From 512fcfc3dea1a399b44806d2b2ae8bb619a616a8 Mon Sep 17 00:00:00 2001 From: Bruce Allen Date: Thu, 18 Nov 2004 09:59:22 +0000 Subject: [PATCH] Bug fixes (thanks to Jens Seidler): set cross project id (CPID) to random value when creating user account from Administrator form, and lower_case email address before inserting into database. svn path=/trunk/boinc/; revision=4593 --- checkin_notes | 16 ++++++++++++++++ html/ops/create_account_action.php | 6 ++++-- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/checkin_notes b/checkin_notes index d8e7a0ade9..98bb84aa0f 100755 --- a/checkin_notes +++ b/checkin_notes @@ -19680,6 +19680,16 @@ David 17 Nov 2004 Thanks to Bruce Allen for suggesting this!!!! + [Note inserted by Bruce the next day. ANSI-C 4.6.2.1 says: The + longjmp function ... The longjmp function should not be called in + an exit handler (i.e., a function registered with the atexit + function (see §4.10.4.2)), since it might jump to some code which + is no longer in scope. This should be OK on OSes that delay image + teardown until after calling the handler functions, provided that + the routine calling exit() has cleaned up its memory. An + alternative might be to use dlopen() or the loader to replace the + calls to exit() with a BOINC routine.] + api/ gutil.C x_opengl.C @@ -19761,3 +19771,9 @@ Rom 17 Nov 2004 api/ windows_opengl.C + +Bruce 18 Nov 2004 + - Bug fixes (thanks to Jens Seidler): set cross project id (CPID) to random value + when creating user account from Administrator form, and lower_case email address + before inserting into database. + html/ops/create_account_action.php diff --git a/html/ops/create_account_action.php b/html/ops/create_account_action.php index 8701966642..dbfa1c9eca 100644 --- a/html/ops/create_account_action.php +++ b/html/ops/create_account_action.php @@ -4,6 +4,7 @@ db_init(); $email_addr = trim($_GET["email_addr"]); + $email_addr = strtolower($email_addr); // see if email address is taken $query = "select * from user where email_addr='$email_addr'"; @@ -16,8 +17,9 @@ $authenticator = random_string(); $munged_email_addr = munge_email_addr($email_addr, $authenticator); $user_name = $_GET["user_name"]; + $cross_project_id=random_string(); $t = time(); - $query = "insert into user (create_time, email_addr, name, authenticator) values ($t, '$munged_email_addr', '$user_name', '$authenticator')"; + $query = "insert into user (create_time, email_addr, name, authenticator, cross_project_id) values ($t, '$munged_email_addr', '$user_name', '$authenticator', '$cross_project_id')"; $result = mysql_query($query); if (!$result) { echo "couldn't create account:".mysql_error(); @@ -32,7 +34,7 @@ ".PROJECT." URL: ".MASTER_URL." -Your account key: $authenticator\n +Your account ID: $authenticator\n Please save this email. You will need your account key to log in to the ".PROJECT." web site.