Add list of reserved usernames

2024-11-21 15:10:25 +00:00 · 2022-07-31 21:07:52 +02:00 · 2022-07-31 21:07:52 +02:00 · ee9f0b0714
commit ee9f0b0714
parent bb247d295c
2 changed files with 5 additions and 0 deletions
--- a/common_config.php
+++ b/common_config.php
@ -12,6 +12,7 @@ const DBNAME = 'postfix'; // Database
 const DBVERSION = 1; // Database schema version
 const PERSISTENT = true; // persistent database connection
 const CAPTCHA_DIFFICULTY = 1; // captcha difficulty from 0 to 3
+const RESERVED_USERNAMES = ['about', 'abuse', 'admin', 'administrator', 'billing', 'contact', 'daemon', 'ftp', 'help', 'hostmaster', 'info', 'legal', 'list', 'list-request', 'lists', 'maildaemon', 'mailerdaemon', 'mailer-daemon', 'marketing', 'media', 'news', 'newsletter', 'nobody', 'noc', 'noreply', 'no-reply', 'notification', 'notifications', 'notify', 'offer', 'offers', 'office', 'official', 'order', 'orders', 'phish', 'phishing', 'postmaster', 'root', 'sale', 'sales', 'security', 'service', 'services', 'shop', 'shopping', 'spam', 'staff', 'support', 'survey', 'system', 'team', 'teams', 'unsbubscribe', 'uucp', 'usenet', 'user', 'username', 'users', 'web', 'webmail', 'webmaster', 'webmasters', 'welcome', 'www']; // list of reserved usernames that can mot be used on public registration

 require_once( 'vendor/autoload.php' );

--- a/www/register.php
+++ b/www/register.php
@ -47,7 +47,11 @@ if ( isset( $_POST[ 'user' ] ) ) {
 			if ( ! $validator->isValid( "$user@$domain", new NoRFCWarningsValidation() ) ) {
 				$ok = false;
 				$msg .= '<div class="red" role="alert">The email address you specified is not valid</div>';
+			} elseif(in_array($user, RESERVED_USERNAMES, true)){
+				$ok = false;
+				$msg .= '<div class="red" role="alert">The user name you specified is reserved</div>';
 			}
+
 		}
 	}
 	if ( $ok ) {