use function with preg_match to check username

app/Controllers/userController.php

@@ -34,6 +34,11 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		return $passwordHash == '' ? '' : $passwordHash;
 	}
 
+	public static function checkUsername($username) {
+		$match = '/^[a-zA-Z_]{1,38}$/';
+		return preg_match($match, $username) === 1;
+	}
+
 	/**
 	 * This action displays the user profile page.
 	 */
@@ -103,9 +108,8 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		if (!is_array($userConfig)) {
 			$userConfig = array();
 		}
-        $aValid = array('-', '_', '.');
 
-		$ok = ($new_user_name != '') && ctype_alnum(str_replace($aValid, '', $new_user_name));
+		$ok = self::checkUsername($new_user_name);
 
 		if ($ok) {
 			$languages = Minz_Translate::availableLanguages();
@@ -188,8 +192,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		$db = FreshRSS_Context::$system_conf->db;
 		require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php');
 
-        $aValid = array('-', '_', '.');
-		$ok = ctype_alnum(str_replace($aValid, '', $username));
+		$ok = self::checkUsername($username);
 		if ($ok) {
 			$default_user = FreshRSS_Context::$system_conf->default_user;
 			$ok &= (strcasecmp($username, $default_user) !== 0);	//It is forbidden to delete the default user

app/Models/Auth.php

@@ -182,8 +182,7 @@ class FreshRSS_Auth {
 
 class FreshRSS_FormAuth {
 	public static function checkCredentials($username, $hash, $nonce, $challenge) {
-		$aValid = array('-', '_', '.');
-		if (!ctype_alnum(str_replace($aValid, '', $username)) ||
+		if (!FreshRSS_user_Controller::checkUsername($username) ||
 				!ctype_graph($challenge) ||
 				!ctype_alnum($nonce)) {
 			Minz_Log::debug('Invalid credential parameters:' .

cli/_cli.php

@@ -20,9 +20,7 @@ function fail($message) {
 }
 
 function cliInitUser($username) {
-    $aValid = array('-', '_', '.');
-    
-	if (!ctype_alnum(str_replace($aValid, '', $username))) {
+	if (!FreshRSS_user_Controller::checkUsername($username)) {
 		fail('FreshRSS error: invalid username: ' . $username . "\n");
 	}
 

cli/create-user.php

@@ -16,9 +16,8 @@ if (empty($options['user'])) {
 	fail('Usage: ' . basename(__FILE__) . " --user username ( --password 'password' --api-password 'api_password'" .
 		" --language en --email user@example.net --token 'longRandomString --no-default-feeds' )");
 }
-$aValid = array('-', '_', '.');
 $username = $options['user'];
-if (!ctype_alnum(str_replace($aValid, '', $username))) {
+if (!FreshRSS_user_Controller::checkUsername($username)) {
 	fail('FreshRSS error: invalid username “' . $username . '”');
 }
 

cli/delete-user.php

@@ -9,9 +9,8 @@ $options = getopt('', array(
 if (empty($options['user'])) {
 	fail('Usage: ' . basename(__FILE__) . " --user username");
 }
-$aValid = array('-', '_', '.');
 $username = $options['user'];
-if (!ctype_alnum(str_replace($aValid, '', $username))) {
+if (!FreshRSS_user_Controller::checkUsername($username)) {
 	fail('FreshRSS error: invalid username “' . $username . '”');
 }
 

cli/do-install.php

@@ -47,8 +47,7 @@ if ($requirements['all'] !== 'ok') {
 	fail($message);
 }
 
-$aValid = array('-', '_', '.');
-if (!ctype_alnum(str_replace($aValid, '', $options['default_user']))) {
+if (!FreshRSS_user_Controller::checkUsername($options['default_user'])) {
 	fail('FreshRSS invalid default username (must be ASCII alphanumeric): ' . $options['default_user']);
 }