function validate($data, $action, $options = array()) { $data = parent::validate($data, $action, $options); if (!$data) { return $data; } switch ($action) { case 'create': $data['active'] = array_key_exists('active', $data) ? $data['active'] : true; //We need either an email, mobile number or username to register a user //Lower ASCII only if (!empty($data['username'])) { $data['username'] = filter_var(trim($data['username']), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH); //TODO Make the banned usernames configurable $banned_usernames = array('root', 'admin', 'superadmin', 'superuser', 'webadmin', 'postmaster', 'webdeveloper', 'webmaster', 'administrator', 'sysadmin'); if (in_array($data['username'], $banned_usernames) && BackendUser::hasSuperUser()) { Backend::addError('Please choose a valid username'); return false; } } if (empty($data['username']) && empty($data['email']) && empty($data['mobile'])) { Backend::addError('Please provide a username'); } //If the username is an email address, make it the email address if (!empty($data['username']) && filter_var($data['username'], FILTER_VALIDATE_EMAIL)) { if (!empty($data['email'])) { list($data['username'], $data['email']) = array($data['email'], $data['username']); } else { $data['email'] = $data['username']; unset($data['username']); } } $data['salt'] = get_random('numeric'); $data['password'] = md5($data['salt'] . $data['password'] . Controller::$salt); if (ConfigValue::get('application.confirmUser')) { $data['confirmed'] = false; } else { $data['confirmed'] = array_key_exists('confirmed', $data) ? $data['confirmed'] : true; } break; case 'update': if (!empty($data['password'])) { $data['password'] = md5($this->array['salt'] . $data['password'] . Controller::$salt); } break; } return $data; }