username restriction

rloyola

Is there a way to restrict the allowed string in the username during registration in a custom plugin?

example: spaces, . etc are not allowed

Kaspar

https://open.vanillaforums.com/discussion/comment/250727#Comment_250727

rloyola

Thank you!

subdreamer

Great posts, guys! Now is there any way to restrict predefined usernames?

donshakespeare

You mean to prevent certain words to be ever registered as a username by somebody (without due permission)?

subdreamer

https://open.vanillaforums.com/discussion/comment/258498#Comment_258498

Yes, exactly!

donshakespeare

You would need to add this function to your plugin or themehook, after the last closing curly bracket

TESTED, AND WORKS!!!

if (!function_exists('validateAgainstUsernameBlacklist')) {
    function validateAgainstUsernameBlacklist($value) {
        $vanillaBlackList = UserModel::getUsernameBlacklist();
        $myBlackList = c('Garden.User.UsernameBlacklist', 'boss, admin, administrator, owner, founder, staff, system, manager');
        //change the defaults ^^^
        $myBlackList = explode(',', $myBlackList);
        $myBlackList = array_map('trim', $myBlackList);
        $myBlackList = array_filter($myBlackList);
        $myBlackList = array_map('strtolower', $myBlackList);
        $finalList = array_merge($vanillaBlackList, $myBlackList);
        if (in_array(strtolower($value), $finalList)) {
            return '('.$value.') - '.t('Username is reserved. Please choose a different username.');
        }
        return true;
    }
}

To make $myBlackList more configurable, make a config for it (comma-separated list of names, case does not matter!):

$Configuration['Garden']['User']['UsernameBlacklist'] = 'boss, admin, administrator, owner, founder, staff, system, manager';

If you are curious what the existing vanilla blacklist is:

public static function getUsernameBlacklist() {
$pluginEndpoints = [
    'addons',
    'applyrank',
    'avatar',
    'card',
    'comments',
    'deletenote',
    'discussions',
    'facebookconnect',
    'following',
    'githubconnect',
    'hubsso',
    'ignore',
    'jsconnect',
    'linkedinconnect',
    'note',
    'notes',
    'online',
    'pegaconnect',
    'picture',
    'quotes',
    'reactions',
    'removepicture',
    'removewarning',
    'reversewarning',
    'salesforceconnect',
    'setlocale',
    'signature',
    'thumbnail',
    'twitterconnect',
    'usercard',
    'username',
    'viewnote',
    'warn',
    'warnings',
    'whosonline',
    'zendeskconnect'
];

subdreamer

Thanks a bunch, @donshakespeare! I appreciate your help. I'll try this out as soon as I can.

donshakespeare

Cheers!

When you try it let us know how it goes.

I use SSO, so I have a custom solution from the mother site :)

UPDATE...

I went and tested the code, so I corrected a few things above. Works as expected now.

somerandomfellow

Any recommended changes since the release of 2021.003 in regards to the username blacklist?

Bleistivt

@somerandomfellow You can also just add a ban rule for the user name to prevent it being registered.

somerandomfellow

@Bleistivt Where are the ban rules located?

I wondered if I could just append it as this method doesn't seem to work anymore.

Kaspar

See left side

somerandomfellow

@Kaspar You know what, didn't even realize the UI/Dashboard had a selection for username.

Thought it was just IP and email.

Nvm, although am still curious where the ban rules are in the directory as I'd like to change the alert/message users receive when being rejected.