Topic: Help: Stricter duplicate user name checking

Hi there.  I'm new to PunBB and php, SQL as well so please bear with me here hmm

What'd I'd like is for PunBB to be a little stricter with new member registrations in making sure their user name isn't similar to an existing member's.  Along with being case-insensitive, I want to it to filter out all non-alphanumeric characters from both the users DB's username field and the new registration's username variable, then check them again each other.  So that for example "New Dude" or "New_Dude" wouldn't be able to register if there is already a "NewDude" member, and vice-versa.

I figure I should either change the code in register.php line 128

$result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE UPPER(username)=UPPER(\''.$db->escape($username).'\') OR UPPER(username)=UPPER(\''.$db->escape(preg_replace('/[^\w]/', '', $username)).'\')') or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());

or else add a username_filtered field to the users DB and check against that.  Any suggestions as to which approach would be better?  If it's the former, I would be uber grateful for an example of the code smile

BTW, this is probably a dumb question, but why is the users.username field 200 characters when new registrations are limited to 25?

Adam

Re: Help: Stricter duplicate user name checking

Change preg_replace('/[^\w]/'... to preg_replace('/[\W_]/'... ?

Re: Help: Stricter duplicate user name checking

Thanks for the response.  Even with that change though, if there was an existing member "New Dude", somebody else could still register as "NewDude" or "New_Dude", etc.  Any solution for preventing that as well?

Re: Help: Stricter duplicate user name checking

its pretty extreme i mean, what characters do you want to coun't as spaces? New.Dude? New-Dude? New~Dude? New'Dude?

Re: Help: Stricter duplicate user name checking

Yes smile

Basically I want everything but alphanumeric characters filtered out when checking.  It's not so much the particulars of the regular expression I'm worried about, it's how to filter characters out of the database variable in the first place.  PunBB uses preg_replace in

WHERE UPPER(username)=UPPER(\''.$db->escape(preg_replace('/[^\w]/', '', $username)).'\')

to filter characters out of the new registration's username variable, but I don't know how to do the same to the database username field.

6 (edited by AracornRed 2008-01-17 09:28)

Re: Help: Stricter duplicate user name checking

AracornRed wrote:

why is the users.username field 200 characters when new registrations are limited to 25?

This is technically a bump but I'm really curious as to the answer for the above.  I would like to use the username field in some other tables I am creating to integrate with PunBB, and am wondering if there's any reason not to set those fields to a length of say 50 characters or even 25 (the maximum username length that register.php allows).

Re: Help: Stricter duplicate user name checking

I believe it has to do with how Unicode characters are stored.

Re: Help: Stricter duplicate user name checking

The reason the field is that large is because of a peculiar behavior in IE6 (not sure about 7). If you post non iso8859-1 content into a form where the content-type of the page is iso8859-1, IE6 will submit the characters as HTML entities (or rather numeric character references). This means PunBB receives the text as a stream of & #1234; (without the space) type entities instead of the actual character. In order to solve this in 1.2, I just decided to store the HTML entity directly in the database and therefore increased the size of the fields.

In 1.3, this will no longer be a problem.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: Help: Stricter duplicate user name checking

Thanks for the info.  That was not at all the reason I expected, although it being due to quirky IE behavior is not much of a surprise roll