Index: branches/2.8.x/CHANGELOG =================================================================== --- branches/2.8.x/CHANGELOG (revision 1809) +++ branches/2.8.x/CHANGELOG (revision 1810) @@ -13,6 +13,10 @@ +09 Nov-2012 Build 1810 Dietmar Woellbrink (Luisehahne) +! account signup check that display_name is unique in whole system + (prevents from User-faking) +! add POST Request to admintools 07 Nov-2012 Build 1809 Dietmar Woellbrink (Luisehahne) ! remove login_ip after 60days set in /admin/start/index.php ! add confirm_code and confirm_timeout fields in users table in /install/save.php Index: branches/2.8.x/wb/admin/interface/version.php =================================================================== --- branches/2.8.x/wb/admin/interface/version.php (revision 1809) +++ branches/2.8.x/wb/admin/interface/version.php (revision 1810) @@ -51,5 +51,5 @@ // check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) if(!defined('VERSION')) define('VERSION', '2.8.3'); -if(!defined('REVISION')) define('REVISION', '1809'); +if(!defined('REVISION')) define('REVISION', '1810'); if(!defined('SP')) define('SP', ''); Index: branches/2.8.x/wb/admin/admintools/tool.php =================================================================== --- branches/2.8.x/wb/admin/admintools/tool.php (revision 1809) +++ branches/2.8.x/wb/admin/admintools/tool.php (revision 1810) @@ -28,7 +28,8 @@ require_once(WB_PATH.'/framework/functions.php'); -$toolDir = (isset($_GET['tool']) && (trim($_GET['tool']) != '') ? trim($_GET['tool']) : ''); +$toolDir = (isset($_POST['tool']) && (trim($_POST['tool']) != '') ? trim($_POST['tool']) : ''); +$toolDir = (isset($_GET['tool']) && (trim($_GET['tool']) != '') ? trim($_GET['tool']) : $toolDir); $doSave = (isset($_POST['save_settings']) || (isset($_POST['action']) && strtolower($_POST['action']) == 'save')); // test for valid tool name Index: branches/2.8.x/wb/admin/admintools/index.php =================================================================== --- branches/2.8.x/wb/admin/admintools/index.php (revision 1809) +++ branches/2.8.x/wb/admin/admintools/index.php (revision 1810) @@ -37,6 +37,7 @@ // Insert tools into tool list $template->set_block('main_block', 'tool_list_block', 'tool_list'); $template->set_var('TOOL_NAME', ''); +$template->set_var('tool_list', $TEXT['NONE'].' '.$TEXT['MODULE_PERMISSIONS']); $template->set_var('TOOL_DIR', ''); $template->set_var('TOOL_DESCRIPTION', ''); $template->set_var('NO_CONTENT', ''); Index: branches/2.8.x/wb/account/save_signup.php =================================================================== --- branches/2.8.x/wb/account/save_signup.php (revision 1809) +++ branches/2.8.x/wb/account/save_signup.php (revision 1810) @@ -117,6 +117,18 @@ msgQueue::add($MESSAGE['LOGIN_USERNAME_BLANK']); } +// check that display_name is unique in whoole system (prevents from User-faking) + $sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` '; + $sql .= 'WHERE `user_id` <> '.(int)$admin->get_user_id().' AND `display_name` LIKE "'.$wb->get_session('DISPLAY_NAME').'"'; + if( ($iFoundUser = intval($database->get_one($sql))) > 0 ){ + msgQueue::add($MESSAGE['USERS_USERNAME_TAKEN'].' ('.$TEXT['DISPLAY_NAME'].')'); + $_SESSION['DISPLAY_NAME'] = ''; + } else { + if($wb->get_session('DISPLAY_NAME') == '') { + msgQueue::add($MESSAGE['GENERIC_FILL_IN_ALL'].' ('.$TEXT['DISPLAY_NAME'].')'); + } + } + if($wb->get_session('EMAIL') != "") { // Check if the email already exists $sql = 'SELECT `user_id` FROM `'.TABLE_PREFIX.'users` WHERE `email` = \''.$_SESSION['EMAIL'].'\''; @@ -133,10 +145,10 @@ msgQueue::add($MESSAGE['SIGNUP_NO_EMAIL']); } - if($wb->get_session('DISPLAY_NAME') == "") { -// $aErrorMsg[] = $MESSAGE['GENERIC_FILL_IN_ALL']; - msgQueue::add($MESSAGE['GENERIC_FILL_IN_ALL'].' ('.$TEXT['DISPLAY_NAME'].')'); - } +// if($wb->get_session('DISPLAY_NAME') == "") { +//// $aErrorMsg[] = $MESSAGE['GENERIC_FILL_IN_ALL']; +// msgQueue::add($MESSAGE['GENERIC_FILL_IN_ALL'].' ('.$TEXT['DISPLAY_NAME'].')'); +// } if(CONFIRMED_REGISTRATION) { $iMinPassLength = 6;