From 032607b6ca13b7c0a7088a6b52c5fd4492df4bde Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 12 Jan 2019 19:04:05 -0500 Subject: Bump version number Signed-off-by: Malf Furious --- app/class/globals.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/class') diff --git a/app/class/globals.php b/app/class/globals.php index 8a6efd7..e71ebc6 100644 --- a/app/class/globals.php +++ b/app/class/globals.php @@ -19,7 +19,7 @@ require_once "class/obj.class.php"; * These are utility functions and constants for the Scrott application. */ -define("__VERSION__", "v0.2"); +define("__VERSION__", "v0.3"); /* * These global variables are arrays of strings logged by Scrott business -- cgit v1.2.3 From 2263cf0953872c09fe1a1158ebb841f74fb9e3ea Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 12 Jan 2019 19:10:01 -0500 Subject: Define stricter username policy Previously, you could log into an account named "MyAccount" by entering either "myaccount" or "MYACCOUNT" (or any other case conbination). This patch requires logins to succeed with case-sensitive usernames. I have also decided, that I wish to disallow duplicate usernames if the only difference between them is case. There can only be _ONE_ "myaccount" (of any case combination), even if he's known canonically as "MyAccount". This particular functionality is not changed by this patch. I'm just noting it as a deliberate decision not to change, by policy. Note that _passwords_ always have been, and still are, case-sensitive. They are salted and hashed before they even hit the database. Signed-off-by: Malf Furious --- app/class/user.class.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'app/class') diff --git a/app/class/user.class.php b/app/class/user.class.php index 231111d..7d67257 100644 --- a/app/class/user.class.php +++ b/app/class/user.class.php @@ -46,11 +46,12 @@ class user extends agent * the username is not in use. Therefore, this function can be * used to test the existence of a user with the given username. */ - public static function getGuidByUname(string $uname) : ?string + public static function getGuidByUname(string $uname, bool $caseInsens = false) : ?string { $uname = database::esc($uname); - $query = "SELECT guid FROM objects WHERE objtype = 'user' AND name = '" . $uname . "'"; + $query = "SELECT guid FROM objects WHERE objtype = 'user' AND " . + ($caseInsens ? "" : "BINARY ") . "name = '" . $uname . "'"; $res = database::query($query); if (count($res) == 0) @@ -64,9 +65,9 @@ class user extends agent * is not in use. This function can be used to test the existence * of a user with the given username. */ - public static function getByUname(string $uname) : ?user + public static function getByUname(string $uname, bool $caseInsens = false) : ?user { - if (($guid = self::getGuidByUname($uname))) + if (($guid = self::getGuidByUname($uname, $caseInsens))) return new user($guid); return NULL; @@ -190,7 +191,9 @@ class user extends agent */ public static function initNew(string $uname, string $passwd) : ?user { - if (self::getByUname($uname)) + /* search is case-insensitive, to make sure no duplicates exist + * which differ _only_ by case */ + if (self::getByUname($uname, true)) return NULL; $user = new user(); -- cgit v1.2.3 From 9d8613d827dd6e99e36a24c4b37012b93b5e316c Mon Sep 17 00:00:00 2001 From: Malf Furious Date: Sat, 12 Jan 2019 21:19:46 -0500 Subject: Add rudimentary system for launching a modal on page load If the $_SCROTT['AUTO_MODAL'] global is defined, it will refer to a modal's DOM ID to be shown once the page loads. Currently, an error state will supersede this and display the notice modal instead. Signed-off-by: Malf Furious --- app/class/globals.php | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'app/class') diff --git a/app/class/globals.php b/app/class/globals.php index e71ebc6..468ad6d 100644 --- a/app/class/globals.php +++ b/app/class/globals.php @@ -49,6 +49,12 @@ $_SCROTT['PAGE_OBJECT'] = NULL; */ $_SCROTT['PAGE_NAME'] = ""; +/* + * The auto modal variable holds the name (DOM ID) of a modal to automatically + * open on page load. The `stdpage` footer will reference this. + */ +$_SCROTT['AUTO_MODAL'] = ""; + /* * Get the application root path. This is an absolute path on the server. */ @@ -181,6 +187,24 @@ function getPageName() : string return $_SCROTT['PAGE_NAME']; } +/* + * Set the auto modal. + */ +function setAutoModal(string $autoModal) : void +{ + global $_SCROTT; + $_SCROTT['AUTO_MODAL'] = $autoModal; +} + +/* + * Get the auto modal. + */ +function getAutoModal() : string +{ + global $_SCROTT; + return $_SCROTT['AUTO_MODAL']; +} + /* * Produce a string, but only once. This function is useful * when dealing with some variable collection of markup and -- cgit v1.2.3