[Freeciv-Dev] (PR#12387) Multiple freeciv accounts

["Paul Zastoupil" <paul@xxxxxxxxxxxxx>]

<URL: http://bugs.freeciv.org/Ticket/Display.html?id=12387 >

On Mon, Feb 28, 2005 at 02:17:21PM -0800, Paul Zastoupil wrote:
> I was talking to Jason Short about Freeciv accounts.
> 
> Right now we basically have accounts in these locations:
> Wiki
> Forums
> RT
> Pubserver Auth
> 
> Information held in common:
> username (all)
> password (all)
> email (all)
> real name (wiki, RT)
> 
> It would be nice if everything across these was consistent.
> 
> How to make this happen?
> 
> Well, if we ignore the 600lbs gorilla of preexisting collisions, here
> is how I think we could make this happen.
> 
> They are all MySQL databases running on either www.freeciv.org or
> rt.freeciv.org.
> 
> 3 of the databases store passwords as md5s.  The fourth, RT, could easily
> be modified (its less than a 1 liner) to use md5.
> 
> None of the databases currently has a timestamp field in the users table.
> This means we could add that field across the board.
> 
>   "The TIMESTAMP column type provides a type that you can use to
>   automatically mark INSERT or UPDATE operations with the current date
>   and time."
> 
> 
> This would allow us to track changes to the users tables in their
> respective databases.  Periodically we could have a process that
> checks all of the tables and updates the latest one appropriately in
> each database.  If there is a new account it would have to know dummy
> fields for the appropriate tables and fill them in.
> 
> The only issues I currently see with this (beside the gorilla) is race
> conditions on account creation.  It should handle multiple changes within
> the syncronization period just fine using only the latest change, based
> on the timestamp.
> 
> I was thinking of a syncronization period in the range of 15 to 30
> minutes, but am not married to it.
> 
> I would love some comments, concerns, complaints, anything at all :)
> 
> And if you can find a silver bullet for the gorilla, I'm buying.

Ok, some more mulling over.
RT can handle MD5, so we are set there.

There is another hurdle, Username Validation.

RT has no validation, you can create any username you want, but you need a 
valid email address.

Freeciv proper has these restrictions:
const char illegal_chars[] = {'|', '%', '"', ',', '*', '<', '>', '\0'};

Wiki uses this:
( '' == $name ) ||
preg_match( "/\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}/", $name ) ||
(strpos( $name, "/" ) !== false) ||
(strlen( $name ) > $wgMaxNameChars) ||
($wgUseLatin1 && preg_match( "/[\x80-\xA0]/", $name )) ||
ucFirst($name) != $u->getName() )

The forums:
// Remove doubled up spaces
$username = preg_replace('#\s+#', ' ', $username);
// Limit username length
$username = substr(str_replace("\'", "'", $username), 0, 25);
$username = str_replace("'", "''", $username);

It also has a disallowed username table, so we could leverage that if its 
useful.

Thanks again for any comments.
-- 
Paul Zastoupil