verify userid when sethome path.

git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@3308 63ad8ddf-47c3-0310-b6dd-a9e9d9715204

5 files changed, 51 insertions, 25 deletions

diff --git a/include/proto.h b/include/proto.h
index ae3a7b99..87aaebff 100644
--- a/include/proto.h
+++ b/include/proto.h
@@ -615,7 +615,7 @@ void cursor_clear(int row, int column);
 void cursor_show(int row, int column);
 void printdash(const char *mesg, int msglen);
 char *Cdatelite(const time4_t *clock);
-int valid_ident(const char *ident);
+int is_validuserid(const char *ident);
 int userid_is_BM(const char *userid, const char *list);
 int is_uBM(const char *list, const char *id);
 inline int *intbsearch(int key, const int *base0, int nmemb);
diff --git a/mbbsd/chess.c b/mbbsd/chess.c
index 8606d652..c7277f1d 100644
--- a/mbbsd/chess.c
+++ b/mbbsd/chess.c
@@ -1328,16 +1328,23 @@ ChessPhotoInitial(ChessInfo* info)
     char country[5], level[11];
     userec_t xuser;
     char* photo;
+    int hasphoto = 0;
 
     if (info->mode == CHESS_MODE_REPLAY)
 	return NULL;
 
-    sethomefile(genbuf, info->user1.userid, info->constants->photo_file_name);
-    if (!dashf(genbuf)) {
+    if(is_validuserid(info->user1.userid)) {
+	sethomefile(genbuf, info->user1.userid, info->constants->photo_file_name);
+	if (dashf(genbuf))
+	    hasphoto++;
+    }
+    if(is_validuserid(info->user2.userid)) {
 	sethomefile(genbuf, info->user2.userid, info->constants->photo_file_name);
-	if (!dashf(genbuf))
-	    return NULL;
+	if (dashf(genbuf))
+	    hasphoto++;
     }
+    if(hasphoto==0)
+	return NULL;
 
     photo = (char*) calloc(
 	    CHESS_PHOTO_LINE * CHESS_PHOTO_COLUMN, sizeof(char));
@@ -1345,9 +1352,11 @@ ChessPhotoInitial(ChessInfo* info)
     /* simulate photo as two dimensional array  */
 #define PHOTO(X) (photo + (X) * CHESS_PHOTO_COLUMN)
 
-    getuser(info->user1.userid, &xuser);
-    sethomefile(genbuf, info->user1.userid, info->constants->photo_file_name);
-    fp = fopen(genbuf, "r");
+    fp = NULL;
+    if(getuser(info->user1.userid, &xuser)) {
+	sethomefile(genbuf, info->user1.userid, info->constants->photo_file_name);
+	fp = fopen(genbuf, "r");
+    }
 
     if (fp == NULL) {
 	strcpy(country, "無");
@@ -1404,9 +1413,11 @@ ChessPhotoInitial(ChessInfo* info)
 	    info->constants->turn_color[info->myturn ^ 1],
 	    info->constants->turn_str[info->myturn ^ 1]);
 
-    getuser(info->user2.userid, &xuser);
-    sethomefile(genbuf, info->user2.userid, info->constants->photo_file_name);
-    fp = fopen(genbuf, "r");
+    fp = NULL;
+    if(getuser(info->user2.userid, &xuser)) {;
+	sethomefile(genbuf, info->user2.userid, info->constants->photo_file_name);
+	fp = fopen(genbuf, "r");
+    }
 
     if (fp == NULL) {
 	strcpy(country, "無");
diff --git a/mbbsd/mbbsd.c b/mbbsd/mbbsd.c
index 84233efc..71bb5382 100644
--- a/mbbsd/mbbsd.c
+++ b/mbbsd/mbbsd.c
@@ -678,7 +678,7 @@ login_query(void)
 	    outs("本系統目前無法以 new 註冊, 請用 guest 進入\n");
 	    continue;
 #endif
-	} else if (uid[0] == '\0') {
+	} else if (!is_validuserid(uid)) {
 
 	    outs(err_uid);
 
@@ -706,7 +706,8 @@ login_query(void)
 	    if( initcuser(uid) < 1 || !cuser.userid[0] ||
 		!checkpasswd(cuser.passwd, passbuf) ){
 
-		logattempt(cuser.userid , '-');
+		if(is_validuserid(cuser.userid))
+		    logattempt(cuser.userid , '-');
 		outs(ERR_PASSWD);
 
 	    } else {
diff --git a/mbbsd/register.c b/mbbsd/register.c
index 0bb22bda..f46fe6ad 100644
--- a/mbbsd/register.c
+++ b/mbbsd/register.c
@@ -45,18 +45,8 @@ checkpasswd(const char *passwd, char *plain)
 int
 bad_user_id(const char *userid)
 {
-    int             len, i;
-    len = strlen(userid);
-
-    if (len < 2)
-	return 1;
-
-    if (not_alpha(userid[0]))
+    if(!is_validuserid(userid))
 	return 1;
-    for (i = 1; i < len; i++)
-	/* DickG: 修正了只比較 userid 第一個字元的 bug */
-	if (not_alnum(userid[i]))
-	    return 1;
 
     if (strcasecmp(userid, str_new) == 0)
 	return 1;
diff --git a/mbbsd/stuff.c b/mbbsd/stuff.c
index eff6d399..37a8ebb1 100644
--- a/mbbsd/stuff.c
+++ b/mbbsd/stuff.c
@@ -18,18 +18,21 @@ static const char * const str_dotdir = STR_DOTDIR;
 void
 sethomepath(char *buf, const char *userid)
 {
+    assert(is_validuserid(userid));
     snprintf(buf, PATHLEN, "home/%c/%s", userid[0], userid);
 }
 
 void
 sethomedir(char *buf, const char *userid)
 {
+    assert(is_validuserid(userid));
     snprintf(buf, PATHLEN, str_home_file, userid[0], userid, str_dotdir);
 }
 
 void
 sethomeman(char *buf, const char *userid)
 {
+    assert(is_validuserid(userid));
     snprintf(buf, PATHLEN, str_home_file, userid[0], userid, "man");
 }
 
@@ -37,12 +40,14 @@ sethomeman(char *buf, const char *userid)
 void
 sethomefile(char *buf, const char *userid, const char *fname)
 {
+    assert(is_validuserid(userid));
     snprintf(buf, PATHLEN, str_home_file, userid[0], userid, fname);
 }
 
 void
 setuserfile(char *buf, const char *fname)
 {
+    assert(is_validuserid(cuser.userid));
     snprintf(buf, PATHLEN, str_home_file, cuser.userid[0], cuser.userid, fname);
 }
 
@@ -199,6 +204,24 @@ invalid_pname(const char *str)
     return 0;
 }
 
+int is_validuserid(const char *id)
+{
+    int len, i;
+    if(id==NULL)
+	return 0;
+    len = strlen(id);
+
+    if (len < 2 || len>IDLEN)
+	return 0;
+
+    if (not_alpha(id[0]))
+	return 0;
+    for (i = 1; i < len; i++)
+	if (not_alnum(id[i]))
+	    return 0;
+    return 1;
+}
+
 int
 is_uBM(const char *list, const char *id)
 {
@@ -652,7 +675,8 @@ vmsg(const char *msg)
 
     do {
 	if( (i = igetch()) == Ctrl('T') )
-	    capture_screen();
+	    if(cuser.userid[0]) // if already login
+		capture_screen();
     } while( i == 0 );
 
     move(b_lines, 0);