@@ -1372,11 +1372,11 @@ public function addCSV($csv, $room_id, $user_level = 20, $separator = ";")
13721372 $ data = str_getcsv ($ line , $ separator );
13731373 $ line_counter ++;
13741374
1375- $ real_name = $ data [0 ];
1376- $ display_name = $ data [1 ];
1377- $ user_name = $ data [2 ];
1378- $ email = $ data [3 ];
1379- $ about_me = $ data [4 ];
1375+ $ real_name = trim ( $ data [0 ]) ;
1376+ $ display_name = trim ( $ data [1 ]) ;
1377+ $ user_name = trim ( $ data [2 ]) ;
1378+ $ email = strtolower ( trim ( $ data [3 ])) ;
1379+ $ about_me = trim ( $ data [4 ]) ;
13801380
13811381 // check if user name is still available
13821382 $ user_ok = false ;
@@ -1386,14 +1386,13 @@ public function addCSV($csv, $room_id, $user_level = 20, $separator = ";")
13861386
13871387 while ($ user_ok == false && $ attempts < 100 ) {
13881388 $ temp_user = $ this ->checkUserExistsByUsername ($ user_name , $ email ); // check username / email in db
1389- $ temp_user_id = $ temp_user ['data ' ]; // get id from array
13901389
13911390 $ attempts ++; # increment attempts to find a proper username
13921391
1393- if ($ temp_user_id > 0 ) {
1394- # user exists
1392+ if ($ temp_user [ ' count ' ] > 0 ) {
1393+ # user exists, hence not OK
13951394 $ user_ok = false ;
1396- #alter user name
1395+ # retry with altered username
13971396 $ suffix = $ this ->generate_pass (3 );
13981397 $ user_name = $ base_user_name . "_ " . $ suffix ;
13991398 } else {
@@ -1601,7 +1600,7 @@ public function getUserPayload($user_id)
16011600
16021601 $ stmt = $ this ->db ->query ('SELECT id, userlevel, temp_pw, hash_id, status, roles FROM ' . $ this ->db ->au_users_basedata . ' WHERE id = :user_id ' );
16031602 try {
1604- $ this ->db ->bind (':user_id ' , $ user_id ); // blind index
1603+ $ this ->db ->bind (':user_id ' , $ user_id );
16051604 $ users = $ this ->db ->resultSet ();
16061605 $ user_status = $ users [0 ]['status ' ];
16071606 $ user_id = $ users [0 ]['id ' ];
@@ -1648,14 +1647,12 @@ public function checkCredentials($username, $pw)
16481647 pw is clear text
16491648 */
16501649
1651- // create temp blind index (future use for o1 parameter)
1652- $ bi = md5 (strtolower ($ username ));
16531650 $ user_status = 0 ;
16541651 $ user_id = 0 ;
16551652
16561653 $ stmt = $ this ->db ->query ('SELECT id, username, pw, refresh_token, temp_pw, userlevel, hash_id, status, roles FROM ' . $ this ->db ->au_users_basedata . ' WHERE username = :username ' );
16571654 try {
1658- $ this ->db ->bind (':username ' , $ username ); // blind index
1655+ $ this ->db ->bind (':username ' , $ username );
16591656 $ users = $ this ->db ->resultSet ();
16601657 $ user_status = $ users [0 ]['status ' ];
16611658 $ user_id = $ users [0 ]['id ' ];
@@ -1850,45 +1847,25 @@ public function getUsers($offset, $limit, $orderby = 0, $asc = 0, $both_names =
18501847 public function checkUserExistsByUsername ($ username , $ email = "" )
18511848 {
18521849 // helper function: checks if a user with this username or email adress is already in database
1853- // generate blind index
1854-
1855- $ bi = md5 (strtolower (trim ($ username )));
1856-
1857- # init
1858- $ check_email = false ;
1859- $ extra_where = "" ;
18601850
1861- if (strlen (trim ($ email )) > 2 ) {
1862- $ extra_where = " OR email = :email " ;
1863- $ check_email = true ;
1864- }
1851+ $ check_email = strlen (trim ($ email )) > 2 ;
18651852
1866- $ stmt = $ this ->db ->query ('SELECT id FROM ' . $ this ->db ->au_users_basedata . ' WHERE bi = :bi ' . $ extra_where );
1867-
1868- if ($ check_email ) {
1869- $ this ->db ->bind (':email ' , $ email ); // bind email
1870- }
1871- $ this ->db ->bind (':bi ' , $ bi ); // bind blind index
1853+ // our mariadb uses case-insensitive collation by default => string comparisons are case-insensitive
1854+ $ this ->db ->query ('SELECT id FROM ' . $ this ->db ->au_users_basedata . ' WHERE username = :username ' .
1855+ ($ check_email ? ' OR email = :email ' : '' ));
1856+ $ this ->db ->bind (':username ' , trim ($ username ));
1857+ $ this ->db ->bind (($ check_email ? ':email ' : '' ), trim ($ email ));
18721858
18731859 $ users = $ this ->db ->resultSet ();
1874- if (count ($ users ) < 1 ) {
1875- $ returnvalue ['success ' ] = true ; // set return value
1876- $ returnvalue ['error_code ' ] = 2 ; // error code
1877- $ returnvalue ['data ' ] = false ; // returned data
1878- $ returnvalue ['count ' ] = 0 ; // returned count of datasets
1879-
1880- return $ returnvalue ;
1881-
1860+ $ returnvalue ['success ' ] = true ;
1861+ $ returnvalue ['count ' ] = count ($ users );
1862+ $ returnvalue ['error_code ' ] = 0 ;
1863+ if (count ($ users ) > 1 || empty ($ users )) {
1864+ $ returnvalue ['data ' ] = false ;
18821865 } else {
1883- $ user_id = $ users [0 ]['id ' ]; // get user id from db
1884- $ returnvalue ['success ' ] = true ; // set return value
1885- $ returnvalue ['error_code ' ] = 0 ; // error code
1886- $ returnvalue ['data ' ] = $ user_id ; // returned data
1887- $ returnvalue ['count ' ] = 1 ; // returned count of datasets
1888-
1889- return $ returnvalue ;
1890-
1866+ $ returnvalue ['data ' ] = $ users [0 ]['id ' ];
18911867 }
1868+ return $ returnvalue ;
18921869 }
18931870
18941871 public function getUsersByRoom ($ room_id , $ status = -1 , $ offset = 0 , $ limit = 0 , $ orderby = 3 , $ asc = 0 , $ search_field = "" , $ search_text = "" , $ userlevel = -1 )
@@ -2180,7 +2157,7 @@ public function addUser($realname, $displayname, $username, $email = "", $passwo
21802157 $ realname = trim ($ realname );
21812158 $ displayname = trim ($ displayname );
21822159 $ username = trim ($ username );
2183- $ email = trim ($ email );
2160+ $ email = strtolower ( trim ($ email) );
21842161 $ about_me = trim ($ about_me );
21852162 $ password = trim ($ password );
21862163 $ updater_id = intval ($ updater_id );
@@ -2189,21 +2166,18 @@ public function addUser($realname, $displayname, $username, $email = "", $passwo
21892166
21902167 // check if user name is still available
21912168 $ temp_user = $ this ->checkUserExistsByUsername ($ username , $ email ); // check username in db
2192- $ temp_user_id = $ temp_user ['data ' ]; // get id from array
21932169
2194- if ($ temp_user_id > 0 ) {
2170+ if ($ temp_user [ ' count ' ] > 0 ) {
21952171 $ returnvalue ['success ' ] = true ; // set return value
21962172 $ returnvalue ['error_code ' ] = 2 ; // db error code
2197- $ returnvalue ['data ' ] = $ temp_user_id ; // returned data
2173+ $ returnvalue ['data ' ] = $ temp_user [ ' data ' ] ; // returned data
21982174 $ returnvalue ['count ' ] = 0 ; // returned count of datasets
21992175
22002176 return $ returnvalue ;
22012177 }
22022178
22032179 // generate hash password
22042180 $ hash = password_hash ($ password , PASSWORD_DEFAULT );
2205- // generate blind index
2206- $ bi = md5 (strtolower (trim ($ username )));
22072181
22082182 $ stmt = $ this ->db ->query ('INSERT INTO ' . $ this ->db ->au_users_basedata . ' (temp_pw, pw_changed, o1, o2, o3, about_me, presence, auto_delegation, realname, displayname, username, email, pw, status, hash_id, created, last_update, updater_id, bi, userlevel) VALUES (:temp_pw, :pw_changed, :o1, :o2, :o3, :about_me, 1, 0, :realname, :displayname, :username, :email, :password, :status, :hash_id, NOW(), NOW(), :updater_id, :bi, :userlevel) ' );
22092183 // bind all VALUES
@@ -2213,7 +2187,6 @@ public function addUser($realname, $displayname, $username, $email = "", $passwo
22132187 $ this ->db ->bind (':email ' , $ this ->crypt ->encrypt ($ email ));
22142188 $ this ->db ->bind (':about_me ' , $ this ->crypt ->encrypt ($ about_me ));
22152189 $ this ->db ->bind (':password ' , $ hash );
2216- $ this ->db ->bind (':bi ' , $ bi );
22172190 $ this ->db ->bind (':userlevel ' , $ userlevel );
22182191 $ this ->db ->bind (':status ' , $ status );
22192192 // generate unique hash for this user
@@ -2355,14 +2328,25 @@ public function editUser($user_id, $realname, $displayname, $username, $email, $
23552328 $ user_id = $ this ->converters ->checkUserId ($ user_id ); // checks user id and converts user id to db user id if necessary (when user hash id was passed)
23562329 $ status = intval ($ status );
23572330
2331+ $ temp_user = $ this ->checkUserExistsByUsername ($ username , $ email ); // check username in db
2332+ // if there's more users with the new email/username, or if the new email/username belong to another user
2333+ if ($ temp_user ['count ' ] > 1 || $ temp_user ['data ' ] != $ user_id ) {
2334+ $ this ->syslog ->addSystemEvent (1 , "Error (username or email already exists) while editing user " .$ user_id ." by " .$ updater_id , 0 , "" , 1 );
2335+ $ returnvalue ['success ' ] = false ; // set return value
2336+ $ returnvalue ['error_code ' ] = 2 ; // error code
2337+ $ returnvalue ['data ' ] = false ; // returned data
2338+ $ returnvalue ['count ' ] = 0 ; // returned count of datasets
2339+ return $ returnvalue ;
2340+ }
2341+
23582342 $ stmt = $ this ->db ->query ('UPDATE ' . $ this ->db ->au_users_basedata . ' SET userlevel = :userlevel, realname = :realname , displayname= :displayname, username= :username, about_me= :about_me, position= :position, email = :email, last_update= NOW(), updater_id= :updater_id, status= :status WHERE id= :userid ' );
23592343 // bind all VALUES
2360- $ this ->db ->bind (':username ' , $ this -> crypt -> encrypt ($ username ));
2361- $ this ->db ->bind (':realname ' , $ this -> crypt -> encrypt ($ realname ));
2362- $ this ->db ->bind (':about_me ' , $ this -> crypt -> encrypt ($ about_me ));
2363- $ this ->db ->bind (':displayname ' , $ this -> crypt -> encrypt ($ displayname ));
2364- $ this ->db ->bind (':position ' , $ this -> crypt -> encrypt ($ position ));
2365- $ this ->db ->bind (':email ' , $ this -> crypt -> encrypt ( $ email ));
2344+ $ this ->db ->bind (':username ' , trim ($ username ));
2345+ $ this ->db ->bind (':realname ' , trim ($ realname ));
2346+ $ this ->db ->bind (':about_me ' , trim ($ about_me ));
2347+ $ this ->db ->bind (':displayname ' , trim ($ displayname ));
2348+ $ this ->db ->bind (':position ' , trim ($ position ));
2349+ $ this ->db ->bind (':email ' , strtolower ( trim ( $ email) ));
23662350 $ this ->db ->bind (':updater_id ' , $ updater_id ); // id of the user doing the update (i.e. admin)
23672351 $ this ->db ->bind (':userlevel ' , $ userlevel ); // user level (10 default)
23682352 $ this ->db ->bind (':status ' , $ status ); // user level (10 default)
@@ -2374,28 +2358,23 @@ public function editUser($user_id, $realname, $displayname, $username, $email, $
23742358 $ action = $ this ->db ->execute (); // do the query
23752359 $ this ->downgradeUserRoles ($ user_id , $ userlevel );
23762360 } catch (Exception $ e ) {
2377-
23782361 $ err = true ;
23792362 }
2363+
23802364 if (!$ err ) {
23812365 $ this ->syslog ->addSystemEvent (0 , "Edited user " . $ user_id . " by " . $ updater_id , 0 , "" , 1 );
23822366 $ returnvalue ['success ' ] = true ; // set return value
23832367 $ returnvalue ['error_code ' ] = 0 ; // error code
23842368 $ returnvalue ['data ' ] = intval ($ this ->db ->rowCount ()); // returned data
23852369 $ returnvalue ['count ' ] = 1 ; // returned count of datasets
2386-
23872370 return $ returnvalue ;
2388-
2389-
23902371 } else {
23912372 //$this->syslog->addSystemEvent(1, "Error while editing user ".$user_id." by ".$updater_id, 0, "", 1);
23922373 $ returnvalue ['success ' ] = false ; // set return value
23932374 $ returnvalue ['error_code ' ] = 1 ; // error code
23942375 $ returnvalue ['data ' ] = false ; // returned data
23952376 $ returnvalue ['count ' ] = 0 ; // returned count of datasets
2396-
23972377 return $ returnvalue ;
2398-
23992378 }
24002379 }// end function
24012380
0 commit comments