From: Florent Bruneau Date: Thu, 28 Oct 2010 20:44:25 +0000 (+0200) Subject: Registration allowed reactivation and resetting password of disabled X-Git-Tag: xorg/1.0.2~177 X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=4c5a592172f6a06f1cf84d5b9212e81d0e4a4708;p=platal.git Registration allowed reactivation and resetting password of disabled accounts. Registration didn't correctly check that the account was in 'pending' state allowing a user to complete the first steps of the procedure before falling on a SQL error on register/end. But, before the error, register/end had time to update the state of the accounts table setting: - the new password (the one defined during the registration procedure) - the state to 'active' - the registration state Signed-off-by: Florent Bruneau --- diff --git a/SECURITY b/SECURITY index e74a219..16fde0e 100644 --- a/SECURITY +++ b/SECURITY @@ -12,6 +12,7 @@ # The commit id should refer to the id in the "master" branch, if the initial # commit in a version branch had another name. +2010-10-28 00000000 Registration allowed reactivation and resetting password of disabled accounts. 2010-06-23 aa8a2914 Fix visibility of emails, groups, death info on profile. 2010-04-02 3e2442cd Fix freetext visibility. 2009-10-19 e10bc2ef Prevents auth-groupex from leaking data to third-party attackers. diff --git a/modules/register.php b/modules/register.php index 44c1866..f2de6a3 100644 --- a/modules/register.php +++ b/modules/register.php @@ -60,7 +60,7 @@ class RegisterModule extends PLModule INNER JOIN profile_display AS pd ON (p.pid = pd.pid) INNER JOIN profile_name AS pnl ON (p.pid = pnl.pid AND pnl.typeid = {?}) INNER JOIN profile_name AS pnf ON (p.pid = pnf.pid AND pnf.typeid = {?}) - WHERE m.hash = {?}", + WHERE m.hash = {?} AND a.state = 'pending'", $nameTypes['name_ini'], $nameTypes['firstname_ini'], $hash); if ($res->numRows() == 1) { @@ -284,7 +284,7 @@ class RegisterModule extends PLModule INNER JOIN profile_name AS pnl ON (p.pid = pnl.pid AND pnl.typeid = {?}) INNER JOIN profile_name AS pnf ON (p.pid = pnf.pid AND pnf.typeid = {?}) INNER JOIN profile_display AS pd ON (p.pid = pd.pid) - WHERE hash = {?} AND hash != 'INSCRIT'", + WHERE hash = {?} AND hash != 'INSCRIT' AND a.state = 'pending'", $nameTypes['name_ini'], $nameTypes['firstname_ini'], $hash); if (!$hash || $res->numRows() == 0) { $page->kill("

Cette adresse n'existe pas, ou plus, sur le serveur.

diff --git a/modules/register/register.inc.php b/modules/register/register.inc.php index b445502..c19dd7e 100644 --- a/modules/register/register.inc.php +++ b/modules/register/register.inc.php @@ -132,15 +132,24 @@ function createAliases(&$subState) $emailXorg = PlUser::makeUserName($subState->t('firstname'), $subState->t('lastname')); $emailXorg2 = $emailXorg . sprintf(".%02u", ($subState->i('yearpromo') % 100)); - $res = XDB::query("SELECT hruid + $res = XDB::query("SELECT hruid, state FROM accounts - WHERE uid = {?} AND hruid != ''", $subState->i('uid')); + WHERE uid = {?} AND hruid != ''", + $subState->i('uid')); if ($res->numRows() == 0) { return "Tu n'as pas d'adresse à vie pré-attribuée.
" - . "Envoie un mail à mail->domain}\">" + . "Envoie un mail à mail->domain}\">" . "support@{$globals->mail->domain} en expliquant ta situation."; } else { - $forlife = $res->fetchOneCell(); + list($forlife, $state) = $res->fetchOneRow(); + } + if ($state == 'active') { + return "Tu es déjà inscrit, si tu ne te souviens plus de ton mot de passe d'accès au site, " + . "tu peux suivre la procédure de récupération de mot de passe."; + } else if ($state == 'disabled') { + return "Ton compte a été désactivé par les administrateurs du site suite à des abus. " + . "Pour plus d'information ou pour demander la réactivation du compte, tu peux t'adresser à " + . "mail->domain}\">support@{$globals->mail->domain}."; } $res = XDB::query('SELECT uid, type, expire