[ros-diffs] [dgoette] 416: * fix problem with unicode nicknames * fix login with case sensitive names * fix registration(new database structure wasn't applied)
dgoette at svn.reactos.org
dgoette at svn.reactos.org
Mon May 18 14:44:53 CEST 2009
Author: dgoette
Date: Mon May 18 16:44:52 2009
New Revision: 416
URL: http://svn.reactos.org/svn/reactos?rev=416&view=rev
Log:
* fix problem with unicode nicknames
* fix login with case sensitive names
* fix registration(new database structure wasn't applied)
Modified:
branches/danny-web/www/www.reactos.org/roscms/convert3to4.sql
branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Login.class.php
branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Profile.class.php
branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Register.class.php
Modified: branches/danny-web/www/www.reactos.org/roscms/convert3to4.sql
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/www/www.reactos.org/roscms/convert3to4.sql?rev=416&r1=415&r2=416&view=diff
==============================================================================
--- branches/danny-web/www/www.reactos.org/roscms/convert3to4.sql [iso-8859-1] (original)
+++ branches/danny-web/www/www.reactos.org/roscms/convert3to4.sql [iso-8859-1] Mon May 18 16:44:52 2009
@@ -571,7 +571,7 @@
-- --------------------------------------------------------
CREATE TABLE roscms_accounts (
id bigint(20) unsigned NOT NULL auto_increment,
- name varchar(20) collate utf8_unicode_ci NOT NULL,
+ name varchar(20) collate utf8_bin NOT NULL,
password varchar(32) collate utf8_unicode_ci NOT NULL COMMENT 'md5 encoded',
email varchar(150) collate utf8_unicode_ci NOT NULL,
lang_id bigint(20) unsigned COMMENT '->languages(id)',
Modified: branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Login.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Login.class.php?rev=416&r1=415&r2=416&view=diff
==============================================================================
--- branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Login.class.php [iso-8859-1] (original)
+++ branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Login.class.php [iso-8859-1] Mon May 18 16:44:52 2009
@@ -112,7 +112,7 @@
}
// get user data
- $stmt=&DBConnection::getInstance()->prepare("SELECT id, password, logins, disabled, match_session FROM ".ROSCMST_USERS." WHERE name = :user_name LIMIT 1");
+ $stmt=&DBConnection::getInstance()->prepare("SELECT id, password, logins, disabled, match_session FROM ".ROSCMST_USERS." WHERE LOWER(name) = LOWER(:user_name) LIMIT 1");
$stmt->bindParam('user_name',$user_name,PDO::PARAM_STR);
$stmt->execute() or die('DB error (user login #1)!');
$user = $stmt->fetchOnce();
Modified: branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Profile.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Profile.class.php?rev=416&r1=415&r2=416&view=diff
==============================================================================
--- branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Profile.class.php [iso-8859-1] (original)
+++ branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Profile.class.php [iso-8859-1] Mon May 18 16:44:52 2009
@@ -56,14 +56,14 @@
if ($this->search && empty($_GET['user_id'])) {
if (isset($_GET['search'])) {
- $stmt=&DBConnection::getInstance()->prepare("SELECT COUNT(*) FROM ".ROSCMST_USERS." WHERE name LIKE :nickname OR fullname LIKE :fullname");
+ $stmt=&DBConnection::getInstance()->prepare("SELECT COUNT(*) FROM ".ROSCMST_USERS." WHERE LOWER(name) LIKE LOWER(:nickname) OR fullname LIKE :fullname");
$stmt->bindValue('nickname','%'.$_GET['search'].'%',PDO::PARAM_STR);
$stmt->bindValue('fullname','%'.$_GET['search'].'%',PDO::PARAM_STR);
$stmt->execute();
$users_found = $stmt->fetchColumn();
if ($users_found == 1) {
- $stmt=&DBConnection::getInstance()->prepare("SELECT id FROM ".ROSCMST_USERS." WHERE name LIKE :nickname OR fullname LIKE :fullname LIMIT 1");
+ $stmt=&DBConnection::getInstance()->prepare("SELECT id FROM ".ROSCMST_USERS." WHERE LOWER(name) LIKE LOWER(:nickname) OR fullname LIKE :fullname LIMIT 1");
$stmt->bindValue('nickname','%'.$_GET['search'].'%',PDO::PARAM_STR);
$stmt->bindValue('fullname','%'.$_GET['search'].'%',PDO::PARAM_STR);
$stmt->execute();
@@ -102,7 +102,7 @@
if (isset($_GET['search']) && $_GET['search'] != '') {
echo '<ul>';
- $stmt=&DBConnection::getInstance()->prepare("SELECT name, fullname, id FROM ".ROSCMST_USERS." WHERE name LIKE :nickname OR fullname LIKE :fullname ORDER BY name ASC LIMIT 100");
+ $stmt=&DBConnection::getInstance()->prepare("SELECT name, fullname, id FROM ".ROSCMST_USERS." WHERE LOWER(name) LIKE LOWER(:nickname) OR fullname LIKE :fullname ORDER BY name ASC LIMIT 100");
$stmt->bindValue('nickname','%'.$_GET['search'].'%',PDO::PARAM_STR);
$stmt->bindValue('fullname','%'.$_GET['search'].'%',PDO::PARAM_STR);
$stmt->execute();
@@ -120,7 +120,7 @@
}
else {
if (empty($user_id) || $user_id === false) {
- $stmt=&DBConnection::getInstance()->prepare("SELECT id FROM ".ROSCMST_USERS." WHERE name = :user_name LIMIT 1");
+ $stmt=&DBConnection::getInstance()->prepare("SELECT id FROM ".ROSCMST_USERS." WHERE LOWER(name) = LOWER(:user_name) LIMIT 1");
$stmt->bindParam('user_name',rawurldecode(@$_GET['user_name']));
$stmt->execute();
$user_id = $stmt->fetchColumn();
Modified: branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Register.class.php
URL: http://svn.reactos.org/svn/reactos/branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Register.class.php?rev=416&r1=415&r2=416&view=diff
==============================================================================
--- branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Register.class.php [iso-8859-1] (original)
+++ branches/danny-web/www/www.reactos.org/roscms/lib/view/HTML_User_Register.class.php [iso-8859-1] Mon May 18 16:44:52 2009
@@ -69,10 +69,10 @@
<div class="corner_TR"></div>
</div>');
- if (isset($_POST['registerpost']) && $_POST['username'] != "" && strlen($_POST['username']) >= $config->limitUserNameMin()) {
+ if (isset($_POST['registerpost']) && isset($_POST['username']) && preg_match('/^[a-z0-9_\-[:space:]\.]{'.$config->limitUserNameMin().','.$config->limitUsernameMax().'}$/i')) {
// check if another account with the same username already exists
- $stmt=&DBConnection::getInstance()->prepare("SELECT name FROM ".ROSCMST_USERS." WHERE REPLACE(name, '_', ' ') = REPLACE(:username, '_', ' ') LIMIT 1");
+ $stmt=&DBConnection::getInstance()->prepare("SELECT name FROM ".ROSCMST_USERS." WHERE LOWER(REPLACE(name, '_', ' ')) = LOWER(REPLACE(:username, '_', ' ')) LIMIT 1");
$stmt->bindParam('username',$_POST['username'],PDO::PARAM_STR);
$stmt->execute();
$name_exists = ($stmt->fetchColumn() !== false);
@@ -84,17 +84,11 @@
// name is not forbidden -> go on
if ($stmt->fetchColumn() === false) {
- if (isset($_POST['registerpost']) && isset($_POST['userpwd1']) && $_POST['userpwd1'] != '' && isset($_POST['userpwd2']) && $_POST['userpwd2'] != '' && $_POST['userpwd1'] == $_POST['userpwd2']) {
- $stmt=&DBConnection::getInstance()->prepare("SELECT pwd_name FROM user_unsafepwds WHERE pwd_name = :pwd_name LIMIT 1");
- $stmt->bindParam('pwd_name',$_POST['userpwd1'],PDO::PARAM_STR);
- $stmt->execute();
- $safepwd = ($stmt->fetchColumn() !== false);
- }
if (isset($_POST['registerpost']) && isset($_POST['useremail']) && $_POST['useremail'] != '') {
// check if another account with the same email address already exists
- $stmt=&DBConnection::getInstance()->prepare("SELECT user_email FROM users WHERE user_email = :email LIMIT 1");
+ $stmt=&DBConnection::getInstance()->prepare("SELECT email FROM ".ROSCMST_USERS." WHERE email = :email LIMIT 1");
$stmt->bindParam('email',$_POST['useremail'],PDO::PARAM_STR);
$stmt->execute();
@@ -116,7 +110,7 @@
$activation_code = substr($activation_code, 0, rand(10, 15));
// add new account
- $stmt=&DBConnection::getInstance()->prepare("INSERT INTO users ( user_name, user_roscms_password, user_register, user_register_activation, user_email, user_language ) VALUES ( :user_name, MD5( :password ), NOW(), :activation_code, :email, :lang )");
+ $stmt=&DBConnection::getInstance()->prepare("INSERT INTO ".ROSCMST_USERS." ( name, password, created, activation, email, language, modified ) VALUES ( :user_name, MD5( :password ), NOW(), :activation_code, :email, :lang, NOW() )");
$stmt->bindParam('user_name',$_POST['username'],PDO::PARAM_STR);
$stmt->bindParam('password',$_POST['userpwd1'],PDO::PARAM_STR);
$stmt->bindParam('activation_code',$activation_code,PDO::PARAM_STR);
@@ -124,13 +118,13 @@
$stmt->bindParam('lang',$userlang,PDO::PARAM_STR);
$stmt->execute();
- $stmt=&DBConnection::getInstance()->prepare("SELECT user_id FROM users WHERE user_name = :user_name ORDER BY user_id DESC LIMIT 1");
+ $stmt=&DBConnection::getInstance()->prepare("SELECT id FROM ".ROSCMST_USERS." WHERE LOWER(name) = LOWER(:user_name)");
$stmt->bindParam('user_name',$_POST['username'],PDO::PARAM_INT);
$stmt->execute();
$user_id = $stmt->fetchColumn();
// give a 'user' group membership
- $stmt=&DBConnection::getInstance()->prepare("INSERT INTO usergroup_members (usergroupmember_userid, usergroupmember_usergroupid) VALUES (:user_id, 'user')");
+ $stmt=&DBConnection::getInstance()->prepare("INSERT INTO ".ROSCMST_MEMBERSHIPS." (user_id, group_id) SELECT :user_id, id FROM ".ROSCMST_GROUPS." WHERE name_short = 'user' LIMIT 1");
$stmt->bindParam('user_id',$user_id,PDO::PARAM_INT);
$stmt->execute();
More information about the Ros-diffs
mailing list