prevent re-registrations using a deleted username - not an issue with Friendica but could create a serious privacy issue with federated platforms

2012-03-22 01:46:52 -07:00
parent 576eb6cc38
commit ebdf0ee99e
6 changed files with 38 additions and 2 deletions
--- a/mod/register.php
+++ b/mod/register.php
@@ -150,6 +150,16 @@ function register_post(&$a) {
 	if(count($r))
 		$err .= t('Nickname is already registered. Please choose another.') . EOL;

+	// Check deleted accounts that had this nickname. Doesn't matter to us,
+	// but could be a security issue for federated platforms.
+
+	$r = q("SELECT * FROM `userd`
+               	WHERE `username` = '%s' LIMIT 1",
+               	dbesc($nickname)
+	);
+	if(count($r))
+		$err .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL;
+
 	if(strlen($err)) {
 		notice( $err );
 		return;