/ - Diff - WB 2.08.x - Tracking

« Previous | Next »

Revision 1810

Added by Dietmar almost 12 years ago

! account signup check that display_name is unique in whole system
(prevents from User-faking)
! add POST Request to admintools

 Nov-2012 Build 1810 Dietmar Woellbrink (Luisehahne)
     ! account signup check that display_name is unique in whole system
       (prevents from User-faking)
     ! add POST Request to admintools
 Nov-2012 Build 1809 Dietmar Woellbrink (Luisehahne)
     ! remove login_ip after 60days set in /admin/start/index.php
     ! add confirm_code and confirm_timeout fields in users table in /install/save.php

branches/2.8.x/wb/admin/interface/version.php
51	51
52	52	// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
53	53	if(!defined('VERSION')) define('VERSION', '2.8.3');
54		if(!defined('REVISION')) define('REVISION', '1809');
	54	if(!defined('REVISION')) define('REVISION', '1810');
55	55	if(!defined('SP')) define('SP', '');

     require_once(WB_PATH.'/framework/functions.php');
     $toolDir = (isset($_GET['tool']) && (trim($_GET['tool']) != '') ? trim($_GET['tool']) : '');
     $toolDir = (isset($_POST['tool']) && (trim($_POST['tool']) != '') ? trim($_POST['tool']) : '');
     $toolDir = (isset($_GET['tool']) && (trim($_GET['tool']) != '') ? trim($_GET['tool']) : $toolDir);
     $doSave  = (isset($_POST['save_settings']) || (isset($_POST['action']) && strtolower($_POST['action']) == 'save'));
     // test for valid tool name

branches/2.8.x/wb/admin/admintools/index.php
37	37	// Insert tools into tool list
38	38	$template->set_block('main_block', 'tool_list_block', 'tool_list');
39	39	$template->set_var('TOOL_NAME', '');
	40	$template->set_var('tool_list', $TEXT['NONE'].' '.$TEXT['MODULE_PERMISSIONS']);
40	41	$template->set_var('TOOL_DIR', '');
41	42	$template->set_var('TOOL_DESCRIPTION', '');
42	43	$template->set_var('NO_CONTENT', '');

     		msgQueue::add($MESSAGE['LOGIN_USERNAME_BLANK']);
+    	}
     // check that display_name is unique in whoole system (prevents from User-faking)
         	$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
         	$sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$wb->get_session('DISPLAY_NAME').'"';
         	if( ($iFoundUser = intval($database->get_one($sql))) > 0 ){
                 msgQueue::add($MESSAGE['USERS_USERNAME_TAKEN'].' ('.$TEXT['DISPLAY_NAME'].')');
                 $_SESSION['DISPLAY_NAME'] = '';
            } else {
                 if($wb->get_session('DISPLAY_NAME') == '') {
             	   msgQueue::add($MESSAGE['GENERIC_FILL_IN_ALL'].' ('.$TEXT['DISPLAY_NAME'].')');
+                }
+           }
     	if($wb->get_session('EMAIL') != "") {
     		// Check if the email already exists
     		$sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `email` = \''.$_SESSION['EMAIL'].'\'';
-...
     		msgQueue::add($MESSAGE['SIGNUP_NO_EMAIL']);
+    	}
     	if($wb->get_session('DISPLAY_NAME') == "") {
     //		$aErrorMsg[] = $MESSAGE['GENERIC_FILL_IN_ALL'];
     		msgQueue::add($MESSAGE['GENERIC_FILL_IN_ALL'].' ('.$TEXT['DISPLAY_NAME'].')');
+    	}
     //	if($wb->get_session('DISPLAY_NAME') == "") {
     ////		$aErrorMsg[] = $MESSAGE['GENERIC_FILL_IN_ALL'];
     //		msgQueue::add($MESSAGE['GENERIC_FILL_IN_ALL'].' ('.$TEXT['DISPLAY_NAME'].')');
     //	}
     	if(CONFIRMED_REGISTRATION) {
     		$iMinPassLength = 6;

Also available in: Unified diff

Project

General

Profile

WB 2.08.x

Revision 1810

Added by Dietmar almost 12 years ago