better nick validation, fixes #429

2019-04-28 14:34:04 +02:00 · 2019-04-28 14:34:04 +02:00 · 4f1cef546e
parent 819677c902
commit 4f1cef546e
4 changed files with 31 additions and 13 deletions
--- a/includes/model/User_model.php
+++ b/includes/model/User_model.php
@ -112,11 +112,20 @@ function Users_by_angeltype($angeltype)
 * Nick is trimmed.
 *
 * @param string $nick
- * @return string
+ * @return ValidationResult
 */
 function User_validate_Nick($nick)
 {
-    return preg_replace('/([^\p{L}\p{N}\-_. ]+)/ui', '', trim($nick));
+    $nick = trim($nick);
+    
+    if(strlen($nick) == 0 || strlen($nick) > 23) {
+        return new ValidationResult(false, $nick);
+    }
+    if(preg_match('/([^\p{L}\p{N}\-_. ]+)/ui', $nick)) {
+        return new ValidationResult(false, $nick);
+    }
+    
+    return new ValidationResult(true, $nick);
 }

 /**
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@ -261,7 +261,10 @@ function admin_user()
                if ($user_source->settings->email_human) {
                    $user_source->email = $request->postData('eemail');
                }
-                $user_source->name = User_validate_Nick($request->postData('eNick'));
+                $nickValidation = User_validate_Nick($request->postData('eNick'));
+                if($nickValidation->isValid()) {
+                    $user_source->name = $nickValidation->getValue();
+                }
                $user_source->save();
                $user_source->personalData->first_name = $request->postData('eVorname');
                $user_source->personalData->last_name = $request->postData('eName');
--- a/includes/pages/guest_login.php
+++ b/includes/pages/guest_login.php
@ -83,18 +83,21 @@ function guest_register()
    if ($request->hasPostData('submit')) {
        $valid = true;

-        if ($request->has('nick') && strlen(User_validate_Nick($request->input('nick'))) > 1) {
-            $nick = User_validate_Nick($request->input('nick'));
+        if ($request->has('nick')) {
+            $nickValidation = User_validate_Nick($request->input('nick'));
+            $nick = $nickValidation->getValue();
+            
+            if(!$nickValidation->isValid()) {
+                $valid = false;
+                $msg .= error(sprintf(__('Please enter a valid nick.') . ' ' . __('Use up to 23 letters, numbers, connecting punctuations or spaces for your nickname.'), $nick), true);
+            }
            if (User::whereName($nick)->count() > 0) {
                $valid = false;
                $msg .= error(sprintf(__('Your nick &quot;%s&quot; already exists.'), $nick), true);
            }
        } else {
            $valid = false;
-            $msg .= error(sprintf(
-                __('Your nick &quot;%s&quot; is too short (min. 2 characters).'),
-                User_validate_Nick($request->input('nick'))
-            ), true);
+            $msg .= error(__('Please enter a nickname.'), true);
        }

        if ($request->has('mail') && strlen(strip_request_item('mail')) > 0) {
@ -283,7 +286,8 @@ function guest_register()
                div('col-md-6', [
                    div('row', [
                        div('col-sm-4', [
-                            form_text('nick', __('Nick') . ' ' . entry_required(), $nick)
+                            form_text('nick', __('Nick') . ' ' . entry_required(), $nick),
+                            form_info('', __('Use up to 23 letters, numbers, connecting punctuations or spaces for your nickname.'))
                        ]),
                        div('col-sm-8', [
                            form_email('mail', __('E-Mail') . ' ' . entry_required(), $mail),
@ -395,9 +399,10 @@ function guest_login()
    $session->remove('uid');

    if ($request->hasPostData('submit')) {
-        if ($request->has('nick') && strlen(User_validate_Nick($request->input('nick'))) > 0) {
-            $nick = User_validate_Nick($request->input('nick'));
-            $login_user = User::whereName($nick)->first();
+        if ($request->has('nick') && !empty($request->input('nick'))) {
+            $nickValidation = User_validate_Nick($request->input('nick'));
+            $nick = $nickValidation->getValue();
+            $login_user = User::whereName($nickValidation->getValue())->first();
            if ($login_user) {
                if ($request->has('password')) {
                    if (!verify_password($request->postData('password'), $login_user->password, $login_user->id)) {
--- a/includes/view/User_view.php
+++ b/includes/view/User_view.php
@ -36,6 +36,7 @@ function User_settings_view(
                    form_info('', __('Here you can change your user details.')),
                    form_info(entry_required() . ' = ' . __('Entry required!')),
                    form_text('nick', __('Nick'), $user_source->name, true),
+                    form_info('', __('Use up to 23 letters, numbers, connecting punctuations or spaces for your nickname.')),
                    form_text('lastname', __('Last name'), $personalData->last_name),
                    form_text('prename', __('First name'), $personalData->first_name),
                    $enable_planned_arrival ? form_date(