prevent re-registrations using a deleted username - not an issue with Friendica but...

diff --git a/boot.php b/boot.php
index 910de6f82dd5ee0edd6e45c2f39f97db66b75c2b..04e16e64dc46682485026e6563dd6299c4d6957e 100755 (executable)
--- a/boot.php
+++ b/boot.php
@@ -11,7 +11,7 @@ require_once('include/cache.php');
 define ( 'FRIENDICA_PLATFORM',     'Friendica');
 define ( 'FRIENDICA_VERSION',      '2.3.1288' );
 define ( 'DFRN_PROTOCOL_VERSION',  '2.23'    );
-define ( 'DB_UPDATE_VERSION',      1132      );
+define ( 'DB_UPDATE_VERSION',      1133      );
 
 define ( 'EOL',                    "<br />\r\n"     );
 define ( 'ATOM_TIME',              'Y-m-d\TH:i:s\Z' );

diff --git a/database.sql b/database.sql
index f058bc59ef9b149d51251d8098b4b442b81d4ff7..327b482c0690e929417d3520ba36778050f60464 100755 (executable)
--- a/database.sql
+++ b/database.sql
@@ -861,3 +861,9 @@ INDEX ( `term` )
 ) ENGINE = MyISAM DEFAULT CHARSET=utf8;
 
 
+CREATE TABLE IF NOT EXISTS `userd` (
+`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
+`username` CHAR( 255 ) NOT NULL,
+INDEX ( `username` )
+) ENGINE = MyISAM DEFAULT CHARSET=utf8;
+

diff --git a/include/Contact.php b/include/Contact.php
index baccea30550012fc16bf2a831f47b7e572ef07cd..d9949b1ef8db45cb3167fb61e84b9d3383d39a64 100755 (executable)
--- a/include/Contact.php
+++ b/include/Contact.php
@@ -15,6 +15,12 @@ function user_remove($uid) {
 
        call_hooks('remove_user',$r[0]);
 
+       // save username (actually the nickname as it is guaranteed 
+       // unique), so it cannot be re-registered in the future.
+
+       q("insert into userd ( username ) values ( '%s' )",
+               $r[0]['nickname']
+       );
 
        q("DELETE FROM `contact` WHERE `uid` = %d", intval($uid));
        q("DELETE FROM `group` WHERE `uid` = %d", intval($uid));

diff --git a/mod/register.php b/mod/register.php
index 388b3e250767c31d6f0761acb65701d1550f657a..6d0e2700bceac58c61dab0b39658f51343782763 100755 (executable)
--- a/mod/register.php
+++ b/mod/register.php
@@ -150,6 +150,16 @@ function register_post(&$a) {
        if(count($r))
                $err .= t('Nickname is already registered. Please choose another.') . EOL;
 
+       // Check deleted accounts that had this nickname. Doesn't matter to us,
+       // but could be a security issue for federated platforms.
+
+       $r = q("SELECT * FROM `userd`
+                       WHERE `username` = '%s' LIMIT 1",
+                       dbesc($nickname)
+       );
+       if(count($r))
+               $err .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL;
+
        if(strlen($err)) {
                notice( $err );
                return;

diff --git a/mod/regmod.php b/mod/regmod.php
index 17e728ba2d16266531c791316710e0403aae068d..21f41eb01ccc3c854443f22e3465ba50cc3797fa 100755 (executable)
--- a/mod/regmod.php
+++ b/mod/regmod.php
@@ -64,6 +64,11 @@ function user_allow($hash) {
 
 }
 
+
+// This does not have to go through user_remove() and save the nickname
+// permanently against re-registration, as the person was not yet
+// allowed to have friends on this system
+
 function user_deny($hash) {
 
        $register = q("SELECT * FROM `register` WHERE `hash` = '%s' LIMIT 1",

diff --git a/update.php b/update.php
index 6a685a6ff0fe191f53c6e9ac40b113bee151c72d..a69742a949d8337cef19b5fba88a6d97c3b8f4e9 100755 (executable)
--- a/update.php
+++ b/update.php
@@ -1,6 +1,6 @@
 <?php
 
-define( 'UPDATE_VERSION' , 1132 );
+define( 'UPDATE_VERSION' , 1133 );
 
 /**
  *
@@ -1127,3 +1127,12 @@ function update_1131() {
 }
 
 
+function update_1132() {
+       q("CREATE TABLE IF NOT EXISTS `userd` (
+`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
+`username` CHAR( 255 ) NOT NULL,
+INDEX ( `username` )
+) ENGINE = MYISAM ");
+
+}
+