stmt->bindValue('nickname','%'.$_GET['search'].'%',PDO::PARAM_STR); $stmt->bindValue('fullname','%'.$_GET['search'].'%',PDO::PARAM_STR); $stmt->execute(); @@ -120,7 +120,7 @@ } else { if (empty($user_id) || $user_id === false) { - $stmt=&DBConnection::getInstance()->prepare("SELECT id FROM ".ROSCMST_USERS." WHERE name = :user_name LIMIT 1"); + $stmt=&DBConnection::getInstance()->prepare("SELECT id FROM ".ROSCMST_USERS." WHERE LOWER(name) = LOWER(:user_name) LIMIT 1"); $stmt->bindParam('user_name',rawurldecode(@$_GET['user_name'])); $stmt->execute(); $user_id = $stmt->fetchColumn();
Modified: branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Register.class.php URL: http://svn.reactos.org/svn/reactos/branches/danny-web/www/www.reactos.org/ro... ============================================================================== --- branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Register.class.php [iso-8859-1] (original) +++ branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Register.class.php [iso-8859-1] Mon May 18 16:44:52 2009 @@ -69,10 +69,10 @@ <div class="corner_TR"></div> </div>');
- if (isset($_POST['registerpost']) && $_POST['username'] != "" && strlen($_POST['username']) >= $config->limitUserNameMin()) { + if (isset($_POST['registerpost']) && isset($_POST['username']) && preg_match('/^[a-z0-9_-[:space:].]{'.$config->limitUserNameMin().','.$config->limitUsernameMax().'}$/i')) {
// check if another account with the same username already exists - $stmt=&DBConnection::getInstance()->prepare("SELECT name FROM ".ROSCMST_USERS." WHERE REPLACE(name, '_', ' ') = REPLACE(:username, '_', ' ') LIMIT 1"); + $stmt=&DBConnection::getInstance()->prepare("SELECT name FROM ".ROSCMST_USERS." WHERE LOWER(REPLACE(name, '_', ' ')) = LOWER(REPLACE(:username, '_', ' ')) LIMIT 1"); $stmt->bindParam('username',$_POST['username'],PDO::PARAM_STR); $stmt->execute(); $name_exists = ($stmt->fetchColumn() !== false); @@ -84,17 +84,11 @@
// name is not forbidden -> go on if ($stmt->fetchColumn() === false) { - if (isset($_POST['registerpost']) && isset($_POST['userpwd1']) && $_POST['userpwd1'] != '' && isset($_POST['userpwd2']) && $_POST['userpwd2'] != '' && $_POST['userpwd1'] == $_POST['userpwd2']) { - $stmt=&DBConnection::getInstance()->prepare("SELECT pwd_name FROM user_unsafepwds WHERE pwd_name = :pwd_name LIMIT 1"); - $stmt->bindParam('pwd_name',$_POST['userpwd1'],PDO::PARAM_STR); - $stmt->execute(); - $safepwd = ($stmt->fetchColumn() !== false); - }
if (isset($_POST['registerpost']) && isset($_POST['useremail']) && $_POST['useremail'] != '') {
// check if another account with the same email address already exists - $stmt=&DBConnection::getInstance()->prepare("SELECT user_email FROM users WHERE user_email = :email LIMIT 1"); + $stmt=&DBConnection::getInstance()->prepare("SELECT email FROM ".ROSCMST_USERS." WHERE email = :email LIMIT 1"); $stmt->bindParam('email',$_POST['useremail'],PDO::PARAM_STR); $stmt->execute();
@@ -116,7 +110,7 @@ $activation_code = substr($activation_code, 0, rand(10, 15));
// add new account - $stmt=&DBConnection::getInstance()->prepare("INSERT INTO users ( user_name, user_roscms_password, user_register, user_register_activation, user_email, user_language ) VALUES ( :user_name, MD5( :password ), NOW(), :activation_code, :email, :lang )"); + $stmt=&DBConnection::getInstance()->prepare("INSERT INTO ".ROSCMST_USERS." ( name, password, created, activation, email, language, modified ) VALUES ( :user_name, MD5( :password ), NOW(), :activation_code, :email, :lang, NOW() )"); $stmt->bindParam('user_name',$_POST['username'],PDO::PARAM_STR); $stmt->bindParam('password',$_POST['userpwd1'],PDO::PARAM_STR); $stmt->bindParam('activation_code',$activation_code,PDO::PARAM_STR); @@ -124,13 +118,13 @@ $stmt->bindParam('lang',$userlang,PDO::PARAM_STR); $stmt->execute();
- $stmt=&DBConnection::getInstance()->prepare("SELECT user_id FROM users WHERE user_name = :user_name ORDER BY user_id DESC LIMIT 1"); + $stmt=&DBConnection::getInstance()->prepare("SELECT id FROM ".ROSCMST_USERS." WHERE LOWER(name) = LOWER(:user_name)"); $stmt->bindParam('user_name',$_POST['username'],PDO::PARAM_INT); $stmt->execute(); $user_id = $stmt->fetchColumn();
// give a 'user' group membership - $stmt=&DBConnection::getInstance()->prepare("INSERT INTO usergroup_members (usergroupmember_userid, usergroupmember_usergroupid) VALUES (:user_id, 'user')"); + $stmt=&DBConnection::getInstance()->prepare("INSERT INTO ".ROSCMST_MEMBERSHIPS." (user_id, group_id) SELECT :user_id, id FROM ".ROSCMST_GROUPS." WHERE name_short = 'user' LIMIT 1"); $stmt->bindParam('user_id',$user_id,PDO::PARAM_INT); $stmt->execute();