prevent re-registrations using a deleted username - not an issue with Friendica but could create a serious privacy issue with federated platforms
This commit is contained in:
parent
576eb6cc38
commit
ebdf0ee99e
6 changed files with 38 additions and 2 deletions
2
boot.php
2
boot.php
|
@ -11,7 +11,7 @@ require_once('include/cache.php');
|
||||||
define ( 'FRIENDICA_PLATFORM', 'Friendica');
|
define ( 'FRIENDICA_PLATFORM', 'Friendica');
|
||||||
define ( 'FRIENDICA_VERSION', '2.3.1288' );
|
define ( 'FRIENDICA_VERSION', '2.3.1288' );
|
||||||
define ( 'DFRN_PROTOCOL_VERSION', '2.23' );
|
define ( 'DFRN_PROTOCOL_VERSION', '2.23' );
|
||||||
define ( 'DB_UPDATE_VERSION', 1132 );
|
define ( 'DB_UPDATE_VERSION', 1133 );
|
||||||
|
|
||||||
define ( 'EOL', "<br />\r\n" );
|
define ( 'EOL', "<br />\r\n" );
|
||||||
define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' );
|
define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' );
|
||||||
|
|
|
@ -861,3 +861,9 @@ INDEX ( `term` )
|
||||||
) ENGINE = MyISAM DEFAULT CHARSET=utf8;
|
) ENGINE = MyISAM DEFAULT CHARSET=utf8;
|
||||||
|
|
||||||
|
|
||||||
|
CREATE TABLE IF NOT EXISTS `userd` (
|
||||||
|
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
|
||||||
|
`username` CHAR( 255 ) NOT NULL,
|
||||||
|
INDEX ( `username` )
|
||||||
|
) ENGINE = MyISAM DEFAULT CHARSET=utf8;
|
||||||
|
|
||||||
|
|
|
@ -15,6 +15,12 @@ function user_remove($uid) {
|
||||||
|
|
||||||
call_hooks('remove_user',$r[0]);
|
call_hooks('remove_user',$r[0]);
|
||||||
|
|
||||||
|
// save username (actually the nickname as it is guaranteed
|
||||||
|
// unique), so it cannot be re-registered in the future.
|
||||||
|
|
||||||
|
q("insert into userd ( username ) values ( '%s' )",
|
||||||
|
$r[0]['nickname']
|
||||||
|
);
|
||||||
|
|
||||||
q("DELETE FROM `contact` WHERE `uid` = %d", intval($uid));
|
q("DELETE FROM `contact` WHERE `uid` = %d", intval($uid));
|
||||||
q("DELETE FROM `group` WHERE `uid` = %d", intval($uid));
|
q("DELETE FROM `group` WHERE `uid` = %d", intval($uid));
|
||||||
|
|
|
@ -150,6 +150,16 @@ function register_post(&$a) {
|
||||||
if(count($r))
|
if(count($r))
|
||||||
$err .= t('Nickname is already registered. Please choose another.') . EOL;
|
$err .= t('Nickname is already registered. Please choose another.') . EOL;
|
||||||
|
|
||||||
|
// Check deleted accounts that had this nickname. Doesn't matter to us,
|
||||||
|
// but could be a security issue for federated platforms.
|
||||||
|
|
||||||
|
$r = q("SELECT * FROM `userd`
|
||||||
|
WHERE `username` = '%s' LIMIT 1",
|
||||||
|
dbesc($nickname)
|
||||||
|
);
|
||||||
|
if(count($r))
|
||||||
|
$err .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL;
|
||||||
|
|
||||||
if(strlen($err)) {
|
if(strlen($err)) {
|
||||||
notice( $err );
|
notice( $err );
|
||||||
return;
|
return;
|
||||||
|
|
|
@ -64,6 +64,11 @@ function user_allow($hash) {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// This does not have to go through user_remove() and save the nickname
|
||||||
|
// permanently against re-registration, as the person was not yet
|
||||||
|
// allowed to have friends on this system
|
||||||
|
|
||||||
function user_deny($hash) {
|
function user_deny($hash) {
|
||||||
|
|
||||||
$register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1",
|
$register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1",
|
||||||
|
|
11
update.php
11
update.php
|
@ -1,6 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
define( 'UPDATE_VERSION' , 1132 );
|
define( 'UPDATE_VERSION' , 1133 );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
|
@ -1127,3 +1127,12 @@ function update_1131() {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function update_1132() {
|
||||||
|
q("CREATE TABLE IF NOT EXISTS `userd` (
|
||||||
|
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
|
||||||
|
`username` CHAR( 255 ) NOT NULL,
|
||||||
|
INDEX ( `username` )
|
||||||
|
) ENGINE = MYISAM ");
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue