diff options
| author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-08-12 13:28:55 +0000 |
|---|---|---|
| committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-08-12 13:28:55 +0000 |
| commit | 36ced79b9dfaeb4fcd3f5bc6e4d3fd2b25c19d2f (patch) | |
| tree | ab89c83745ead98d010196d85b899e12ab1b011d /engine/lib/users.php | |
| parent | 79916b49fbea384981eba250080ce92a61d4c350 (diff) | |
| download | elgg-36ced79b9dfaeb4fcd3f5bc6e4d3fd2b25c19d2f.tar.gz elgg-36ced79b9dfaeb4fcd3f5bc6e4d3fd2b25c19d2f.tar.bz2 | |
Refs #229 : Register now has more granular messages, dupe email checkiong, sanitisation + fill in the blanks failure mode! (yay)
git-svn-id: https://code.elgg.org/elgg/trunk@1855 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib/users.php')
| -rw-r--r-- | engine/lib/users.php | 68 |
1 files changed, 62 insertions, 6 deletions
diff --git a/engine/lib/users.php b/engine/lib/users.php index 4939cc7fb..b221779dc 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -690,6 +690,23 @@ }
/** + * Get an array of users from their + * + * @param string $email Email address. + * @return Array of users + */ + function get_user_by_email($email) + { + global $CONFIG; + + $email = sanitise_string($email); + + $query = "SELECT e.* from {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}users_entity u on e.guid=u.guid where email='$email'"; + + return get_data($query, 'entity_row_to_elggstar'); + } + + /** * Searches for a user based on a complete or partial name or username using full text searching. * * IMPORTANT NOTE: With MySQL's default setup: @@ -937,6 +954,25 @@ } /** + * Validates an email address. + * + * @param string $address Email address. + * @return bool + */ + function is_email_address($address) + { + // TODO: Make this better! + + if (strpos($address, '@')=== false) + return false; + + if (strpos($address, '.')=== false) + return false; + + return true; + } + + /** * Simple function that will generate a random clear text password suitable for feeding into generate_user_password(). * * @see generate_user_password @@ -966,13 +1002,19 @@ * @param string $username The username of the new user
* @param string $password The password
* @param string $name The user's display name
- * @param string $email Their email address
+ * @param string $email Their email address + * @param bool $allow_multiple_emails Allow the same email address to be registered multiple times?
* @return int|false The new user's GUID; false on failure
*/
- function register_user($username, $password, $name, $email) {
+ function register_user($username, $password, $name, $email, $allow_multiple_emails = false) {
// Load the configuration
- global $CONFIG;
+ global $CONFIG; + + $username = sanitise_string($username); + $password = sanitise_string($password); + $name = sanitise_string($name); + $email = sanitise_string($email);
// A little sanity checking
if (empty($username)
@@ -981,11 +1023,25 @@ || empty($email)) {
return false;
}
-
+ + if (!is_email_address($email)) throw new RegistrationException(elgg_echo('registration:notemail')); + + if (strlen($username)<4) throw new RegistrationException(elgg_echo('registration:usernametooshort')); + + if (strlen($password)<6) throw new RegistrationException(elgg_echo('registration:passwordtooshort')); +
// Check to see if $username exists already
if ($user = get_user_by_username($username)) {
- return false;
- }
+ //return false; + throw new RegistrationException(elgg_echo('registration:userexists'));
+ } + + // If we're not allowed multiple emails then see if this address has been used before + if ((!$allow_multiple_emails) && (get_user_by_email($email))) + { + throw new RegistrationException(elgg_echo('registration:dupeemail')); + } +
// Check to see if we've registered the first admin yet.
// If not, this is the first admin user!
|