Possibility to register user having a '-', a '_' or a '.' in username

author: Clément <clement@selfhost.fr> 2017-02-16 14:27:45 +0100
committer: Clément <clement@selfhost.fr> 2017-02-16 14:27:45 +0100
commit: 8d2b76334cd60356c85810bf4902124105d54ad4 (patch)
tree: a303e6f209fd716972ca3421c4b817beec0cabfc /app
parent: 08857c679d700b982a1af21ce11c4b25e125e44a (diff)
5 files changed, 10 insertions, 7 deletions
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 9d6ae18e6..6199ff218 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -103,8 +103,9 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		if (!is_array($userConfig)) {
 			$userConfig = array();
 		}
+        $aValid = array('-', '_', '.');
 
-		$ok = ($new_user_name != '') && ctype_alnum($new_user_name);
+		$ok = ($new_user_name != '') && ctype_alnum(str_replace($aValid, '', $new_user_name));
 
 		if ($ok) {
 			$languages = Minz_Translate::availableLanguages();
@@ -187,7 +188,8 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		$db = FreshRSS_Context::$system_conf->db;
 		require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php');
 
-		$ok = ctype_alnum($username);
+        $aValid = array('-', '_', '.');
+		$ok = ctype_alnum(str_replace($aValid, '', $username));
 		if ($ok) {
 			$default_user = FreshRSS_Context::$system_conf->default_user;
 			$ok &= (strcasecmp($username, $default_user) !== 0);	//It is forbidden to delete the default user
diff --git a/app/Models/Auth.php b/app/Models/Auth.php
index b3255cfbd..e63a24b27 100644
--- a/app/Models/Auth.php
+++ b/app/Models/Auth.php
@@ -182,7 +182,8 @@ class FreshRSS_Auth {
 
 class FreshRSS_FormAuth {
 	public static function checkCredentials($username, $hash, $nonce, $challenge) {
-		if (!ctype_alnum($username) ||
+		$aValid = array('-', '_', '.');
+		if (!ctype_alnum(str_replace($aValid, '', $username)) ||
 				!ctype_graph($challenge) ||
 				!ctype_alnum($nonce)) {
 			Minz_Log::debug('Invalid credential parameters:' .
@@ -211,7 +212,7 @@ class FreshRSS_FormAuth {
 			// Token has expired (> 1 month) or does not exist.
 			// TODO: 1 month -> use a configuration instead
 			@unlink($token_file);
-			return array(); 	
+			return array();
 		}
 
 		$credentials = @file_get_contents($token_file);
diff --git a/app/install.php b/app/install.php
index 986a7dc60..1b23254de 100644
--- a/app/install.php
+++ b/app/install.php
@@ -553,7 +553,7 @@ function printStep2() {
 		<div class="form-group">
 			<label class="group-name" for="default_user"><?php echo _t('install.default_user'); ?></label>
 			<div class="group-controls">
-				<input type="text" id="default_user" name="default_user" required="required" size="16" maxlength="16" pattern="[0-9a-zA-Z]{1,16}" value="<?php echo isset($_SESSION['default_user']) ? $_SESSION['default_user'] : ''; ?>" placeholder="<?php echo httpAuthUser() == '' ? 'alice' : httpAuthUser(); ?>" tabindex="3" />
+				<input type="text" id="default_user" name="default_user" required="required" size="16" maxlength="16" pattern="[0-9a-zA-Z.\-_]{1,16}" value="<?php echo isset($_SESSION['default_user']) ? $_SESSION['default_user'] : ''; ?>" placeholder="<?php echo httpAuthUser() == '' ? 'alice' : httpAuthUser(); ?>" tabindex="3" />
 			</div>
 		</div>
 
diff --git a/app/views/auth/formLogin.phtml b/app/views/auth/formLogin.phtml
index a8213b7ae..6cfe6764a 100644
--- a/app/views/auth/formLogin.phtml
+++ b/app/views/auth/formLogin.phtml
@@ -9,7 +9,7 @@
 		<input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
 		<div>
 			<label for="username"><?php echo _t('gen.auth.username'); ?></label>
-			<input type="text" id="username" name="username" size="16" required="required" maxlength="16" pattern="[0-9a-zA-Z]{1,16}" autofocus="autofocus" />
+			<input type="text" id="username" name="username" size="16" required="required" maxlength="16" pattern="[0-9a-zA-Z.\-_]{1,16}" autofocus="autofocus" />
 		</div>
 		<div>
 			<label for="passwordPlain"><?php echo _t('gen.auth.password'); ?></label>
diff --git a/app/views/user/manage.phtml b/app/views/user/manage.phtml
index a32247d14..334650e56 100644
--- a/app/views/user/manage.phtml
+++ b/app/views/user/manage.phtml
@@ -22,7 +22,7 @@
 		<div class="form-group">
 			<label class="group-name" for="new_user_name"><?php echo _t('admin.user.username'); ?></label>
 			<div class="group-controls">
-				<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="[0-9a-zA-Z]{1,16}" placeholder="demo" />
+				<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="[0-9a-zA-Z.\-_]{1,16}" placeholder="demo" />
 			</div>
 		</div>
author	Clément <clement@selfhost.fr>	2017-02-16 14:27:45 +0100
committer	Clément <clement@selfhost.fr>	2017-02-16 14:27:45 +0100
commit	8d2b76334cd60356c85810bf4902124105d54ad4 (patch)
tree	a303e6f209fd716972ca3421c4b817beec0cabfc /app
parent	08857c679d700b982a1af21ce11c4b25e125e44a (diff)