News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Limit allowed membername characters

Started by qICEp, October 27, 2021, 02:11:49 PM

Previous topic - Next topic

qICEp

Hey folks, long story short, i need to limit username to certain characters.

A-Z a-z [] _

That's about it, so no special funky names.

As far as i understand, place where i need to edit it is in Subs-Members.php
Not sure if its only one place or i need to edit frontend javascript validation and/or something else.
Here is what looks like code responsible for checking characters in username:
// Only these characters are permitted.
if (preg_match('~[<>&"\'=\\\\]~', preg_replace('~&#(?:\\d{1,7}|x[0-9a-fA-F]{1,6});~', '', $regOptions['username'])) != 0 || $regOptions['username'] == '_' || $regOptions['username'] == '|' || strpos($regOptions['username'], '[code') !== false || strpos($regOptions['username'], '[/code') !== false)
$reg_errors[] = array('lang', 'error_invalid_characters_username');
Since im stranger to regex and its patterns, not to mention i have no idea why username is being checked if its single character _ or | i wont even try to edit it. Pretty sure i would scramble something that would work, users would register and i would find out there is critical bug after month and god knows how many registered accounts...

Kindred

I don't think I've ever heard of this happening before...


In your case, I'm going to make the rare suggestion that you edit directly in the database.
in smf_boards table
find the affected boards.
set the field id_parent to 0

this should bring the boards back and let you properly assign child/parent.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Aleksi "Lex" Kilpinen

I'm gonna go out on a limb here and guess Kindred was meaning to reply to some other post?
(Perhaps Error Message: does not have a valid parent )
Sad to say I'm no good with regex either, so I can't help much there.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

qICEp

Yeah im gonna assume the same. To clarify just in case. I need to limit allowed usernames on register/login to given characters in first post. So only that characters are allowed in username and thats it.

Kindred

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

vii

I had to add some code to remove Unicode combining characters if used excessively, since people could put them in their names/posts and have it overflow onto other posts/parts of the page. You could get pretty creative with it so they would expand quite a bit everywhere. Example:

test
C̱̙̳̲͇͉̄̄̚l̝̩̩̝̺̠͞ā̝͉̩̟͆u̻͈̘̞̪̅̿d̝̄̅͆̚i͇̙͈̎̚o̘̟̎̄̄̎
test


If you only edit Subs-Members.php, I think you're probably only going to capture new registrations. You'll want to add edit Profile-Modify.php::saveProfileFields() to strip extraneous characters before member data is updated. I've never been the greatest at regex, so I stuck with simple functions like:

function hasProhibitedNonAlphaNumeric($strName)
{
for ( $i = 0; $i < strlen($strName); ++$i )
{
$v = ord($strName[$i]);

if ( $v >= 48 && $v <= 57 )
continue;
else if ( $v == 32 || $v == 95 || $v == 91 || $v == 93 ) // space, _, [, ]
continue;
else if ( ($v >= 65 && $v <= 90) || ($v >= 97 && $v <= 122) ) // >= A && <= Z || >= a && <= z
continue;

return true;
}

return false;
}

I put it together quickly in notepad before work, so can't guarantee there aren't basic errors. Used this for ASCII values: https://www.asciitable.com/

Advertisement: