• src/sbbs3/newuser.cpp userdat.c

    From Rob Swindell@1:103/705 to Git commit to main/sbbs/master on Sat Jan 22 01:27:43 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/55be212985d58dab110ef0c5
    Modified Files:
    src/sbbs3/newuser.cpp userdat.c
    Log Message:
    Handle duplicate names and aliases betterSo some cute user (mine@demon.com) created a new user account on Vertrauen with the alias and real name of "Rob Swindell". Funny.Now, duplicate user aliases are already and always forbidden (even those that just vaguely match an existing alias) - everyone expects those to be unique. And we already forbid new user real names to match an existing user alias (check_name() enforces this and we use that when checking new user real names too), however, nothing prevented a new user account's alias from matching another existing user's real name. And this is a problem:1. This new/fake user could post a message or send an email/netmail and it would appear to possibly come from the other/original user (we do have options to send mail and post messages using real names)2. Received email for real names is supported and if enabled, this second account could be used to intercept mail for the original/first account if it was receiving mail for the original/real user's real name.So disallowing a new user's real name to match an existing alias fixes one problem. However, systems *can* be configured to allow duplicate real names (which is convenient for QWKnet accounts, for example) and so we needed another solution for that problem: meet the 'O' restriction. This restriction flag will prevent a user account from posting messages no sub-boards that require real names. New user accounts that have a duplicate real name (the same as another user account's real name), will automatically be assigned the 'O' restriction flag. Systems that don't allow duplicate real names wouldn't have this issue in the first place.Scripts that allow the creation of new user accounts might need some updating to match this security logic.
    --- SBBSecho 3.14-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell (on Windows 11)@1:103/705 to Git commit to main/sbbs/master on Tue Feb 13 22:43:12 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/6ed2240b1d276c4ef588549f
    Modified Files:
    src/sbbs3/newuser.cpp userdat.c
    Log Message:
    Detect and reject invalid birthdates during new user registration

    e.g. month and day reversed
    --- SBBSecho 3.20-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)