Remove leading/trailing spaces from 'Username' field on login screen

Started by GL700Wing, August 10, 2022, 10:16:26 PM

Previous topic - Next topic


Yesterday I received an email message from a forum member who was a bit frustrated that he had been unable to login and was getting a 'Password incorrect' error message.  He was eventually able to login once he deleted the space that was being automatically added to the end of his username on the login screen by the auto-fill process of the browser he was using.

When a user creates a password SMF passes their username and password to a hash function and inserts the result into the 'password' field of the 'members' table in the database.  During the login process the supplied username and password are hashed and compared to the value stored in the database - if they match the user is allowed to login.

If the auto-fill process of a browser adds a trailing space (or the member accidentally adds a leading or trailing space) to the username field on the login screen they will not be able to login because the hash of the supplied username and password will not match the value stored in the database.

To address this issue I've added the following code to ./Sources/LogInOut.php:
// And if it's too long, trim it back.
Add before:
// Trim spaces from both ends of the 'user' field.
$_POST['user'] = trim($_POST['user']);

Note: I have confirmed that both SMF 2.0.19 and SMF 2.1.2 trim leading and trailing spaces from new forum account usernames - I don't know if the same thing happened for earlier releases of SMF 2.0/2.1 ...
Life doesn't have to be perfect to be wonderful ...

"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas