Re: [openupload-devel] Bug : Duplicate users

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Browsing lib/modules/default/admin.inc.php I found some code I could reuse

so here is a fix ( but I did not test it and I won't be able to do it soon )

In function useradd() add
/* xx fix begin xx */

 $users = app()->db->read('users');
      foreach ($users as $u) {
                 if (strcmp($u['login'],$user['login'])==0)
			{
			app()->error(tr('User with same login id already exists'));
                  $error = true;

			}
      }

/* xx fix end xx */

just before :
if (!$error)  {
        $user['password']=$_POST['adduserpassword'];
        app()->auth->useradd($user);
        /* redirect */
        $this->nextStep(1);
      }


> Hi,
>
> openupload 0.4.2
>
> It is possible to create multiple instances of the same user (i.e.
> multiple users with the same login id)
>
> Looking at  lib/modules/default/admin.inc.php you can see that the
> function useradd() does not check if a user with the same login id already
> exists before creating an new one.
>
> In lib/modules/auth/default.inc.php , where the user is added to the
> database :
>
> function useradd($user) {
>     $user['password']=crypt($user['password']);
>     $this->db->insert('users',$user,$this->userfields);
>   }
>
> So there is no error checking here either.
>
> In the mysql schemas, the login is not a table primary key , that's why it
> is possible to have  users with same login id.
>
> A workaround could be to add a check in admin.inc.php:useradd()
>
>   $users = app()->db->read('users',array(),array('login'));
>   // xxx now check if user alreadey exists
>  if ($userExists) {
>         app()->error(tr('User with same login already exists!'));
>         $error = true;
>       }
>
> Unfortunately , I'm not able at the moment to provide the exact check code
> (xxx ) : I don't know of enough php.
>
> As a side effect if you chose to delete one such user, all duplicates will
> be deleted to.
>
> It may be possible to create duplicate groups to. I did not check
>
> Regards,
> W.
>
>
>
> ------------------------------------------------------------------------------
> Xperia(TM) PLAY
> It's a major breakthrough. An authentic gaming
> smartphone on the nation's most reliable network.
> And it wants your games.
> http://p.sf.net/sfu/verizon-sfdev
> _______________________________________________
> Openupload-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openupload-devel
>