allow, that username contains digits

lang/lang.de-de.php

@@ -33,7 +33,7 @@ $language = array(
     "UNKNOWN_TOKEN" => "Token ist unbekannt",
     "AUTHENTICATION_FAILED" => "Authentifizierung fehlgeschlagen",
     "WRONG_REGISTRATION_SHARED_SECRET" => "registration_shared_secret fehlerhaft",
-    "USERNAME_INVALID" => "Nutzername muss aus 3 bis 20 Kleinbuchstaben bestehen",
+    "USERNAME_INVALID" => "Nutzername muss aus 3 bis 20 Kleinbuchstaben und Zahlen bestehen",
     "USERNAME_NOT_ALNUM" => "Nutzername ist nicht alphanumerisch",
     "USERNAME_PENDING_REGISTRATION" => "Dieser Nutzername wurde bereits zur Registrierung vorgemerkt. Versuche es später noch einmal oder wähle einen anderen Nutzernamen",
     "USERNAME_REGISTERED" => "Dieser Nutzername wurde bereits registriert. Bitte wähle einen anderen Nutzernamen",

lang/lang.en-gb.php

@@ -33,7 +33,7 @@ $language = array(
     "UNKNOWN_TOKEN" => "Token is unknown",
     "AUTHENTICATION_FAILED" => "Authentication failed",
     "WRONG_REGISTRATION_SHARED_SECRET" => "wrong registration_shared_secret",
-    "USERNAME_INVALID" => "Username has to consist of 3 to 20 small letters",
+    "USERNAME_INVALID" => "Username has to consist of 3 to 20 small letters and numbers",
     "USERNAME_NOT_ALNUM" => "Username is not alphanumeric",
     "USERNAME_PENDING_REGISTRATION" => "This username is locked for registration. Try again later or try again with a different username",
     "USERNAME_REGISTERED" => "This username is already registered. Please try again with another username",

public/index.php

@@ -46,17 +46,20 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
             // token not present or invalid
             throw new Exception("UNKNOWN_SESSION");
         }
-        if (!isset($_POST["username"])) {
+        $username = filter_input(INPUT_POST, "username", FILTER_SANITIZE_STRING);
+        if (empty($username)) {
             throw new Exception("UNKNOWN_USERNAME");
         }
-        if (strlen($_POST["username"]) > 20 ||
-                strlen($_POST["username"]) < 3 ||
-                !ctype_lower($_POST["username"])) {
+        if (strlen($username) > 20 ||
+                strlen($username) < 3) {
             throw new Exception("USERNAME_INVALID");
         }
-        if (ctype_alnum($_POST['username']) != true) {
+        if (!ctype_alnum($username)) {
             throw new Exception("USERNAME_NOT_ALNUM");
         }
+        if (!strcmp($username, strtolower($username))) {
+            throw new Exception("USERNAME_INVALID");
+        }
         if ($storePassword && (!isset($_POST["password"]) || !isset($_POST["password_confirm"]))) {
                 throw new Exception("PASSWORD_NOT_PROVIDED");
         }
@@ -83,7 +86,6 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
             $first_name = $last_name = "";
         }
 
-        $username = filter_var($_POST["username"], FILTER_SANITIZE_STRING);
         $password = "";
         if ($storePassword && isset($_POST["password"])) {
             $password = filter_var($_POST["password"], FILTER_SANITIZE_STRING);