xinyin025/TravianZ
1
0
Fork 0
mirror of https://github.com/Shadowss/TravianZ.git synced 2026-06-28 00:24:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(admin): route password/protection pages and align username validation (#257)

Browse Source
This commit is contained in:
Ferywir
2026-06-23 05:55:13 +02:00
committed by GitHub
parent e49069a9c6
commit b880622fd1
2 changed files with 34 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Admin/admin.php
+22 -1
View File
@@ -86,7 +86,8 @@ function admin_validated_page(string $raw): string
'addUsers', 'users', 'admin_log', 'config', 'debug_log',
'editServerSet', 'editPlusSet', 'editLogSet', 'editNewsboxSet',
'editExtraSet', 'editAdminInfo', 'resetServer', 'player', 'editUser',
'deletion', 'Newmessage', 'editPlus', 'editSitter', 'editOverall',
'deletion', 'Newmessage', 'editPlus', 'editSitter', 'editPassword',
'editProtection', 'editOverall',
'editWeek', 'userlogin', 'userillegallog', 'editHero', 'editAdditional',
'village', 'editResources', 'addTroops', 'addABTroops', 'editVillage',
'villagelog', 'techlog', 'msg',
@@ -347,6 +348,26 @@ if ($page !== '') {
}
break;
case 'editPassword':
$uid = admin_input_id($_GET, 'uid');
if ($uid !== null) {
$user = $database->getUserArray($uid, 1);
$subpage = 'Edit Password (' . e($user['username']) . ')';
} else {
$subpage = 'Edit Password';
}
break;
case 'editProtection':
$uid = admin_input_id($_GET, 'uid');
if ($uid !== null) {
$user = $database->getUserArray($uid, 1);
$subpage = 'Edit Protection (' . e($user['username']) . ')';
} else {
$subpage = 'Edit Protection';
}
break;
case 'editOverall':
$uid = admin_input_id($_GET, 'uid');
if ($uid !== null) {
GameEngine/Admin/Mods/editUsername.php
+12 -1
View File
@@ -60,7 +60,18 @@ if (!$admin || (int)$admin['access'] !== 9) {
// ---------------------------------------------------------------------------
// Validare username
// ---------------------------------------------------------------------------
if (strlen($username) < 3 || strlen($username) > 20 || !preg_match('/^[a-zA-Z0-9_]+$/', $username)) {
// Mirror the sign-up rule (Account.php, issue #184) so an admin can rename a
// player to any name registration would accept. The allowed character set
// depends on USRNM_SPECIAL: when on, letters/digits/.-_ and single internal
// spaces; when off, ASCII alphanumerics only.
$usernameSpecial = defined('USRNM_SPECIAL') ? USRNM_SPECIAL : false;
$minLen = defined('USRNM_MIN_LENGTH') ? USRNM_MIN_LENGTH : 3;
$maxLen = defined('USRNM_MAX_LENGTH') ? USRNM_MAX_LENGTH : 15;
$charsOk = $usernameSpecial
? (bool)preg_match('/^[A-Za-z0-9._-]+(?: [A-Za-z0-9._-]+)*$/D', $username)
: !preg_match('/[^0-9A-Za-z]/', $username);
if (strlen($username) < $minLen || strlen($username) > $maxLen || !$charsOk) {
header("Location: ../../../Admin/admin.php?p=player&uid=$uid&e=invalid");
exit;
}