From e46fa203829954370ce793156c78ce5c4600d020 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Sun, 1 Aug 2010 07:27:18 +0000 Subject: [PATCH] Fixed wrong handling of nickname in member login --- inc/libs/user_functions.php | 5 +++-- inc/modules/guest/what-login.php | 13 +++++++++++-- inc/mysql-manager.php | 2 +- inc/wrapper-functions.php | 7 +++++-- 4 files changed, 20 insertions(+), 7 deletions(-) diff --git a/inc/libs/user_functions.php b/inc/libs/user_functions.php index fd7ac7740d..b4fefbb35d 100644 --- a/inc/libs/user_functions.php +++ b/inc/libs/user_functions.php @@ -276,6 +276,7 @@ function doUserLogin ($userid, $passwd, $successUrl = '', $errorUrl = 'modules.p $add = ''; $errorCode = '0'; $ext = ''; + $isFound = false; // Init array $content = array( @@ -296,11 +297,11 @@ function doUserLogin ($userid, $passwd, $successUrl = '', $errorUrl = 'modules.p $ext = 'nickname'; } else { // Direct userid entered - fetchUserData($userid); + $isFound = fetchUserData($userid); } // No error found? - if ($errorCode == '0') { + if (($errorCode == '0') && ($isFound === true)) { // Get user data array and set userid (e.g. important if we login with nickname) $content = getUserDataArray(); if (!empty($content['userid'])) $userid = bigintval($content['userid']); diff --git a/inc/modules/guest/what-login.php b/inc/modules/guest/what-login.php index e888b2cbbb..f2c6938e87 100644 --- a/inc/modules/guest/what-login.php +++ b/inc/modules/guest/what-login.php @@ -64,7 +64,7 @@ if ((isMemberIdSet()) && (isSessionVariableSet('u_hash'))) { $userid = getMemberId(); } elseif ((isPostRequestParameterSet('id')) && (isPostRequestParameterSet('password')) && (isFormSent())) { // Set userid and crypt password when login data was submitted - if ((isExtensionActive('nickname')) && (isNicknameUsed(postRequestParameter('id')))) { + if (isExtensionActive('nickname')) { // Nickname entered $userid = SQL_ESCAPE(postRequestParameter('id')); } else { @@ -74,7 +74,16 @@ if ((isMemberIdSet()) && (isSessionVariableSet('u_hash'))) { } elseif (isPostRequestParameterSet('new_pass')) { // New password requested $userid = '0'; - if ((isPostRequestParameterSet('id')) && (postRequestParameter('id') > 0)) $userid = bigintval(postRequestParameter('id')); + if (isPostRequestParameterSet('id')) { + // Do we have nickname or userid? + if ((isExtensionActive('nickname')) && (isNicknameUsed(postRequestParameter('id')))) { + // Nickname entered + $userid = SQL_ESCAPE(postRequestParameter('id')); + } else { + // Direct userid entered + $userid = bigintval(postRequestParameter('id')); + } + } // END - if } else { // Not logged in $userid = '0'; $hash = ''; diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index b2083285c0..8fadc7f883 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -716,7 +716,7 @@ function getActionFromModuleWhat ($module, $what) { // Init status $data['action'] = ''; - //* DEBUG: */ debugOutput(__LINE__.'='.$module.'/'.$what.'/'.getAction().'='); + //* DEBUG: */ debugOutput(__LINE__ . '=' . $module . '/'.$what . '/' . getAction() . '='); if (!isExtensionInstalledAndNewer('sql_patches', '0.0.5')) { // sql_patches is missing so choose depending on mode if (isWhatSet()) { diff --git a/inc/wrapper-functions.php b/inc/wrapper-functions.php index e568da44e2..c6d6d4b1d8 100644 --- a/inc/wrapper-functions.php +++ b/inc/wrapper-functions.php @@ -824,8 +824,11 @@ function getUserDataArray () { // Get user id $uid = getCurrentUserId(); - // User id should not be zero - if ($uid < 1) debug_report_bug(__FUNCTION__, __LINE__, 'User id is zero.'); + // Is the current userid valid? + if (!isValidUserId($uid)) { + // Should be always valid + debug_report_bug(__FUNCTION__, __LINE__, 'User id is zero.'); + } // END - if // Get the whole array if found if (isset($GLOBALS['user_data'][$uid])) { -- 2.39.2