moon
/
sync
mirror of https://github.com/calzoneman/sync.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix #489 

Channels are occasionally plagued by trolls who confuse users by
"hijacking" names of other users in the channel.  This is accomplished
by replacing certain letters with visually similar letters (in fact,
indistinguishable in some sans-serif fonts), e.g. replacing lowercase
'l' with capital 'I'

This commit replaces capital 'I', lowercase 'l', digit '1', lowercase
'o', uppercase 'O', and digit '0' with '_' and changes the matching for
isUsernameTaken() to a LIKE query.  Since '_' is a single character
wildcard, this causes the database to treat a username with one of these
simple replacements as already registered.
This commit is contained in:
calzoneman 2015-06-19 16:44:25 -04:00
parent f43e46c716
commit c28dc0d3d2
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/database/accounts.js
View File

@ -7,6 +7,15 @@ var Logger = require("../logger");
var registrationLock = {}; var registrationLock = {};
var blackHole = function () { }; var blackHole = function () { };
/**
* Replaces look-alike characters with "_" (single character wildcard) for
* use in LIKE queries. This prevents guests from taking names that look
* visually identical to existing names in certain fonts.
*/
function wildcardSimilarChars(name) {
return name.replace(/[Il1oO0]/g, "_");
}
module.exports = { module.exports = {
init: function () { init: function () {
}, },
@ -15,7 +24,7 @@ module.exports = {
* Check if a username is taken * Check if a username is taken
*/ */
isUsernameTaken: function (name, callback) { isUsernameTaken: function (name, callback) {
db.query("SELECT name FROM `users` WHERE name=?", [name], db.query("SELECT name FROM `users` WHERE name LIKE ?", [wildcardSimilarChars(name)],
function (err, rows) { function (err, rows) {
if (err) { if (err) {
callback(err, true); callback(err, true);