aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/account.php3
-rw-r--r--include/auth.php5
2 files changed, 5 insertions, 3 deletions
diff --git a/include/account.php b/include/account.php
index 40cf281c3..2b24364f4 100644
--- a/include/account.php
+++ b/include/account.php
@@ -23,6 +23,7 @@ function get_account_by_id($account_id) {
function check_account_email($email) {
+ $email = punify($email);
$result = array('error' => false, 'message' => '');
// Caution: empty email isn't counted as an error in this function.
@@ -139,7 +140,7 @@ function create_account($arr) {
$result = array('success' => false, 'email' => '', 'password' => '', 'message' => '');
$invite_code = ((x($arr,'invite_code')) ? notags(trim($arr['invite_code'])) : '');
- $email = ((x($arr,'email')) ? notags(trim($arr['email'])) : '');
+ $email = ((x($arr,'email')) ? notags(punify(trim($arr['email']))) : '');
$password = ((x($arr,'password')) ? trim($arr['password']) : '');
$password2 = ((x($arr,'password2')) ? trim($arr['password2']) : '');
$parent = ((x($arr,'parent')) ? intval($arr['parent']) : 0 );
diff --git a/include/auth.php b/include/auth.php
index 6f5e58361..844566919 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -37,6 +37,7 @@ require_once('include/security.php');
function account_verify_password($login, $pass) {
$ret = [ 'account' => null, 'channel' => null, 'xchan' => null ];
+ $login = punify($login);
$email_verify = get_config('system', 'verify_email');
$register_policy = get_config('system', 'register_policy');
@@ -235,7 +236,7 @@ else {
$record = null;
$addon_auth = array(
- 'username' => trim($_POST['username']),
+ 'username' => punify(trim($_POST['username'])),
'password' => trim($_POST['password']),
'authenticated' => 0,
'user_record' => null
@@ -261,7 +262,7 @@ else {
$verify = account_verify_password($_POST['username'], $_POST['password']);
if($verify && array_key_exists('reason',$verify) && $verify['reason'] === 'unvalidated') {
notice( t('Email validation is incomplete. Please check your email.'));
- goaway(z_root() . '/email_validation/' . bin2hex(trim(escape_tags($_POST['username']))));
+ goaway(z_root() . '/email_validation/' . bin2hex(punify(trim(escape_tags($_POST['username'])))));
}
elseif($verify) {
$atoken = $verify['xchan'];