News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Invalid Characters in Username???

Started by Inque187, August 18, 2006, 10:05:35 PM

Previous topic - Next topic

Inque187

I was attempting to change a user's login name via the admin interface and I was greeted with the error message: Invalid Characters in Username

Where is the setting to allow different characters in usernames? I looked all over the admin panel.
thank s much. BTW I am using SMF 1.1 RC2

jerm

What did you want to change the username to?

Inque187

I woul dlike to be able to allow users to use these characters in their username: = - [ ] { }

I found something in the loginout.php file but whenever I changed it, I still received the error message.

青山 素子

Why not just have them use the "Display Name" which allows those characters?
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Inque187

I found this sectin in the LogInOut.php file but whenever I tried to change or remove some of the characters that i wanted to allow, i still kept getting the Invalid Character in Username error message.

// No funky symbols either.
if (preg_match('~[<>&"\'=\\\]~', $_REQUEST['user']) != 0)
{
$context['login_error'] = &$txt[240];
return;
}

青山 素子

That should only catch names with < > & " ' = \ characters. Anything else is allowed by that regex
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Inque187

#6
So if I remove some of those characters, then users and myself should be be able to register (and change username via profile edit) correctly?

I removed the characters: [ = ]
if (preg_match('~<>&"\'\\\~', $_REQUEST['user']) != 0)
Uploaded the file and still received the error when trying to register and or change my username.

EDIT: I may have resolved my problem on my own. I did a search for the character string ~[<>&"\'=\\\]~ on all files in the forums folder. I found two more places that the strin occured. In the files Subs-Auth.php and Subs-Members.php the string is there and can be changed. Once I edited the allowed character string in those files, I was able to register and or change any username without that annoying error.

For those who come across this same problem, you will need to edit these three files in order to be able to allow more characters in registration or username changes:
LogInOut.php
Subs-Auth.php
Subs-Members.php


Just doa search for this string:
if (preg_match('~[<>&"\'=\\\]~', $_REQUEST['user']) != 0)

Compuart

#7
if you do this:
if (preg_match('~<>&"\'\\\~', $_REQUEST['user']) != 0)

you might as well not check the username for illegal characters. I wouldn't recommend it, as this adjustment allows breach of security!

Try the following instead:
if (preg_match('~[<>&"\'\\\]~', $_REQUEST['user']) != 0)

contrary to what you probably expect, this does allow square brackets. My former colleague lead developer couldn't live without square brackets, so you can be assured they're always allowed ;)
Hendrik Jan Visser
Former Lead Developer & Co-founder www.simplemachines.org
Personal Signature:
Realitynet.nl -> ExpeditieRobinson.net / PekingExpress.org / WieIsDeMol.Com

Inque187

Ok thanks. I did remove both the brackets and the equals sign and was able to allow users to register and change their username with those allowed characters.

Compuart

I know, but by leaving out the square brackets from that regular expression, it no longer checks for anything in that name, which is a bad thing from a security perspective.
Hendrik Jan Visser
Former Lead Developer & Co-founder www.simplemachines.org
Personal Signature:
Realitynet.nl -> ExpeditieRobinson.net / PekingExpress.org / WieIsDeMol.Com

Inque187

Ok, square brackets put back in. Thanks for the info.

Advertisement: