From 84270b705a0e0580d040679caa0b41cbe1d033ee Mon Sep 17 00:00:00 2001
From: Synox <synox@users.noreply.github.com>
Date: Tue, 9 Jan 2018 20:53:14 +0100
Subject: [PATCH] fix #27: forbid hostmaster users

---
 src/backend.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/backend.php b/src/backend.php
index 2a37669..a041713 100644
--- a/src/backend.php
+++ b/src/backend.php
@@ -120,7 +120,14 @@ function _load_emails($mail_ids, $address) {
 function _clean_username($username) {
     $username = strtolower($username);
     $username = preg_replace('/@.*$/', "", $username);   // remove part after @
-    return preg_replace('/[^A-Za-z0-9_.+-]/', "", $username);   // remove special characters
+    $username = preg_replace('/[^A-Za-z0-9_.+-]/', "", $username);   // remove special characters
+
+    if (in_array($username, array('root', 'admin', 'administrator', 'hostmaster', 'postmaster', 'webmaster'))) {
+        // Forbidden name!
+        return '';
+    }
+
+    return $username;
 }
 
 function _clean_domain($username) {