How to block special charakters in username? How to block special charakters in username?
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

How to block special charakters in username?

Started by pawelfoto, December 15, 2009, 09:41:40 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

pawelfoto

December 15, 2009, 09:41:40 PM
Hello,


I have a problem with the users whose names contain special  and unusual characters like:  , ą, ó, ł and underscore.

Problem is, because username is passing to some script, and that script does not recognize these characters.

It is possible to rework scirpt so as to block these characters?

pawelfoto

#2
December 15, 2009, 09:44:13 PM
Sorry, i am absentminded.  I would like block it on registration page - register.php

Joachim Müller

#3
December 16, 2009, 08:43:04 AM
Quote from: pawelfoto on December 15, 2009, 09:44:13 PM
I would like block it on registration page - register.php
Edit register.php, find
Code Select
function check_user_info(&$error)and add your custom validation code, e.g. after
Code Select
if (utf_strlen($user_name) < 2) $error .= '<li>' . $lang_register_php['err_uname_short'];in a new line you might add something like
Code Select
if (!eregi("^[0-9a-zA-Z]$", $user_name)) $error .= '<li>Illegal character in username' ;

Quote from: pawelfoto on December 15, 2009, 09:41:40 PMProblem is, because username is passing to some script, and that script does not recognize these characters.
Better option: edit that other script to allow special characters.

pawelfoto

#4
December 16, 2009, 10:59:26 AM
 Hi
There is somethong wrong .. :-[

after adding the lines of code are blocked all the characters... Even if I want to register a user "abcd"  I gets message - Illegal character in username.

VEGA

#5
December 16, 2009, 04:27:26 PM
Code Select
if (!eregi("^[*-@-:-']$", $user_name)) $error .= '<li>Illegal character in username' ;

I included the characters that do not want them to be used for register. Not know if I can help you!

pawelfoto

#6
December 16, 2009, 04:43:18 PM
Quote from: VEGA on December 16, 2009, 04:27:26 PM
Code Select
if (!eregi("^[*-@-:-']$", $user_name)) $error .= '<li>Illegal character in username' ;

I included the characters that do not want them to be used for register. Not know if I can help you!

That's clever  :)

I need to check it.

Joachim Müller

#7
December 16, 2009, 05:53:08 PM
Better to revert the logic by removing the exclamation mark: you probably haven't thought of all harmfull chracters. A whitelist is better than a blacklist in this aspect.

pawelfoto

#8
December 16, 2009, 06:29:49 PM
Finally I made it in this way:
Code Select
if (eregi("([^abcdefghijklmnopqrstuvwxyz0123456789])", $user_name)) $error .= '<li>Nieprawidłowy znak w nazwie użytkownika.' ;

This meets my expectations in 100%

phill104

#9
December 16, 2009, 06:56:13 PM
It is a mistake to think you can solve any major problems just with potatoes.

Joachim Müller

#10
December 17, 2009, 07:35:15 AM
...and what exactly is so different about your way? What's the use of
Code Select
if (eregi("([^abcdefghijklmnopqrstuvwxyz0123456789])", $user_name)) $error .= '<li>Nieprawidłowy znak w nazwie użytkownika.' ;in comparison to
Code Select
if (eregi("([^a-z0-9])", $user_name)) $error .= '<li>Nieprawidłowy znak w nazwie użytkownika.' ;
Print
Go Up Pages1
User actions