fixing a small thing wher eusers could update theyr username to other users usernames

2026-05-15 10:20:47 +02:00
parent 37cf88a06e
commit a540a57efc
2 changed files with 88 additions and 457 deletions
@@ -43,7 +43,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    }

    // Sanitize and validate the input
-    $name = preg_replace("/[^a-zA-Z0-9_]/", "", $data['name']); // Allow only letters, numbers, and underscores
+    $name = strtolower(preg_replace("/[^a-zA-Z0-9_]/", "", $data['name']));
    $email = trim((string) $data['email']);
    if ($email !== "" && !filter_var($email, FILTER_VALIDATE_EMAIL)) {
        echo json_encode([
@@ -52,7 +52,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        ]);
        exit();
    }
-    $telegram_id = htmlspecialchars($data['telegram_id'], ENT_QUOTES, 'UTF-8'); // Escape special characters
+    $telegram_id = htmlspecialchars($data['telegram_id'], ENT_QUOTES, 'UTF-8');

    //check if username is allready taken
    $id_check=0;
@@ -63,8 +63,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    mysqli_stmt_store_result($stmt);
    mysqli_stmt_bind_result($stmt, $id_check);
    mysqli_stmt_fetch($stmt);
-    if(mysqli_stmt_num_rows($stmt) > 0 && $username!==$name){
-	//this username is allready taken
+    if((mysqli_stmt_num_rows($stmt) > 0 && $username!==$name) || $name === ""){
 	echo json_encode([
            'success' => false,
            'message' => 'Username allready taken. Please choose another username.'