Merge branch 'master' into proxyconnect

* master: (169 commits) added PCRE UTF-8 checks to do=check FS#2636 avoid multiple paralell update checks fix regression bug in HTTPClient FS#2621 changed PAGEUTILS_ID_HIDEPAGE to has BEFORE/AFTER TarLib code cleanup TarLib: fixed appending in non-dynamic mode fixed third method of adding files in TarLib fix lone zero block in TarLib created archives fix use of constructor in TarLib Slovak language update Korean language update Latvian language update added event PAGEUTILS_ID_HIDEPAGE added test for isHiddenPage() removed redundant variables in tpl_include_page() (because of 3ff8773b) added cut off points for mobile devices as parameters to style.ini Corrected typo: ruke -> rule Persian language update Spanish language update russian language update ...
author: Andreas Gohr <andi@splitbrain.org> 2012-11-08 23:15:08 +0100
committer: Andreas Gohr <andi@splitbrain.org> 2012-11-08 23:15:08 +0100
commit: 04924b7a9d090c0814cfff3e6706263e4d5a46e8 (patch)
tree: d83fc6b5683fbc9c639bfd1832f96dca2f3c8646 /inc/auth.php
parent: 1ea7a6bada66fc9b7a45f61b4892e4ea23196d89 (diff)
parent: a731ed1d6736ca405b3559adfd9500affcc59412 (diff)
download: rpg-04924b7a9d090c0814cfff3e6706263e4d5a46e8.tar.gz
rpg-04924b7a9d090c0814cfff3e6706263e4d5a46e8.tar.bz2
1 files changed, 22 insertions, 27 deletions
diff --git a/inc/auth.php b/inc/auth.php
index cedfdee36..1c8a8f5f5 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -65,7 +65,7 @@ function auth_setup() {
         nice_die($lang['authmodfailed']);
     }
 
-    if(!$auth) return false;
+    if(!isset($auth) || !$auth) return false;
 
     // do the login either by cookie or provided credentials XXX
     $INPUT->set('http_credentials', false);
@@ -299,7 +299,7 @@ function auth_createToken() {
  *
  * This is neither unique nor unfakable - still it adds some
  * security. Using the first part of the IP makes sure
- * proxy farms like AOLs are stil okay.
+ * proxy farms like AOLs are still okay.
  *
  * @author  Andreas Gohr <andi@splitbrain.org>
  *
@@ -313,6 +313,7 @@ function auth_browseruid() {
     $uid .= $_SERVER['HTTP_ACCEPT_LANGUAGE'];
     $uid .= $_SERVER['HTTP_ACCEPT_CHARSET'];
     $uid .= substr($ip, 0, strpos($ip, '.'));
+    $uid = strtolower($uid);
     return md5($uid);
 }
 
@@ -733,68 +734,62 @@ function register() {
     global $conf;
     /* @var auth_basic $auth */
     global $auth;
+    global $INPUT;
 
-    if(!$_POST['save']) return false;
+    if(!$INPUT->post->bool('save')) return false;
     if(!actionOK('register')) return false;
 
-    //clean username
-    $_POST['login'] = trim($auth->cleanUser($_POST['login']));
-
-    //clean fullname and email
-    $_POST['fullname'] = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/', '', $_POST['fullname']));
-    $_POST['email']    = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/', '', $_POST['email']));
+    // gather input
+    $login    = trim($auth->cleanUser($INPUT->post->str('login')));
+    $fullname = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/', '', $INPUT->post->str('fullname')));
+    $email    = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/', '', $INPUT->post->str('email')));
+    $pass     = $INPUT->post->str('pass');
+    $passchk  = $INPUT->post->str('passchk');
 
-    if(empty($_POST['login']) ||
-        empty($_POST['fullname']) ||
-        empty($_POST['email'])
-    ) {
+    if(empty($login) || empty($fullname) || empty($email)) {
         msg($lang['regmissing'], -1);
         return false;
     }
 
     if($conf['autopasswd']) {
         $pass = auth_pwgen(); // automatically generate password
-    } elseif(empty($_POST['pass']) ||
-        empty($_POST['passchk'])
-    ) {
+    } elseif(empty($pass) || empty($passchk)) {
         msg($lang['regmissing'], -1); // complain about missing passwords
         return false;
-    } elseif($_POST['pass'] != $_POST['passchk']) {
+    } elseif($pass != $passchk) {
         msg($lang['regbadpass'], -1); // complain about misspelled passwords
         return false;
-    } else {
-        $pass = $_POST['pass']; // accept checked and valid password
     }
 
     //check mail
-    if(!mail_isvalid($_POST['email'])) {
+    if(!mail_isvalid($email)) {
         msg($lang['regbadmail'], -1);
         return false;
     }
 
     //okay try to create the user
-    if(!$auth->triggerUserMod('create', array($_POST['login'], $pass, $_POST['fullname'], $_POST['email']))) {
+    if(!$auth->triggerUserMod('create', array($login, $pass, $fullname, $email))) {
         msg($lang['reguexists'], -1);
         return false;
     }
 
     // create substitutions for use in notification email
     $substitutions = array(
-        'NEWUSER'  => $_POST['login'],
-        'NEWNAME'  => $_POST['fullname'],
-        'NEWEMAIL' => $_POST['email'],
+        'NEWUSER'  => $login,
+        'NEWNAME'  => $fullname,
+        'NEWEMAIL' => $email,
     );
 
     if(!$conf['autopasswd']) {
         msg($lang['regsuccess2'], 1);
-        notify('', 'register', '', $_POST['login'], false, $substitutions);
+        notify('', 'register', '', $login, false, $substitutions);
         return true;
     }
 
     // autogenerated password? then send him the password
-    if(auth_sendPassword($_POST['login'], $pass)) {
+    if(auth_sendPassword($login, $pass)) {
         msg($lang['regsuccess'], 1);
-        notify('', 'register', '', $_POST['login'], false, $substitutions);
+        notify('', 'register', '', $login, false, $substitutions);
         return true;
     } else {
         msg($lang['regmailfail'], -1);
author	Andreas Gohr <andi@splitbrain.org>	2012-11-08 23:15:08 +0100
committer	Andreas Gohr <andi@splitbrain.org>	2012-11-08 23:15:08 +0100
commit	04924b7a9d090c0814cfff3e6706263e4d5a46e8 (patch)
tree	d83fc6b5683fbc9c639bfd1832f96dca2f3c8646 /inc/auth.php
parent	1ea7a6bada66fc9b7a45f61b4892e4ea23196d89 (diff)
parent	a731ed1d6736ca405b3559adfd9500affcc59412 (diff)
download	rpg-04924b7a9d090c0814cfff3e6706263e4d5a46e8.tar.gz rpg-04924b7a9d090c0814cfff3e6706263e4d5a46e8.tar.bz2