From ad3af8092ba1f507ea2d45260bd984cbcf496762 Mon Sep 17 00:00:00 2001
From: Krombel <krombel@krombel.de>
Date: Wed, 23 Jan 2019 22:51:26 +0100
Subject: [PATCH] allow, that username contains digits

---
 lang/lang.de-de.php |  2 +-
 lang/lang.en-gb.php |  2 +-
 public/index.php    | 14 ++++++++------
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/lang/lang.de-de.php b/lang/lang.de-de.php
index 90cc5ea..1a3f8db 100644
--- a/lang/lang.de-de.php
+++ b/lang/lang.de-de.php
@@ -33,7 +33,7 @@ $language = array(
     "UNKNOWN_TOKEN" => "Token ist unbekannt",
     "AUTHENTICATION_FAILED" => "Authentifizierung fehlgeschlagen",
     "WRONG_REGISTRATION_SHARED_SECRET" => "registration_shared_secret fehlerhaft",
-    "USERNAME_INVALID" => "Nutzername muss aus 3 bis 20 Kleinbuchstaben bestehen",
+    "USERNAME_INVALID" => "Nutzername muss aus 3 bis 20 Kleinbuchstaben und Zahlen bestehen",
     "USERNAME_NOT_ALNUM" => "Nutzername ist nicht alphanumerisch",
     "USERNAME_PENDING_REGISTRATION" => "Dieser Nutzername wurde bereits zur Registrierung vorgemerkt. Versuche es später noch einmal oder wähle einen anderen Nutzernamen",
     "USERNAME_REGISTERED" => "Dieser Nutzername wurde bereits registriert. Bitte wähle einen anderen Nutzernamen",
diff --git a/lang/lang.en-gb.php b/lang/lang.en-gb.php
index 43b3bc9..3a4cb97 100644
--- a/lang/lang.en-gb.php
+++ b/lang/lang.en-gb.php
@@ -33,7 +33,7 @@ $language = array(
     "UNKNOWN_TOKEN" => "Token is unknown",
     "AUTHENTICATION_FAILED" => "Authentication failed",
     "WRONG_REGISTRATION_SHARED_SECRET" => "wrong registration_shared_secret",
-    "USERNAME_INVALID" => "Username has to consist of 3 to 20 small letters",
+    "USERNAME_INVALID" => "Username has to consist of 3 to 20 small letters and numbers",
     "USERNAME_NOT_ALNUM" => "Username is not alphanumeric",
     "USERNAME_PENDING_REGISTRATION" => "This username is locked for registration. Try again later or try again with a different username",
     "USERNAME_REGISTERED" => "This username is already registered. Please try again with another username",
diff --git a/public/index.php b/public/index.php
index f4e062f..9f8ec5f 100644
--- a/public/index.php
+++ b/public/index.php
@@ -46,17 +46,20 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
             // token not present or invalid
             throw new Exception("UNKNOWN_SESSION");
         }
-        if (!isset($_POST["username"])) {
+        $username = filter_input(INPUT_POST, "username", FILTER_SANITIZE_STRING);
+        if (empty($username)) {
             throw new Exception("UNKNOWN_USERNAME");
         }
-        if (strlen($_POST["username"]) > 20 ||
-                strlen($_POST["username"]) < 3 ||
-                !ctype_lower($_POST["username"])) {
+        if (strlen($username) > 20 ||
+                strlen($username) < 3) {
             throw new Exception("USERNAME_INVALID");
         }
-        if (ctype_alnum($_POST['username']) != true) {
+        if (!ctype_alnum($username)) {
             throw new Exception("USERNAME_NOT_ALNUM");
         }
+        if (!strcmp($username, strtolower($username))) {
+            throw new Exception("USERNAME_INVALID");
+        }
         if ($storePassword && (!isset($_POST["password"]) || !isset($_POST["password_confirm"]))) {
                 throw new Exception("PASSWORD_NOT_PROVIDED");
         }
@@ -83,7 +86,6 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
             $first_name = $last_name = "";
         }
 
-        $username = filter_var($_POST["username"], FILTER_SANITIZE_STRING);
         $password = "";
         if ($storePassword && isset($_POST["password"])) {
             $password = filter_var($_POST["password"], FILTER_SANITIZE_STRING);