From 72feceb3690f6fc76fa7dd91002c814bf32565b8 Mon Sep 17 00:00:00 2001
From: Michael <Michael@some.where>
Date: Mon, 10 Apr 2017 18:44:29 -0400
Subject: Fix massive security bug with display names

---
 Project-Unite/Controllers/AccountController.cs | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'Project-Unite/Controllers/AccountController.cs')

diff --git a/Project-Unite/Controllers/AccountController.cs b/Project-Unite/Controllers/AccountController.cs
index e23572d..6ee32d0 100644
--- a/Project-Unite/Controllers/AccountController.cs
+++ b/Project-Unite/Controllers/AccountController.cs
@@ -179,6 +179,16 @@ The addressed used to send this message is not a no-reply address. In fact, my n
         {
             if (ModelState.IsValid)
             {
+                using(var temp = new ApplicationDbContext())
+                {
+                    if(temp.Users.FirstOrDefault(x=>x.UserName==model.Username) != null)
+                    {
+                        ModelState.AddModelError("Your display name is already taken.");
+                        return View(model);
+                    }
+                }
+
+
                 var user = new ApplicationUser { UserName = model.Email, Email = model.Email, DisplayName = model.Username, Codepoints = 0, JoinedAt = DateTime.Now, MutedAt = DateTime.Now, BannedAt = DateTime.Now, LastLogin = DateTime.Now };
                 var result = await UserManager.CreateAsync(user, model.Password);
                 if (result.Succeeded)
-- 
cgit v1.2.3