diff options
-rw-r--r-- | include/account.php | 3 | ||||
-rw-r--r-- | include/auth.php | 5 |
2 files changed, 5 insertions, 3 deletions
diff --git a/include/account.php b/include/account.php index 40cf281c3..2b24364f4 100644 --- a/include/account.php +++ b/include/account.php @@ -23,6 +23,7 @@ function get_account_by_id($account_id) { function check_account_email($email) { + $email = punify($email); $result = array('error' => false, 'message' => ''); // Caution: empty email isn't counted as an error in this function. @@ -139,7 +140,7 @@ function create_account($arr) { $result = array('success' => false, 'email' => '', 'password' => '', 'message' => ''); $invite_code = ((x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : ''); - $email = ((x($arr,'email')) ? notags(trim($arr['email'])) : ''); + $email = ((x($arr,'email')) ? notags(punify(trim($arr['email']))) : ''); $password = ((x($arr,'password')) ? trim($arr['password']) : ''); $password2 = ((x($arr,'password2')) ? trim($arr['password2']) : ''); $parent = ((x($arr,'parent')) ? intval($arr['parent']) : 0 ); diff --git a/include/auth.php b/include/auth.php index 6f5e58361..844566919 100644 --- a/include/auth.php +++ b/include/auth.php @@ -37,6 +37,7 @@ require_once('include/security.php'); function account_verify_password($login, $pass) { $ret = [ 'account' => null, 'channel' => null, 'xchan' => null ]; + $login = punify($login); $email_verify = get_config('system', 'verify_email'); $register_policy = get_config('system', 'register_policy'); @@ -235,7 +236,7 @@ else { $record = null; $addon_auth = array( - 'username' => trim($_POST['username']), + 'username' => punify(trim($_POST['username'])), 'password' => trim($_POST['password']), 'authenticated' => 0, 'user_record' => null @@ -261,7 +262,7 @@ else { $verify = account_verify_password($_POST['username'], $_POST['password']); if($verify && array_key_exists('reason',$verify) && $verify['reason'] === 'unvalidated') { notice( t('Email validation is incomplete. Please check your email.')); - goaway(z_root() . '/email_validation/' . bin2hex(trim(escape_tags($_POST['username'])))); + goaway(z_root() . '/email_validation/' . bin2hex(punify(trim(escape_tags($_POST['username']))))); } elseif($verify) { $atoken = $verify['xchan']; |