Cant register with * in name

pzyhô · May 02, 2011, 01:29:07 PM

Well i know the "*" is the wildcard of the forum but is there a way to change the wildcard character to another for example "#" or something?

Cause some ppl want register with a * in the name

Thanks in advance

pzyhô

CapadY · May 02, 2011, 02:39:31 PM

* is not just the wildcard of the forum, it's the wildcard of all searchoptions on the whole internet.
So, changing it isn't the most smart option.

pzyhô · May 02, 2011, 02:46:15 PM

uhm ok but is there a way to allow register with * in name ?

pzyhô · May 11, 2011, 05:17:55 PM

bump

Is there a way ? :O

IchBin™ · May 11, 2011, 06:01:39 PM

Typically when you take input from user data into your database, you want to control what is allowed in their input to limit the attack vectors where people can try to hack your site. The "*" is universal character used in many different places. In particular worry here, mysql uses it as a wildcard when doing queries. Allowing such things is bad security IMO. While certainly one can defend against such things, typically you should try not to defend, but prevent. As you can see by the comment in this code that checks for that character.

Code (find in Sources/Subs-Members.php) Select


	// Characters we just shouldn't allow, regardless.
	foreach (array('*') as $char)
		if (strpos($checkName, $char) !== false)
			if ($fatal)
				fatal_lang_error('username_reserved', 'password', array($char));
			else
				return true;

Remove it if you dare, but we do not suggest it.

pzyhô · May 11, 2011, 06:17:42 PM

uhm ok if it is a security risk i dont change it, thanks anyways

News:

Cant register with * in name

pzyhô

CapadY

pzyhô

pzyhô

IchBin™

pzyhô