I'm in the process of moving from MyPHPNuke to Geeklog and came across something that left me speechless. It seems Geeklog allows ANY character to be used as a username, including HTML and things like !@#$%^&*()| . So in place of posting and whinning I've come up with a fix. The following function should be placed in lib-custom.php and is based on an equivelent function from MPN. Basically it will allow you three levels of username, loose, medium and strict where strict is more or less only alphanumeric, my preference. To use this function, this is the sucky part, you have to add a line to users.php to call the userCheck function. Not perfect but not the end of the world. This has only been tested on GL 1.3.8.
This doesn't return anything pretty, just a blank page with an error message. If anyone has the time I wouldn't mind seeing this display the error at the top of the user registration page. I just don't have the time, got enough to do to switch
my site[*1] to Geeklog from MPN.
Up next, MPN forum and link conversion tools.
Enjoy.
Paul
Instructions:
Find the createuser function in users.php, after the following line:
$username = trim ($username);
add a call to the userCheck function:
userCheck($username);
Here's the userCheck function, cut and paste this to the end of your lib-custom.php.
// Based on function userCheck from MyPHPNuke
function userCheck($uname) {
global $_CONF,$_TABLES, $LANG04;
// Set uname_test_level below to choose how strict the check should be.
$uname_test_level = 0;
$strict = "^a-zA-Z0-9_"; // $uname_test_level = 0
$medium = $strict.",.$%#@!'""; // $uname_test_level = 1
$loose = $medium."?{}[]()^&*`~;:+="; // $uname_test_level = 2
switch($uname_test_level) {
case 0:
$restriction = $strict;
break;
case 1:
$restriction = $medium;
break;
case 2:
$restriction = $loose;
break;
}
if ((!$uname) || ($uname=="") || (ereg("[".$restriction."-]",$uname))) {
print 'Invalid username, username can only contain ' . $restriction;
exit;
}
if (strlen($uname) > 25) {
print 'Username can only be a maximum of 25 characters.';
exit;
}
if (eregi("^((root)|(adm)|(linux)|(webmaster)|(admin)|(god)|(administrator)|(administrador)|(nobody)|(anonymous)|(anonimo)|(anĂ³nimo)|(operator))$",$uname)) {
print 'Invalid username, username is reserved';
exit;
}
if (strrpos($uname,' ') > 0) {
print 'Username cannot contain spaces';
exit;
}
return $retval;
}