external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Disallow privileged users to use invalid user names

Browse source 
Prevent Trusted Users and developers from accidentally using a name that
contains invalid characters. Also, remove user_is_privileged() which is
no longer needed after this change.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2014-07-15 22:17:57 +02:00
parent 03c6304e19
commit 1b901616dc
1 changed files with 1 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
web/lib/acctfuncs.inc.php
View file

@ -117,7 +117,7 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",
$error = __("Missing User ID");
}
if (!$error && !valid_username($U) && !user_is_privileged($editor_user)) {
if (!$error && !valid_username($U)) {
$error = __("The username is invalid.") . "<ul>\n"
."<li>" . __("It must be between %s and %s characters long",
USERNAME_MIN_LEN, USERNAME_MAX_LEN )
@ -831,27 +831,6 @@ function user_delete($id) {
return;
}
/**
* Determine if a user is either a Trusted User or Developer
*
* @param string $id The ID of the user to check if privileged
*
* @return int|string Return 0 if un-privileged, "2" if Trusted User, "3" if Developer
*/
function user_is_privileged($id) {
$dbh = DB::connect();
$q = "SELECT AccountTypeID FROM Users WHERE ID = " . $id;
$result = $dbh->query($q);
if ($result) {
$row = $result->fetch(PDO::FETCH_NUM);
if($row[0] > 1) {
return $row[0];
}
}
return 0;
}
/**
* Remove the session from the database on logout
*