fix: disallow Natars user registration

#382
This commit is contained in:
Martin Ambrus
2017-11-26 16:55:37 +01:00
parent ef416cd548
commit d3b51a34ec
3 changed files with 17 additions and 4 deletions
+3
View File
@@ -75,6 +75,9 @@ class Account {
else if(USRNM_SPECIAL && preg_match("/[:,\\. \\n\\r\\t\\s\\<\\>]+/", $_POST['name'])) {
$form->addError("name",USRNM_CHAR);
}
else if(strtolower($_POST['name']) == 'natars') {
$form->addError("name",USRNM_TAKEN);
}
else if(User::exists($database,$_POST['name'])) {
$form->addError("name",USRNM_TAKEN);
}
+6
View File
@@ -5,6 +5,12 @@
exit;
}
// don't allow creating Natars user
if (!empty($_POST['aname']) && strtolower($_POST['aname']) == 'natars') {
header("Location: ../index.php?s=4&err=2");
exit;
}
// don't let SQL time out when 30-500 seconds (depending on php.ini) is not enough
@set_time_limit(0);
+8 -4
View File
@@ -3,15 +3,15 @@
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Project: TravianZ ##
## Version: 22.06.2015 ##
## Version: 22.06.2015 ##
## Filename multihunter.tpl ##
## Developed by: Mr.php , Advocaite , brainiacX , yi12345 , Shadow , ronix ##
## Developed by: Mr.php , Advocaite , brainiacX , yi12345 , Shadow , ronix ##
## Fixed by: Shadow - STARVATION , HERO FIXED COMPL. ##
## Fixed by: InCube - double troops ##
## License: TravianZ Project ##
## Copyright: TravianZ (c) 2010-2015. All rights reserved. ##
## URLs: http://travian.shadowss.ro ##
## Source code: https://github.com/Shadowss/TravianZ ##
## Source code: https://github.com/Shadowss/TravianZ ##
## ##
#################################################################################
@@ -19,6 +19,10 @@ if(isset($_GET['err']) && $_GET['err'] == 1) {
echo "<br /><hr /><br /><div class=\"headline\"><span class=\"f10 c5\">At least MultiHunter &amp; Support password are required in this form.</span></div><br /><br />";
}
if(isset($_GET['err']) && $_GET['err'] == 2) {
echo "<br /><hr /><br /><div class=\"headline\"><span class=\"f10 c5\">Natars is a reserved username for an in-game NPC tribe. Please choose a different admin username.</span></div><br /><br />";
}
?>
<form action="include/accounts.php" method="post" id="dataform">
@@ -60,7 +64,7 @@ if(isset($_GET['err']) && $_GET['err'] == 1) {
<td><span class="f9 c6">Admin tribe:</span></td>
<td>
<select name="atribe" id="atribe">
<option value="1" selected="selected">Romans</option>
<option value="1" selected="selected">Romans</option>
<option value="2">Teutons</option>
<option value="3">Gauls</option>
</select>