From 7ffbde97dc73dbb4de5845bea80c0c70693eab03 Mon Sep 17 00:00:00 2001
From: shish <shish@7f39781d-f577-437e-ae19-be835c7a54ca>
Date: Fri, 27 Jul 2007 00:42:22 +0000
Subject: [PATCH] limit usernames

git-svn-id: file:///home/shish/svn/shimmie2/trunk@380 7f39781d-f577-437e-ae19-be835c7a54ca
---
 ext/user/main.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/ext/user/main.php b/ext/user/main.php
index 32b196b5..2ba48d0a 100644
--- a/ext/user/main.php
+++ b/ext/user/main.php
@@ -167,13 +167,16 @@ class UserPage extends Extension {
 			$page->set_heading("Error");
 			$page->add_block(new NavBlock());
 			if(strlen($name) < 1) {
-				$page->add_block(new Block("Error", "Username must be at least 1 character"));
+				$this->theme->display_error($page, "Error", "Username must be at least 1 character");
+			}
+			else if(!preg_match('/^[a-zA-Z0-9-_ ]+$/', $name)) {
+				$this->theme->display_error($page, "Error", "Username contains invalid characters. Allowed characters are letters, numbers, dash, underscore, and space");
 			}
 			else if($pass1 != $pass2) {
-				$page->add_block(new Block("Error", "Passwords don't match"));
+				$this->theme->display_error($page, "Error", "Passwords don't match");
 			}
 			else if($database->db->GetRow("SELECT * FROM users WHERE name = ?", array($name))) {
-				$page->add_block(new Block("Error", "That username is already taken"));
+				$this->theme->display_error($page, "Error", "That username is already taken");
 			}
 			else {
 				$addr = $_SERVER['REMOTE_ADDR'];