diff options
author | Lukas Fleischer <archlinux@cryptocrack.de> | 2014-07-15 22:17:57 +0200 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2014-07-15 22:56:57 +0200 |
commit | 1b901616dc355cbab286ece18ca2c9c9e19d3415 (patch) | |
tree | 1978c6677b590b5ae8cd6709f4a5ffc6c8e6a510 /web | |
parent | 03c6304e19d5d3ecd276dd3f42220db301ab511d (diff) | |
download | aur-1b901616dc355cbab286ece18ca2c9c9e19d3415.tar.gz aur-1b901616dc355cbab286ece18ca2c9c9e19d3415.tar.xz |
Disallow privileged users to use invalid user names
Prevent Trusted Users and developers from accidentally using a name that
contains invalid characters. Also, remove user_is_privileged() which is
no longer needed after this change.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web')
-rw-r--r-- | web/lib/acctfuncs.inc.php | 23 |
1 files changed, 1 insertions, 22 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index e2e37b87..578c3764 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -117,7 +117,7 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="", $error = __("Missing User ID"); } - if (!$error && !valid_username($U) && !user_is_privileged($editor_user)) { + if (!$error && !valid_username($U)) { $error = __("The username is invalid.") . "<ul>\n" ."<li>" . __("It must be between %s and %s characters long", USERNAME_MIN_LEN, USERNAME_MAX_LEN ) @@ -832,27 +832,6 @@ function user_delete($id) { } /** - * Determine if a user is either a Trusted User or Developer - * - * @param string $id The ID of the user to check if privileged - * - * @return int|string Return 0 if un-privileged, "2" if Trusted User, "3" if Developer - */ -function user_is_privileged($id) { - $dbh = DB::connect(); - $q = "SELECT AccountTypeID FROM Users WHERE ID = " . $id; - $result = $dbh->query($q); - if ($result) { - $row = $result->fetch(PDO::FETCH_NUM); - if($row[0] > 1) { - return $row[0]; - } - } - return 0; - -} - -/** * Remove the session from the database on logout * * @param string $sid User's session ID |