aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Server
diff options
context:
space:
mode:
Diffstat (limited to 'OpenSim/Server')
-rw-r--r--OpenSim/Server/Handlers/Web/WebServerConnector.cs13
1 files changed, 6 insertions, 7 deletions
diff --git a/OpenSim/Server/Handlers/Web/WebServerConnector.cs b/OpenSim/Server/Handlers/Web/WebServerConnector.cs
index cbfee3a..c4a0531 100644
--- a/OpenSim/Server/Handlers/Web/WebServerConnector.cs
+++ b/OpenSim/Server/Handlers/Web/WebServerConnector.cs
@@ -391,7 +391,8 @@ namespace OpenSim.Server.Handlers.Web
391 if (("https://" + m_domain + ":" + m_https_port.ToString() + "/web/account.html") != headers["referer"].ToString()) 391 if (("https://" + m_domain + ":" + m_https_port.ToString() + "/web/account.html") != headers["referer"].ToString())
392 errors.Add("Invalid referer."); 392 errors.Add("Invalid referer.");
393 393
394 validateName(false, fields, ref errors); 394 // Include a check for god names if we are creating a new account.
395 string[] names = validateName(("create" == doit) || ("confirm" == doit), fields, ref errors);
395 396
396 if ("logout" == doit) 397 if ("logout" == doit)
397 { 398 {
@@ -400,7 +401,6 @@ namespace OpenSim.Server.Handlers.Web
400 } 401 }
401 else if (("create" == doit) || ("confirm" == doit)) 402 else if (("create" == doit) || ("confirm" == doit))
402 { 403 {
403 validateName(true, fields, ref errors);
404 validateEmail(fields, ref errors); 404 validateEmail(fields, ref errors);
405 if ("confirm" == doit) 405 if ("confirm" == doit)
406 validatePassword(fields, ref errors); 406 validatePassword(fields, ref errors);
@@ -412,9 +412,7 @@ namespace OpenSim.Server.Handlers.Web
412 // UserAccounts FirstName and LastName fields are both varchar(64) utf8_general_ci. 412 // UserAccounts FirstName and LastName fields are both varchar(64) utf8_general_ci.
413 // The MySQL docs say that the "_ci" bit means comparisons will be case insensitive. So that should work fine. 413 // The MySQL docs say that the "_ci" bit means comparisons will be case insensitive. So that should work fine.
414 // No need for prepared SQL here, the names have already been checked. 414 // No need for prepared SQL here, the names have already been checked.
415 string[] names = fields["name"].ToString().Split(' '); 415 if (0 != m_database.Count("UserAccounts", "FirstName = '" + names[0] + "' AND LastName = '" + names[1] + "'"))
416 long c = m_database.Count("UserAccounts", "FirstName = '" + names[0] + "' AND LastName = '" + names[1] + "'");
417 if (0 != c)
418 errors.Add("Pick a different name."); 416 errors.Add("Pick a different name.");
419 else if (("create" == doit)) 417 else if (("create" == doit))
420 reply["str_response_string"] = accountCreationPage(fields, body); 418 reply["str_response_string"] = accountCreationPage(fields, body);
@@ -553,10 +551,10 @@ namespace OpenSim.Server.Handlers.Web
553 errors.Add("Can't find that email server, try a different email address."); 551 errors.Add("Can't find that email server, try a different email address.");
554 } 552 }
555 553
556 private void validateName(bool godCheck, Hashtable fields, ref List<string> errors) 554 private string[] validateName(bool godCheck, Hashtable fields, ref List<string> errors)
557 { 555 {
558 Regex rgxName = new Regex("^[a-zA-Z0-9]+$"); 556 Regex rgxName = new Regex("^[a-zA-Z0-9]+$");
559 string[] names; 557 string[] names = {"", ""};
560 if ((null == fields["name"]) || ("" == fields["name"].ToString())) 558 if ((null == fields["name"]) || ("" == fields["name"].ToString()))
561 errors.Add("Please supply an account name."); 559 errors.Add("Please supply an account name.");
562 else 560 else
@@ -612,6 +610,7 @@ namespace OpenSim.Server.Handlers.Web
612 } 610 }
613 } 611 }
614 } 612 }
613 return names;
615 } 614 }
616 615
617 private void validatePassword(Hashtable fields, ref List<string> errors) 616 private void validatePassword(Hashtable fields, ref List<string> errors)