[support] getting the underscore to be unusable in user names

Cog Rusty cog.rusty at gmail.com
Wed Aug 1 21:34:25 UTC 2007 

On 8/1/07, Neil: esl-lounge.com <neil at esl-lounge.com> wrote:
> Could someone help me with the regex syntax for disallowing underscores:
>
> /**
>  * Verify the syntax of the given name.
>  */
> function user_validate_name($name) {
>   if (!strlen($name)) return t('You must enter a username.');
>   if (substr($name, 0, 1) == ' ') return t('The username cannot begin with a
> space.');
>   if (substr($name, -1) == ' ') return t('The username cannot end with a
> space.');
>   if (strpos($name, '  ') !== FALSE) return t('The username cannot contain
> multiple spaces in a row.');
>   if (ereg("[^\x80-\xF7 [:alnum:]@_.-]", $name)) return t('The username
> contains an illegal character.');
>   if (preg_match('/[\x{80}-\x{A0}'.          // Non-printable ISO-8859-1 +
> NBSP
>                    '\x{AD}'.                 // Soft-hyphen
>                    '\x{2000}-\x{200F}'.      // Various space characters
>                    '\x{2028}-\x{202F}'.      // Bidirectional text overrides
>                    '\x{205F}-\x{206F}'.      // Various text hinting
> characters
>                    '\x{FEFF}'.               // Byte order mark
>                    '\x{FF01}-\x{FF60}'.      // Full-width latin
>                    '\x{FFF9}-\x{FFFD}'.      // Replacement characters
>                    '\x{0}]/u',               // NULL byte
>                    $name)) {
>     return t('The username contains an illegal character.');
>   }
>   if (strpos($name, '@') !== FALSE &&
> !eregi('@([0-9a-z](-?[0-9a-z])*.)+[a-z]{2}([zmuvtg]|fo|me)?$', $name))
> return t('The username is not a valid authentication ID.');
>   if (strlen($name) > USERNAME_MAX_LENGTH) return t('The username %name is
> too long: it must be %max characters or less.', array('%name' => $name,
> '%max' => USERNAME_MAX_LENGTH));
> }
>
> what do all the Xxxxx characters signify? Also this line:


They are hex Unicode character codes


>   if (ereg("[^\x80-\xF7 [:alnum:]@_.-]", $name)) return t('The username
> contains an illegal character.');
>
> seems to be disallowing @, underscore, period and hyphen...or is it allowing
> them? Regular expressions were never my forte!


Neither mine. I think that one says that names can't begin (^) with
these characters. In the absence of better advice, I would change
something that I understand, for example I would copy and adapt the if
(strpos($name, '  ') !== FALSE) line which checks for double spaces.


>
> Neil
>
> ----- Original Message -----
> From: "Cog Rusty" <cog.rusty at gmail.com>
> To: <support at drupal.org>
> Sent: Wednesday, August 01, 2007 6:25 PM
> Subject: Re: [support] getting the underscore to be unusable in user names
>
>
> > Probably. I don't know if underscores would accept escaping with a
> > backslash (\_) in that field. You could try it.
> >
> >
> >
> > On 8/1/07, Neil: esl-lounge.com <neil at esl-lounge.com> wrote:
> >> Ah! I'd been reading your previous answer trying to work out its mystic
> >> meaning. :-)
> >>
> >> So I can't use Access Control to prevent underscores? Looks like I'll
> >> have
> >> to look more closely at the other earlier responses to my question.
> >>
> >> ----- Original Message -----
> >> From: "Cog Rusty" <cog.rusty at gmail.com>
> >> To: <support at drupal.org>
> >> Sent: Wednesday, August 01, 2007 6:09 PM
> >> Subject: Re: [support] getting the underscore to be unusable in user
> >> names
> >>
> >>
> >> > On 8/1/07, Cog Rusty <cog.rusty at gmail.com> wrote:
> >> >> On 8/1/07, Neil: esl-lounge.com <neil at esl-lounge.com> wrote:
> >> >> > I found a post on drupal.org that said you could do all of this via
> >> >> > Access
> >> >> > Rules.
> >> >> >
> >> >> > http://drupal.org/node/29694
> >> >> >
> >> >> > So I went there and entered the following three rules to outlaw
> >> >> > underscores
> >> >> >
> >> >> > _% - deny/username
> >> >> > %_ - deny/username
> >> >> > %_% - deny/username
> >> >> >
> >> >> > .....and found myself and every other username blocked from the
> >> >> > site,
> >> >> > unable
> >> >> > to log in without getting a "this username has been reserved" error
> >> >> > message.
> >> >> > Totally frozen out of the site, I had to go into phpmyadmin and get
> >> >> > rid
> >> >> > of
> >> >> > those three entries from the "access" table. Have I ignored
> >> >> > something
> >> >> > glaringly obvious with those deny rules?
> >> >>
> >> >>
> >> >> You probably know by now. Those rules for forbidding access can do
> >> >> what you want but that is just a bonus. Their main function is to
> >> >> forbid access to anyone with such a username. Good idea for a new site
> >> >> though.
> >> >
> >> > Oops! I just noticed you said "every" user. Underscore is a wildcard
> >> > for any single character.
> >> > --
> >> > [ Drupal support list | http://lists.drupal.org/ ]
> >> >
> >>
> >> --
> >> [ Drupal support list | http://lists.drupal.org/ ]
> >>
> > --
> > [ Drupal support list | http://lists.drupal.org/ ]
> >
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>

More information about the support mailing list