Mercurial > hg > fapweb

--- a/admajax.php	Mon Nov 03 02:15:36 2014 +0200
+++ b/admajax.php	Mon Nov 03 03:13:40 2014 +0200
@@ -1448,7 +1448,7 @@
       stExecSQLCond($sql, "OK, compo added.");
     }
     else
-    if ($type == "attendees" && stValidateRequestUserData(TRUE))
+    if ($type == "attendees" && stValidateRequestUserData(TRUE, FALSE))
     {
       $sql = stPrepareSQL(
         "INSERT INTO attendees (regtime,name,groups,oneliner,email) VALUES (%d,%S,%S,%S,%S)",
@@ -1492,7 +1492,7 @@
         stDBCommitTransaction();
       }
       else
-      if ($type == "attendees" && stValidateRequestUserData(TRUE))
+      if ($type == "attendees" && stValidateRequestUserData(TRUE, $id))
       {
         $sql = stPrepareSQLUpdate("attendees",
           "WHERE id=".$id,
--- a/msite.inc.php	Mon Nov 03 02:15:36 2014 +0200
+++ b/msite.inc.php	Mon Nov 03 03:13:40 2014 +0200
@@ -291,41 +291,65 @@
 }


-function stValidateRequestUserData($admin)
+function stValidateRequestUserData($admin, $id = FALSE)
 {
-  if (!stChkRequestItem("name", $fake,
-    array(CHK_ISGT, VT_STR, 0, "Handle / name not given."),
-    array(CHK_LTEQ, VT_STR, SET_LEN_USERNAME, "Handle / name is too long, should be less than ".SET_LEN_USERNAME." characters.")
-    )) return FALSE;
+  $res = TRUE;
+  $chk = 0;

-  if (!stChkRequestItem("groups", $fake,
-    array(CHK_LTEQ, VT_STR, SET_LEN_GROUPS, "Groups are too long, should be less than ".SET_LEN_GROUPS." characters.")
-    )) return FALSE;
+  if (stChkRequestItem("name", $name,
+      array(CHK_ISGT, VT_STR, 0, "Handle / name not given."),
+      array(CHK_LTEQ, VT_STR, SET_LEN_USERNAME, "Handle / name is too long, should be less than ".SET_LEN_USERNAME." characters.")))
+    $chk++;
+  else
+    $res = FALSE;

-  if (!stChkRequestItem("oneliner", $fake,
-    array(CHK_LTEQ, VT_STR, SET_LEN_ONELINER, "Oneliner is too long, should be less than ".SET_LEN_ONELINER." characters.")
-    )) return FALSE;
+  if (stChkRequestItem("groups", $groups,
+      array(CHK_LTEQ, VT_STR, SET_LEN_GROUPS, "Groups are too long, should be less than ".SET_LEN_GROUPS." characters.")))
+    $chk++;
+  else
+    $res = FALSE;
+
+  if (!stChkRequestItem("oneliner", $oneliner,
+      array(CHK_LTEQ, VT_STR, SET_LEN_ONELINER, "Oneliner is too long, should be less than ".SET_LEN_ONELINER." characters.")))
+    $res = FALSE;

   $email = stGetRequestItem("email");
   if (!$admin && stGetSetting("requireEMail") && strlen($email) < 4)
   {
     stError("E-mail address not given, or it is too short.");
-    return FALSE;
+    $res = FALSE;
   }

   if (strlen($email) > 0 && preg_match("/^[a-z0-9][a-z0-9\+\-\.\%_]*@[a-z0-9.-]+\.[a-z]{2,4}$/i", $email) != 1)
   {
     stError("E-mail address not in proper format.");
-    return FALSE;
+    $res = FALSE;
   }

   if (strlen($email) > SET_LEN_EMAIL)
   {
     stError("E-mail address too long, max ".SET_LEN_EMAIL." characters.");
-    return FALSE;
+    $res = FALSE;
+  }
+
+  // Check if another user already exists
+  if ($chk >= 2)
+  {
+    if ($id !== false)
+      // By another ID, if we are updating an entry
+      $sql = stPrepareSQL("SELECT * FROM attendees WHERE id<>%d name=%s AND groups=%s", $id, $name, $groups);
+    else
+      // Or just exists, if adding
+      $sql = stPrepareSQL("SELECT * FROM attendees WHERE name=%s AND groups=%s", $name, $groups);
+
+    if (($res = stFetchSQL($sql)) !== false)
+    {
+      stError("Someone with the same name and groups is already registered.");
+      $res = FALSE;
+    }
   }

-  return TRUE;
+  return $res;
 }
--- a/pages/register.inc.php	Mon Nov 03 02:15:36 2014 +0200
+++ b/pages/register.inc.php	Mon Nov 03 03:13:40 2014 +0200
@@ -160,7 +160,7 @@
   stChkRequestItem("hash", $hash,
     array(CHK_GTEQ, VT_STR, 0, "Invalid data."));

-  stValidateRequestUserData(FALSE);
+  stValidateRequestUserData(FALSE, FALSE);

   $answer = stGetRequestItem("botcheck");
   if (hashToAnswer($hash) != intval($answer))