friendica
/
friendica
mirror of https://github.com/friendica/friendica.git
3
5
Fork 3
Code Issues Releases 13 Wiki Activity
Browse Source

prevent re-registrations using a deleted username - not an issue with Friendica but could create a serious privacy issue with federated platforms

pull/157/head
friendica 10 years ago
parent
576eb6cc38
commit
ebdf0ee99e
6 changed files with 38 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      boot.php
  2. 6
      database.sql
  3. 6
      include/Contact.php
  4. 10
      mod/register.php
  5. 5
      mod/regmod.php
  6. 11
      update.php

2
boot.php
View File

@ -11,7 +11,7 @@ require_once('include/cache.php');
define ( 'FRIENDICA_PLATFORM', 'Friendica');
define ( 'FRIENDICA_VERSION', '2.3.1288' );
define ( 'DFRN_PROTOCOL_VERSION', '2.23' );
define ( 'DB_UPDATE_VERSION', 1132 );
define ( 'DB_UPDATE_VERSION', 1133 );
define ( 'EOL', "<br />\r\n" );
define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' );

6
database.sql
View File

@ -861,3 +861,9 @@ INDEX ( `term` )
) ENGINE = MyISAM DEFAULT CHARSET=utf8;
CREATE TABLE IF NOT EXISTS `userd` (
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`username` CHAR( 255 ) NOT NULL,
INDEX ( `username` )
) ENGINE = MyISAM DEFAULT CHARSET=utf8;

6
include/Contact.php
View File

@ -15,6 +15,12 @@ function user_remove($uid) {
call_hooks('remove_user',$r[0]);
// save username (actually the nickname as it is guaranteed
// unique), so it cannot be re-registered in the future.
q("insert into userd ( username ) values ( '%s' )",
$r[0]['nickname']
);
q("DELETE FROM `contact` WHERE `uid` = %d", intval($uid));
q("DELETE FROM `group` WHERE `uid` = %d", intval($uid));

10
mod/register.php
View File

@ -150,6 +150,16 @@ function register_post(&$a) {
if(count($r))
$err .= t('Nickname is already registered. Please choose another.') . EOL;
// Check deleted accounts that had this nickname. Doesn't matter to us,
// but could be a security issue for federated platforms.
$r = q("SELECT * FROM `userd`
WHERE `username` = '%s' LIMIT 1",
dbesc($nickname)
);
if(count($r))
$err .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL;
if(strlen($err)) {
notice( $err );
return;

5
mod/regmod.php
View File

@ -64,6 +64,11 @@ function user_allow($hash) {
}
// This does not have to go through user_remove() and save the nickname
// permanently against re-registration, as the person was not yet
// allowed to have friends on this system
function user_deny($hash) {
$register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1",

11
update.php
View File

@ -1,6 +1,6 @@
<?php
define( 'UPDATE_VERSION' , 1132 );
define( 'UPDATE_VERSION' , 1133 );
/**
*
@ -1127,3 +1127,12 @@ function update_1131() {
}
function update_1132() {
q("CREATE TABLE IF NOT EXISTS `userd` (
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`username` CHAR( 255 ) NOT NULL,
INDEX ( `username` )
) ENGINE = MYISAM ");
}
Write Preview
Loading…
Cancel
Save