From 9afe50d1e5b68a54d7cc08306166e707dd44a64d Mon Sep 17 00:00:00 2001 From: Fabrixxm Date: Tue, 13 Nov 2012 04:40:15 -0500 Subject: [PATCH 1/2] uimport: add register policy and max daily registrations check (issue 508) --- mod/uimport.php | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/mod/uimport.php b/mod/uimport.php index 5fe2642fc6..3f11023df2 100644 --- a/mod/uimport.php +++ b/mod/uimport.php @@ -36,6 +36,29 @@ function uimport_post(&$a) { } function uimport_content(&$a) { + + if((! local_user()) && ($a->config['register_policy'] == REGISTER_CLOSED)) { + notice("Permission denied." . EOL); + return; + } + + $max_dailies = intval(get_config('system','max_daily_registrations')); + if($max_dailies) { + $r = q("select count(*) as total from user where register_date > UTC_TIMESTAMP - INTERVAL 1 day"); + if($r && $r[0]['total'] >= $max_dailies) { + logger('max daily registrations exceeded.'); + notice( t('This site has exceeded the number of allowed daily account registrations. Please try again tomorrow.') . EOL); + return; + } + } + + + if(x($_SESSION,'theme')) + unset($_SESSION['theme']); + if(x($_SESSION,'mobile-theme')) + unset($_SESSION['mobile-theme']); + + $tpl = get_markup_template("uimport.tpl"); return replace_macros($tpl, array( '$regbutt' => t('Import'), From 374683503aacadbd6ae2221a9b1245ce602c559d Mon Sep 17 00:00:00 2001 From: Fabrixxm Date: Tue, 13 Nov 2012 04:52:32 -0500 Subject: [PATCH 2/2] uimport: check check to ensure the username isn't already taken before import (issue 508) --- include/uimport.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/include/uimport.php b/include/uimport.php index 9427931687..38b1772475 100644 --- a/include/uimport.php +++ b/include/uimport.php @@ -73,6 +73,18 @@ function import_account(&$a, $file) { return; } + + // check for username + $r = q("SELECT uid FROM user WHERE nickname='%s'", $account['user']['nickname']); + if ($r===false) { + logger("uimport:check nickname : ERROR : ".last_error(), LOGGER_NORMAL); + notice(t('Error! Cannot check nickname')); + return; + } + if (count($r)>0) { + notice(sprintf(t("User '%s' already exists on this server!"),$account['user']['nickname'])); + return; + } $oldbaseurl = $account['baseurl']; $newbaseurl = $a->get_baseurl();