Users: Prevent duplicate usernames.

2026-01-06 19:53:56 +00:00 · 2019-09-10 19:23:14 -06:00
parent 8e2644a39f
commit c7d5c2a7cf
3 changed files with 22 additions and 18 deletions
--- a/app/extensions/extension_edit.php
+++ b/app/extensions/extension_edit.php
@@ -263,7 +263,7 @@

 				//add the user to the database
 					$user_email = '';
-					if ($_SESSION["user"]["unique"]["text"] != "global") {
+					if ($_SESSION["users"]["unique"]["text"] != "global") {
 						if ($autogen_users == "true") {
 							$auto_user = $extension;
 							for ($i=1; $i<=$range; $i++) {
--- a/core/users/user_edit.php
+++ b/core/users/user_edit.php
@@ -144,10 +144,12 @@
 			if ($username == '') {
 				message::add($text['message-required'].$text['label-username'], 'negative', 7500);
 			}
-			if (permission_exists('user_edit') && $action == 'edit') {
-				if ($username != $username_old && $username != '') {
+			if (
+				(permission_exists('user_edit') && $action == 'edit' && $username != $username_old && $username != '') ||
+				(permission_exists('user_add') && $action == 'add' && $username != '')
+				) {
 				$sql = "select count(*) from v_users where username = :username ";
-					if ($_SESSION["user"]["unique"]["text"] != "global") {
+				if ($_SESSION["users"]["unique"]["text"] != "global") {
 					$sql .= "and domain_uuid = :domain_uuid ";
 					$parameters['domain_uuid'] = $domain_uuid;
 				}
@@ -159,7 +161,6 @@
 				}
 				unset($sql);
 			}
-			}
 			if ($password != '' && $password != $password_confirm) {
 				message::add($text['message-password_mismatch'], 'negative', 7500);
 			}
@@ -561,6 +562,7 @@
 		$contact_name_given = $_SESSION['tmp'][$_SERVER['PHP_SELF']]['user']['contact_name_given'];
 		$contact_name_family = $_SESSION['tmp'][$_SERVER['PHP_SELF']]['user']['contact_name_family'];
 		$contact_organization = $_SESSION['tmp'][$_SERVER['PHP_SELF']]['user']['contact_organization'];
+		$group_uuid_name = $_SESSION['tmp'][$_SERVER['PHP_SELF']]['user']['group_uuid_name'];
 		$user_settings["message"]["key"]["text"] = $_SESSION['tmp'][$_SERVER['PHP_SELF']]['user']['message_key'];

 		$unsaved = true;
--- a/resources/classes/domains.php
+++ b/resources/classes/domains.php
@@ -63,8 +63,10 @@ if (!class_exists('domains')) {
 				$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
 				//unset all settings
 				foreach ($result as $row) {
+					if ($row['default_setting_category'] != 'user') { //skip off-limit categories
 						unset($_SESSION[$row['default_setting_category']]);
 					}
+				}
 				//set the enabled settings as a session
 				foreach ($result as $row) {
 					if ($row['default_setting_enabled'] == 'true') {