Ticket #146: 011_validate_username_password_functions.diff

a/auth/ldap/lib.php

@@ -126 +126 @@
-        }
-
-        /**
-          * checks if the LDAP username is valid by elgg
-          * TODO - this should be a library function somewhere.
-          * IMPORTANT - Currently (1Jun07) this differs from the normal elgg 
-          * username check as LDAP can have long usernames and non-alphanum
-          * characters. A clear policy needs to be decided on in this matter
-          */
-
-        function elgg_valid_username($username){
-        return preg_match("/^[A-Za-z0-9.\-]{3,20}$/",$username);
-        }
-
-        /**
-          * creates an entry in the elgg database for the given username and 
-          * password and LDAP entry
-          */
-
-        function ldap_create_elgg_user($username, $password, $user_info) {
- elgg_valid
+validate
-            $messages[] = __gettext("Error! LDAP Username does not meet Elgg requirements");
-        } else {
-            // Does the user already exist?

a/lib/elgglib.php

@@ -2024 +2024 @@
-
-}
-
+/**
+ * Check if system reached account limit
+ * @return boolean
+ */
+function maxusers_limit() {
+    global $CFG;
+
+    $limit = isset($CFG->maxusers) ? intval($CFG->maxusers) : 0;
+
+    if ($limit > 0 && count_users('person') >= $limit) {
+        return true;
+    }
+    
+    return false;
+}
+
+/**
+ * Validates username 
+ * @param string $username The username to validate
+ * @return boolean
+ */
+function validate_username($username) {
+    global $CFG;
+
+    $minchars = isset($CFG->username_minchars) ? intval($CFG->username_minchars) : 3;
+    $maxchars = isset($CFG->username_maxchars) ? intval($CFG->username_maxchars) : 12;
+
+    // TODO: modifying regex needs update rewrite rules
+    $regex = sprintf('/^[A-Za-z0-9]{%d,%d}$/i', $minchars, $maxchars); // letters and numbers only
+
+    // TODO: should allow plugins to extend validation?
+
+    if (!preg_match($regex, $username)) {
+        return false;
+    }
+    
+    return true;
+}
+
+/**
+ * Check if username is available
+ * @param string $username The username to check availability 
+ * @return boolean
+ */
+function username_is_available($username) {
+
+    if (!validate_username($username)) {
+        return false;
+    }
+
+    if (record_exists('users', 'username', $username)) {
+        return false;
+    }
+
+    return true;
+}
+
+/**
+ * Validates password
+ * @param string $password1 The password to validate
+ * @param string $password2 The 2nd password to verify that match
+ * @return boolean
+ */
+function validate_password($password1, $password2=null) {
+    global $CFG;
+
+    $minchars = isset($CFG->password_minchars) ? intval($CFG->password_minchars) : 6;
+    $maxchars = isset($CFG->password_maxchars) ? intval($CFG->password_maxchars) : 32;
+
+    // TODO: should allow plugins to extend validate?
+    // could help to enforce passwords
+
+    if (!empty($password2) && $password1 != $password2) {
+        return false;
+    }
+
+    // TODO: from units/users/userdetails_actions.php
+    /*
+    if (!preg_match('/^[a-z0-9]*$/i', $password1)) { // only allow letters and numbers
+        return false;
+    }
+     */
+
+    $len = strlen($password1);
+
+    if ($len < $minchars || $len > $maxchars) {
+        return  false;
+    }
+    
+    return true;
+}
-
-/**
- * Validates an email to make sure it makes sense and adheres

a/lms/join.php

@@ -44 +44 @@
-    $messages = array();
-    if ($mode == 'join') {
-        // validate
-preg_match("/^[A-Za-z0-9]{3,12}$/",
+validate_username(
-            $messages[] = __gettext("Error! Your username must contain letters and numbers only, cannot be blank, and must be between 3 and 12 characters in length.");
-
-
-
+
-            $messages[] = __gettext("The username '$username' is already taken by another user. You will need to pick a different one.");
-        }
-
-$u->password1 != $u->password2 || strlen($u->password1) < 6 || strlen($u->password2) > 16
+!validate_password($u->password1, $u->password2)
-            $messages[] = __gettext("Error! Invalid password. Your passwords must match and be between 6 and 16 characters in length.");
-        }
-

a/mod/admin/lib/admin_actions.php

@@ -35 +35 @@
-            // Manage users
-        case "userdetails:update":
-            $id = optional_param('id',0,PARAM_INT);
-optional_param('change_username','',PARAM_CLEAN
+trim(strtolower(optional_param('change_username','',PARAM_CLEAN))
-            $change_filequota = optional_param('change_filequota',0,PARAM_INT);
-            $change_iconquota = optional_param('change_iconquota',0,PARAM_INT);
-            if (!empty($id)) {
-                if (!empty($change_username)) {
-preg_match("/^[A-Za-z0-9]{3,12}$/",
+validate_username(
-                        $messages[] = __gettext("Error! The new username must contain letters and numbers only, cannot be blank, and must be between 3 and 12 characters in length.");
-                    } else {
-                        $u = new StdClass;
@@ -116 +116 @@
-                        continue;
-                    }
-                        
-$new_username[$i]
+strtolower($new_username[$i])
-                    $new_name[$i] = trim($new_name[$i]);
-                    $new_email[$i] = trim($new_email[$i]);
-                    if (empty($new_username[$i]) || empty($new_name[$i]) || empty($new_email[$i])) {
@@ -124 +124 @@
-                        continue;
-                    }
-                    
-preg_match("/^[A-Za-z0-9]{3,12}$/",
+validate_username(
-                        $messages[] = sprintf(__gettext("New username %d (%s) was invalid; usernames must contain letters and numbers only, cannot be blank, and must be between 3 and 12 characters in length.")
-                                              ,($i + 1),$new_username[$i]);
-                        continue;
-
-
-
+
-                        $messages[] = sprintf(__gettext("User addition %d failed: username %s is already in use."),($i + 1),$new_username[$i]);
-                        continue;
-                    } 

a/mod/community/lib/communities_actions.php

@@ -20 +20 @@
-            $comm_username = optional_param('comm_username');
-            if (logged_on && !empty($comm_name) && !empty($comm_username) &&
-                ($CFG->community_create_flag == "" || user_flag_get($CFG->community_create_flag, $USER->ident))) {
-preg_match("/^[A-Za-z0-9]{3,12}$/",
+validate_username(
-                    $messages[] = __gettext("Error! The community username must contain letters and numbers only, cannot be blank, and must be between 3 and 12 characters in length.");
-                } else if (trim($comm_name) == "") {
-                    $messages[] = __gettext("Error! The community name cannot be blank.");
-                } else {
-                    $comm_username = strtolower(trim($comm_username));
-record_exists('users','username',
+!username_is_available(
-                        $messages[] = sprintf(__gettext("The username %s is already taken by another user. You will need to pick a different one."), $comm_username);
-                    } else {
-                        $name = trim($comm_name);

a/mod/invite/lib/invite_actions.php

@@ -21 +21 @@
-         $invite->email = trim(optional_param('invite_email'));
-         if (!empty($invite->name) && !empty($invite->email)) {
-             if (logged_on || ($CFG->publicinvite == true)) {
-($CFG->maxusers == 0 || (count_users('person') < $CFG->maxusers)
+!maxusers_limit(
-                     if (validate_email(stripslashes($invite->email))) {
-                         $strippedname = stripslashes($invite->name); // for the message text.
-                         $invitations = count_records('invitations','email',$invite->email);
@@ -79 +79 @@
-         $name = trim(optional_param('join_name'));
-         $code = trim(optional_param('invitecode'));
-         $over13 = optional_param('over13');
-optional_param('join_username'
+strtolower(optional_param('join_username')
-         $password1 = trim(optional_param('join_password1'));
-         $password2 = trim(optional_param('join_password2'));
-
-         if (isset($name) && isset($code)) {
-!($CFG->maxusers == 0 || (count_users('person') < $CFG->maxusers)
+maxusers_limit(
-                 $messages[] = __gettext("Unfortunately this community has reached its account limit and you are unable to join at this time.");
-                 break;
-             }
@@ -96 +96 @@
-                 $messages[] = __gettext("Error! Invalid invite code.");
-                 break;
-             }
-$password1 != $password2 || strlen($password1) < 6 || strlen($password2) > 16
+!validate_password($password1, $password2)
-                 $messages[] = __gettext("Error! Invalid password. Your passwords must match and be between 6 and 16 characters in length.");
-                 break;
-             }
-preg_match("/^[A-Za-z0-9]{3,12}$/",
+validate_username(
-                 $messages[] = __gettext("Error! Your username must contain letters and numbers only, cannot be blank, and must be between 3 and 12 characters in length.");
-                 break;
-             }
-
-
+
-                 $messages[] = __gettext("The username '$username' is already taken by another user. You will need to pick a different one.");
-                 break;
-             }