function execute() {
if ( !is_null( $this->mCookieCheck ) ) {
$this->onCookieRedirectCheck( $this->mCookieCheck );
+ return;
} else if( $this->mPosted ) {
if( $this->mCreateaccount ) {
return $this->addNewAccount();
global $wgMaxNameChars;
global $wgMemc, $wgAccountCreationThrottle, $wgDBname, $wgIP;
- if ( $wgAccountCreationThrottle ) {
- $key = "$wgDBname:acctcreate:ip:$wgIP";
- $value = $wgMemc->incr( $key );
- if ( !$value ) {
- $wgMemc->set( $key, 0, 86400 );
- }
- if ( $value > $wgAccountCreationThrottle ) ) {
- $this->throttleHit();
- return;
- }
- }
-
if (!$wgUser->isAllowedToCreateAccount()) {
$this->userNotPrivilegedMessage();
return;
}
$name = trim( $this->mName );
+ $u = User::newFromName( $name );
if ( ( "" == $name ) ||
preg_match( "/\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/", $name ) ||
(strpos( $name, "/" ) !== false) ||
- (strlen( $name ) > $wgMaxNameChars) )
+ (strlen( $name ) > $wgMaxNameChars) ||
+ ucFirst($name) != $u->getName() )
{
$this->mainLoginForm( wfMsg( "noname" ) );
return;
$wgOut->readOnlyPage();
return;
}
- $u = User::newFromName( $name );
if ( 0 != $u->idForName() ) {
$this->mainLoginForm( wfMsg( "userexists" ) );
return;
}
+
+ if ( $wgAccountCreationThrottle ) {
+ $key = "$wgDBname:acctcreate:ip:$wgIP";
+ $value = $wgMemc->incr( $key );
+ if ( !$value ) {
+ $wgMemc->set( $key, 1, 86400 );
+ }
+ if ( $value > $wgAccountCreationThrottle ) {
+ $this->throttleHit( $wgAccountCreationThrottle );
+ return;
+ }
+ }
+
$u->addToDatabase();
$u->setPassword( $this->mPassword );
$u->setEmail( $this->mEmail );
}
$u->setId( $id );
$u->loadFromDatabase();
- $ep = $u->encryptPassword( $this->mPassword );
- if ( 0 != strcmp( $ep, $u->getPassword() ) ) {
- if ( 0 != strcmp( $ep, $u->getNewpassword() ) ) {
- $this->mainLoginForm( wfMsg( "wrongpassword" ) );
- return;
- }
+ if (!$u->checkPassword( $this->mPassword )) {
+ $this->mainLoginForm( wfMsg( "wrongpassword" ) );
+ return;
}
# We've verified now, update the real record
$titleObj = Title::makeTitle( NS_SPECIAL, "Userlogin" );
$action = $titleObj->escapeLocalUrl( $q );
- $encName = wfEscapeHTML( $this->mName );
- $encPassword = wfEscapeHTML( $this->mPassword );
- $encRetype = wfEscapeHTML( $this->mRetype );
- $encEmail = wfEscapeHTML( $this->mEmail );
- $encRealName = wfEscapeHTML( $this->mRealName );
+ $encName = htmlspecialchars( $this->mName );
+ $encPassword = htmlspecialchars( $this->mPassword );
+ $encRetype = htmlspecialchars( $this->mRetype );
+ $encEmail = htmlspecialchars( $this->mEmail );
+ $encRealName = htmlspecialchars( $this->mRealName );
if ($wgUser->getID() != 0) {
$cambutton = "<input tabindex='6' type='submit' name=\"wpCreateaccountMail\" value=\"{$cam}\" />";