fight stupidity - teach your customers not to use password == username

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
2014-05-18 11:16:35 +02:00
parent 6e4ff4705b
commit 3c8bf348d1
4 changed files with 28 additions and 3 deletions
--- a/customer_mysql.php
+++ b/customer_mysql.php
@@ -178,6 +178,11 @@ if ($page == 'overview') {
 						$userinfo['mysql_lastaccountnumber']
 					);

+					// we've checked against the password in dbm->createDatabase
+					if ($username == false) {
+						standard_error('passwordshouldnotbeusername');
+					}
+
 					// Statement modified for Database description -- PH 2004-11-29
 					$stmt = Database::prepare('INSERT INTO `' . TABLE_PANEL_DATABASES . '`
 						(`customerid`, `databasename`, `description`, `dbserver`)
@@ -307,6 +312,10 @@ if ($page == 'overview') {
 					// validate password
 					$password = validatePassword($password);

+					if ($password == $result['databasename']) {
+						standard_error('passwordshouldnotbeusername');
+					}
+
 					// Begin root-session
 					Database::needRoot(true);
 					foreach (array_map('trim', explode(',', Settings::Get('system.mysql_access_host'))) as $mysql_access_host) {