From bbd72460bcf4269ffd21cfb97e0ab616ac7276e7 Mon Sep 17 00:00:00 2001
From: "Matteo Nastasi (mop)" <nastasi@alternativeoutput.it>
Date: Mon, 14 Dec 2015 09:24:10 +0100
Subject: [PATCH] new login rules (max 2 same characters a side), check rules
server side and associated test
---
TODO.txt | 3 ++-
test/logintest.php | 29 +++++++++++++++++++++++++++++
web/Obj/brisk.phh | 26 ++++++++++++++++++++++++++
web/index_wr.php | 6 ++++++
web/room.js | 8 ++++----
5 files changed, 67 insertions(+), 5 deletions(-)
create mode 100755 test/logintest.php
diff --git a/TODO.txt b/TODO.txt
index 3e7e637..3fe465b 100644
--- a/TODO.txt
+++ b/TODO.txt
@@ -3,7 +3,8 @@
BUGS |
------+
- - Not triple chars between letters
+ DONE - Not sequence of 3 same chars
+ DONE . check server side with test
<release>
- Global vars checker
- usermgmt: add user delete
diff --git a/test/logintest.php b/test/logintest.php
new file mode 100755
index 0000000..0ad0984
--- /dev/null
+++ b/test/logintest.php
@@ -0,0 +1,29 @@
+#!/usr/bin/php
+<?php
+
+$G_base = "web/";
+
+require_once('test/Obj/test.phh');
+require_once('web/Obj/brisk.phh');
+
+printf("testing internal_encoding: ");
+if (mb_internal_encoding() != "UTF-8") {
+ printf("mb_internal_encoding from cli/php.ini: [%s], FIX with UTF-8\n", mb_internal_encoding());
+ exit(1);
+}
+else {
+ printf("UTF-8, OK\n");
+}
+
+$nam = array ("ò12345678912", "ò123456789123", "pippo", "pìppo", "zorrro", "pìììppo");
+
+if (mb_strlen($nam[0]) != 12) {
+ printf("mb_strlen not return expected len (12) but %d\n", mb_strlen($nam[0]));
+ exit(1);
+}
+
+for ($i = 0 ; $i < count($nam) ; $i++) {
+ printf("[%s] %s\n", $nam[$i], (login_consistency($nam[$i]) ? "TRUE" : "FALSE"));
+}
+
+?>
\ No newline at end of file
diff --git a/web/Obj/brisk.phh b/web/Obj/brisk.phh
index 5c951ef..6d4096c 100644
--- a/web/Obj/brisk.phh
+++ b/web/Obj/brisk.phh
@@ -3524,5 +3524,31 @@ function carousel_top()
}
}
+function login_consistency($name)
+{
+ $old_c = '';
+ if (($len = mb_strlen($name)) > 12) {
+ return FALSE;
+ }
+ for ($i = 0 ; $i < mb_strlen($name) ; $i++) {
+ $c = mb_substr($name, $i, 1);
+ if (mb_ereg_match ("[a-zA-Z0-9]", $c)) {
+ if ($old_c != $c) {
+ $old_c = $c;
+ $old_ct = 1;
+ }
+ else {
+ $old_ct++;
+ if ($old_ct > 2) {
+ return (FALSE);
+ }
+ }
+ }
+ else {
+ return (FALSE);
+ }
+ }
+ return (TRUE);
+}
?>
diff --git a/web/index_wr.php b/web/index_wr.php
index ea88b0f..2d514af 100644
--- a/web/index_wr.php
+++ b/web/index_wr.php
@@ -243,6 +243,12 @@ function index_wr_main(&$brisk, $remote_addr_full, $get, $post, $cookie)
// check existence of username or email
$is_trans = FALSE;
do {
+ error_log($cli_name);
+ if (login_consistency($cli_name) == FALSE) {
+ $mesg_to_user = "Il nickname non è conforme alle regole per la sua costruzione.";
+ break;
+ }
+
if (($bdb = BriskDB::create()) == FALSE) {
$mesg_to_user = "Connessione al database fallita";
break;
diff --git a/web/room.js b/web/room.js
index 7874263..38a3d2a 100644
--- a/web/room.js
+++ b/web/room.js
@@ -504,13 +504,13 @@ function j_check_login(login, ret)
(login[i] >= 'A' && login[i] <= 'Z')) {
if (old_c != login[i]) {
old_c = login[i];
- old_ct = 0;
+ old_ct = 1;
}
else {
- if (old_ct > 3) {
+ if (old_ct > 2) {
// FIXME LANG
- ret.ret = (g_lang == 'en' ? "More than three contiguous '" + old_c + "' not allowed." :
- "Il nickname contiene più di tre caratteri '" + old_c + "' consecutivi.");
+ ret.ret = (g_lang == 'en' ? "More than two contiguous '" + old_c + "' not allowed." :
+ "Il nickname contiene più di 2 caratteri '" + old_c + "' consecutivi.");
return (false);
}
}
--
2.17.1