prevent re-registrations using a deleted username - not an issue with Friendica but could create a serious privacy issue with federated platforms
This commit is contained in:
friendica
parent
576eb6cc38
commit
ebdf0ee99e
6 changed files with 38 additions and 2 deletions
|
|
@ -150,6 +150,16 @@ function register_post(&$a) {
|
|||
if(count($r))
|
||||
$err .= t('Nickname is already registered. Please choose another.') . EOL;
|
||||
|
||||
// Check deleted accounts that had this nickname. Doesn't matter to us,
|
||||
// but could be a security issue for federated platforms.
|
||||
|
||||
$r = q("SELECT * FROM `userd`
|
||||
WHERE `username` = '%s' LIMIT 1",
|
||||
dbesc($nickname)
|
||||
);
|
||||
if(count($r))
|
||||
$err .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL;
|
||||
|
||||
if(strlen($err)) {
|
||||
notice( $err );
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -64,6 +64,11 @@ function user_allow($hash) {
|
|||
|
||||
}
|
||||
|
||||
|
||||
// This does not have to go through user_remove() and save the nickname
|
||||
// permanently against re-registration, as the person was not yet
|
||||
// allowed to have friends on this system
|
||||
|
||||
function user_deny($hash) {
|
||||
|
||||
$register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1",
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue