From: Matteo Nastasi (mop) <nastasi@alternativeoutput.it>
Date: Mon, 14 Dec 2015 08:24:10 +0000 (+0100)
Subject: new login rules (max 2 same characters a side), check rules server side and associate... 
X-Git-Tag: v5.3.0~27
X-Git-Url: http://mop.ddnsfree.com/gitweb/?p=brisk.git;a=commitdiff_plain;h=bbd72460bcf4269ffd21cfb97e0ab616ac7276e7

new login rules (max 2 same characters a side), check rules server side and associated test
---

diff --git a/TODO.txt b/TODO.txt
index 3e7e637..3fe465b 100644
--- a/TODO.txt
+++ b/TODO.txt
@@ -3,7 +3,8 @@
 
   BUGS |
  ------+
-   - Not triple chars between letters
+   DONE - Not sequence of 3 same chars
+   DONE   . check server side with test
    <release>
    - Global vars checker
    - usermgmt: add user delete
diff --git a/test/logintest.php b/test/logintest.php
new file mode 100755
index 0000000..0ad0984
--- /dev/null
+++ b/test/logintest.php
@@ -0,0 +1,29 @@
+#!/usr/bin/php
+<?php
+
+$G_base = "web/";
+
+require_once('test/Obj/test.phh');
+require_once('web/Obj/brisk.phh');
+
+printf("testing internal_encoding: ");
+if (mb_internal_encoding() != "UTF-8") {
+    printf("mb_internal_encoding from cli/php.ini: [%s], FIX with UTF-8\n", mb_internal_encoding());
+    exit(1);
+}
+else {
+    printf("UTF-8, OK\n");
+}
+
+$nam = array ("ò12345678912", "ò123456789123", "pippo", "pìppo", "zorrro", "pìììppo");
+
+if (mb_strlen($nam[0]) != 12) {
+    printf("mb_strlen not return expected len (12) but %d\n", mb_strlen($nam[0]));
+    exit(1);
+}
+
+for ($i = 0 ; $i < count($nam) ; $i++) {
+    printf("[%s] %s\n", $nam[$i], (login_consistency($nam[$i]) ? "TRUE" : "FALSE"));
+}
+
+?>
\ No newline at end of file
diff --git a/web/Obj/brisk.phh b/web/Obj/brisk.phh
index 5c951ef..6d4096c 100644
--- a/web/Obj/brisk.phh
+++ b/web/Obj/brisk.phh
@@ -3524,5 +3524,31 @@ function carousel_top()
     }
 }
 
+function login_consistency($name)
+{
+    $old_c = '';
+    if (($len = mb_strlen($name)) > 12) {
+        return FALSE;
+    }
 
+    for ($i = 0 ; $i < mb_strlen($name) ; $i++) {
+        $c = mb_substr($name, $i, 1);
+        if (mb_ereg_match ("[a-zA-Z0-9]", $c)) {
+            if ($old_c != $c) {
+                $old_c = $c;
+                $old_ct = 1;
+            }
+            else {
+                $old_ct++;
+                if ($old_ct > 2) {
+                    return (FALSE);
+                }
+            }
+        }
+        else {
+            return (FALSE);
+        }
+    }
+    return (TRUE);
+}
 ?>
diff --git a/web/index_wr.php b/web/index_wr.php
index ea88b0f..2d514af 100644
--- a/web/index_wr.php
+++ b/web/index_wr.php
@@ -243,6 +243,12 @@ function index_wr_main(&$brisk, $remote_addr_full, $get, $post, $cookie)
             // check existence of username or email
             $is_trans = FALSE;
             do {
+                error_log($cli_name);
+                if (login_consistency($cli_name) == FALSE) {
+                    $mesg_to_user = "Il nickname non è conforme alle regole per la sua costruzione.";
+                    break;
+                }
+
                 if (($bdb = BriskDB::create()) == FALSE) {
                     $mesg_to_user = "Connessione al database fallita";
                     break;
diff --git a/web/room.js b/web/room.js
index 7874263..38a3d2a 100644
--- a/web/room.js
+++ b/web/room.js
@@ -504,13 +504,13 @@ function j_check_login(login, ret)
             (login[i] >= 'A' && login[i] <= 'Z')) {
             if (old_c != login[i]) {
                 old_c = login[i];
-                old_ct = 0;
+                old_ct = 1;
             }
             else {
-                if (old_ct > 3) {
+                if (old_ct > 2) {
                     // FIXME LANG
-                    ret.ret = (g_lang == 'en' ? "More than three contiguous '" + old_c + "' not allowed." :
-                               "Il nickname contiene più di tre caratteri '" + old_c + "' consecutivi.");
+                    ret.ret = (g_lang == 'en' ? "More than two contiguous '" + old_c + "' not allowed." :
+                               "Il nickname contiene più di 2 caratteri '" + old_c + "' consecutivi.");
                     return (false);
                 }
             }