username restriction

Is there a way to restrict the allowed string in the username during registration in a custom plugin?

example: spaces, . etc are not allowed


  • Thank you!

  • subdreamersubdreamer San Jose, CA

    Great posts, guys! Now is there any way to restrict predefined usernames?

  • You mean to prevent certain words to be ever registered as a username by somebody (without due permission)?

  • edited October 2019

    You would need to add this function to your plugin or themehook, after the last closing curly bracket


    if (!function_exists('validateAgainstUsernameBlacklist')) {
        function validateAgainstUsernameBlacklist($value) {
            $vanillaBlackList = UserModel::getUsernameBlacklist();
            $myBlackList = c('Garden.User.UsernameBlacklist', 'boss, admin, administrator, owner, founder, staff, system, manager');
            //change the defaults ^^^
            $myBlackList = explode(',', $myBlackList);
            $myBlackList = array_map('trim', $myBlackList);
            $myBlackList = array_filter($myBlackList);
            $myBlackList = array_map('strtolower', $myBlackList);
            $finalList = array_merge($vanillaBlackList, $myBlackList);
            if (in_array(strtolower($value), $finalList)) {
                return '('.$value.') - '.t('Username is reserved. Please choose a different username.');
            return true;

    To make $myBlackList more configurable, make a config for it (comma-separated list of names, case does not matter!):

    $Configuration['Garden']['User']['UsernameBlacklist'] = 'boss, admin, administrator, owner, founder, staff, system, manager';

    If you are curious what the existing vanilla blacklist is:

    public static function getUsernameBlacklist() {
    $pluginEndpoints = [

  • subdreamersubdreamer San Jose, CA

    Thanks a bunch, @donshakespeare! I appreciate your help. I'll try this out as soon as I can.

  • edited October 2019


    When you try it let us know how it goes.

    I use SSO, so I have a custom solution from the mother site :)


    I went and tested the code, so I corrected a few things above. Works as expected now.

Sign In or Register to comment.