News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Allowing special characters in user names (SOLVED)

Started by DJF-1975, October 27, 2016, 09:36:38 AM

Previous topic - Next topic

DJF-1975

Hello community! (I'm using SMF Ver. 2.0.12)

I've searched these forums for a long time and I cannot find where I would change what characters are available to be used in user name registration and
regular use. I know there are some security issues regarding using certain characters, but I don't think it's gonna be an issue in our small community.
for example I'm a gaming site/clan so I have a lot of members who use TAGS with special characters such a <>[]{}-=  etc.
I realize I can have members change the display name VS the user name, but this is not a valid solution as people are a lot of times confused and would just rather have the same name as the display name as they're used to using whatever tags they have on their IGN etc.

Where do I look to change what's available for use and what isn't?

Thanks for your help!

Kindred

Quite honestly, we are not going to tell you how to break basic security protocols....

Even if you are a small site, if you are on the internet, then you are potentially vulnerable to hackers and script-kiddies. (security through obscurity does not work in today's world)

If your users can not figure out how to change their display name - instead of bypassing security and potentially breaking the system - I'd recommend installing the mod that separates the login name from display name during registration.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

DJF-1975

#2
Thanks for your reply.
I've been coding in multiple languages for over 30 years. I'll find it myself.


Arantor

You need to change a bunch of places for < and > because they're escaped to entity form everywhere (there is a separate list between allowed-in-username and allowed-in-display-name) and you can't just casually remove it from a single place.

From memory, the registration code, the profile code, the ban code, the PM PHP code, the PM JavaScript code for the autosuggest, and some of the stats processing code.

Though this only applies to < > & ' and " as all other characters should be left alone in most places, just not registration.

Honestly, I could see better solutions for this, like changing display based on user groups rather than trying to adjust this. Or a custom field and change its display. Or any number of things rather than sticking to "there is only one way to solve this problem" and I'd hope a developer of 30 years can understand that there may be a better solution to a problem than the first way they thought of.

DJF-1975

Quote from: Arantor on October 27, 2016, 06:32:35 PM
You need to change a bunch of places for < and > because they're escaped to entity form everywhere (there is a separate list between allowed-in-username and allowed-in-display-name) and you can't just casually remove it from a single place.

From memory, the registration code, the profile code, the ban code, the PM PHP code, the PM JavaScript code for the autosuggest, and some of the stats processing code.

Though this only applies to < > & ' and " as all other characters should be left alone in most places, just not registration.

Honestly, I could see better solutions for this, like changing display based on user groups rather than trying to adjust this. Or a custom field and change its display. Or any number of things rather than sticking to "there is only one way to solve this problem" and I'd hope a developer of 30 years can understand that there may be a better solution to a problem than the first way they thought of.

I've decided to just use the systems in place, as per the display name VS login name. It's just easier that way. It's specific on registration as I've made it clear that's the way to do it for new users and current users alike. If that's too much for them, it's their loss IMO.

Thanks for your input, and time!

D

Advertisement: