--- fenglin/bbs/user_service_reg.php	2025/04/23 06:36:57	1.2
+++ fenglin/bbs/user_service_reg.php	2025/12/23 09:23:10	1.6
@@ -34,7 +34,7 @@
 	header("Content-Type:application/json; charset=utf-8");
 
 	// Validate input data
-	if (!preg_match("/^[A-Za-z][A-Za-z0-9]{4,11}$/", $username))
+	if (!preg_match("/^[A-Za-z][A-Za-z0-9_]{4,11}$/", $username))
 	{
 		$result_set["return"]["code"] = -1;
 		array_push($result_set["return"]["errorFields"], array(
@@ -148,7 +148,7 @@
 	// Secure SQL statement
 	$nickname = mysqli_real_escape_string($db_conn, $nickname);
 	$realname = mysqli_real_escape_string($db_conn, $realname);
-	
+
 	// Begin transaction
 	$rs = mysqli_query($db_conn, "SET autocommit=0");
 	if ($rs == false)
@@ -159,7 +159,7 @@
 		mysqli_close($db_conn);
 		exit(json_encode($result_set));
 	}
-	
+
 	$rs = mysqli_query($db_conn, "BEGIN");
 	if ($rs == false)
 	{
@@ -172,7 +172,7 @@
 
 	// Check availability of username and nickname
 	$sql = "SELECT UID FROM user_list WHERE username = '$username' FOR UPDATE";
-	
+
 	$rs = mysqli_query($db_conn, $sql);
 	if ($rs == false)
 	{
@@ -214,9 +214,9 @@
 		));
 	}
 	mysqli_free_result($rs);
-	
+
 	$sql = "SELECT UID FROM user_pubinfo WHERE email = '$email' FOR UPDATE";
-	
+
 	$rs = mysqli_query($db_conn, $sql);
 	if ($rs == false)
 	{
@@ -246,7 +246,7 @@
 	// Create new user
 	$temp_password = gen_passwd(10);
 
-	$sql = "INSERT INTO user_list(username, temp_password) values('$username', '$temp_password')";
+	$sql = "INSERT INTO user_list(username, temp_password) values('$username', SHA2('$temp_password', 256))";
 
 	$rs = mysqli_query($db_conn, $sql);
 	if ($rs == false)
@@ -338,4 +338,3 @@
 
 	mysqli_close($db_conn);
 	exit(json_encode($result_set));
-?>