Validate input userid; always log userid changes.

git-svn-id: http://opensvn.csie.org/pttbbs/trunk@5909 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
author: robertabcd <robertabcd@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> 2014-01-26 12:38:38 +0800
committer: robertabcd <robertabcd@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> 2014-01-26 12:38:38 +0800
commit: f3fbf00396d45eac9e73e53626c628e8e9d68808 (patch)
tree: 3ed69400972b38632ff6439bcae578b7d96895bc
parent: 6c0f9227e3811f4d3f605b3bf94d4710d1ea568b (diff)
download: pttbbs-f3fbf00396d45eac9e73e53626c628e8e9d68808.tar
pttbbs-f3fbf00396d45eac9e73e53626c628e8e9d68808.tar.gz
pttbbs-f3fbf00396d45eac9e73e53626c628e8e9d68808.tar.bz2
pttbbs-f3fbf00396d45eac9e73e53626c628e8e9d68808.tar.lz
pttbbs-f3fbf00396d45eac9e73e53626c628e8e9d68808.tar.xz
pttbbs-f3fbf00396d45eac9e73e53626c628e8e9d68808.tar.zst
pttbbs-f3fbf00396d45eac9e73e53626c628e8e9d68808.zip
1 files changed, 9 insertions, 9 deletions
diff --git a/pttbbs/mbbsd/user.c b/pttbbs/mbbsd/user.c
index dcd134c4..f46ff9dc 100644
--- a/pttbbs/mbbsd/user.c
+++ b/pttbbs/mbbsd/user.c
@@ -1146,7 +1146,10 @@ uinfo_query(const char *orig_uid, int adminmode, int unum)
 
 	if (getdata_str(b_lines - 3, 0, "�s���ϥΪ̥N���G", genbuf, IDLEN + 1,
 			DOECHO, x.userid)) {
-	    if (searchuser(genbuf, NULL)) {
+	    if (!is_validuserid(genbuf)) {
+		outs("���~! ��J�� ID ���X�W�w\n");
+		fail++;
+	    } else if (searchuser(genbuf, NULL)) {
 		outs("���~! �w�g���P�� ID ���ϥΪ�\n");
 		fail++;
 #if !defined(NO_CHECK_AMBIGUOUS_USERID) && defined(USE_REGCHECKD)
@@ -1216,14 +1219,11 @@ uinfo_query(const char *orig_uid, int adminmode, int unum)
 	Rename(src, dst);
 	setuserid(unum, x.userid);
 
-        // alert if this is not a simple (lower/upper case) change
-        // note: actually we don't support simple change now, so always log.
-        if (strcasecmp(orig_uid, x.userid) != 0) {
-            char title[STRLEN];
-           snprintf(title, sizeof(title), "�ܧ�ID: %s -> %s (����: %s)",
-                     orig_uid, x.userid, cuser.userid);
-            post_msg(BN_SECURITY, title, title, "[�t�Φw����]");
-        }
+	// log change for security reasons.
+	char title[STRLEN];
+	snprintf(title, sizeof(title), "�ܧ�ID: %s -> %s (����: %s)",
+		 orig_uid, x.userid, cuser.userid);
+	post_msg(BN_SECURITY, title, title, "[�t�Φw����]");
     }
     if (mail_changed && !adminmode) {
 	// wait registration.
author	robertabcd <robertabcd@63ad8ddf-47c3-0310-b6dd-a9e9d9715204>	2014-01-26 12:38:38 +0800
committer	robertabcd <robertabcd@63ad8ddf-47c3-0310-b6dd-a9e9d9715204>	2014-01-26 12:38:38 +0800
commit	f3fbf00396d45eac9e73e53626c628e8e9d68808 (patch)
tree	3ed69400972b38632ff6439bcae578b7d96895bc
parent	6c0f9227e3811f4d3f605b3bf94d4710d1ea568b (diff)
download	pttbbs-f3fbf00396d45eac9e73e53626c628e8e9d68808.tar pttbbs-f3fbf00396d45eac9e73e53626c628e8e9d68808.tar.gz pttbbs-f3fbf00396d45eac9e73e53626c628e8e9d68808.tar.bz2 pttbbs-f3fbf00396d45eac9e73e53626c628e8e9d68808.tar.lz pttbbs-f3fbf00396d45eac9e73e53626c628e8e9d68808.tar.xz pttbbs-f3fbf00396d45eac9e73e53626c628e8e9d68808.tar.zst pttbbs-f3fbf00396d45eac9e73e53626c628e8e9d68808.zip