diff options
author | Erik Fonnesbeck <efonnes@gmail.com> | 2010-06-25 13:12:06 -0600 |
---|---|---|
committer | Erik Fonnesbeck <efonnes@gmail.com> | 2010-06-25 13:12:06 -0600 |
commit | 3dec33d454ad5b8146b092e927385cc2bd2c14d4 (patch) | |
tree | 233a6be7e1d8f9232ec6e6c536adbab5cc507d1e /usr/local/www/system_usermanager.php | |
parent | 8339ab6d6939f873a40845a02b9029ff02dc6b19 (diff) | |
download | pfsense-3dec33d454ad5b8146b092e927385cc2bd2c14d4.zip pfsense-3dec33d454ad5b8146b092e927385cc2bd2c14d4.tar.gz |
Validate for duplicate user names when editing, too.
Diffstat (limited to 'usr/local/www/system_usermanager.php')
-rw-r--r-- | usr/local/www/system_usermanager.php | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index b0ecd8f..f89d834 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -207,19 +207,26 @@ if (isAllowedPage("system_usermanager")) { if (($_POST['passwordfld1']) && ($_POST['passwordfld1'] != $_POST['passwordfld2'])) $input_errors[] = gettext("The passwords do not match."); + if (isset($id) && $a_user[$id]) + $oldusername = $a_user[$id]['name']; + else + $oldusername = ""; /* make sure this user name is unique */ - if (!$input_errors && !(isset($id) && $a_user[$id])) { + if (!$input_errors) { foreach ($a_user as $userent) { - if ($userent['name'] == $_POST['usernamefld']) { + if ($userent['name'] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) { $input_errors[] = gettext("Another entry with the same username already exists."); break; } } + } + /* also make sure it is not reserved */ + if (!$input_errors) { $system_users = explode("\n", file_get_contents("/etc/passwd")); foreach ($system_users as $s_user) { $ent = explode(":", $s_user); - if ($ent[0] == $_POST['usernamefld']) { - $input_errors[] = gettext("That username already exists or is reserved by the system."); + if ($ent[0] == $_POST['usernamefld'] && $oldusername != $_POST['usernamefld']) { + $input_errors[] = gettext("That username is reserved by the system."); break; } } |