Users running a non-download version of Vanilla (pulled from github), on branch release/2019.016 or master from the last 2 weeks should upgrade to release/2019.017 or latest master for security reasons. Downloaded official open sources releases are not affected.

username restriction

Is there a way to restrict the allowed string in the username during registration in a custom plugin?

example: spaces, . etc are not allowed

Comments

  • Thank you!

  • subdreamersubdreamer San Jose, CA

    Great posts, guys! Now is there any way to restrict predefined usernames?

  • You mean to prevent certain words to be ever registered as a username by somebody (without due permission)?

    subdreamer
  • edited October 6

    You would need to add this function to your plugin or themehook, after the last closing curly bracket

    TESTED, AND WORKS!!!

    if (!function_exists('validateAgainstUsernameBlacklist')) {
        function validateAgainstUsernameBlacklist($value) {
            $vanillaBlackList = UserModel::getUsernameBlacklist();
            $myBlackList = c('Garden.User.UsernameBlacklist', 'boss, admin, administrator, owner, founder, staff, system, manager');
            //change the defaults ^^^
            $myBlackList = explode(',', $myBlackList);
            $myBlackList = array_map('trim', $myBlackList);
            $myBlackList = array_filter($myBlackList);
            $myBlackList = array_map('strtolower', $myBlackList);
            $finalList = array_merge($vanillaBlackList, $myBlackList);
            if (in_array(strtolower($value), $finalList)) {
                return '('.$value.') - '.t('Username is reserved. Please choose a different username.');
            }
            return true;
        }
    }
    


    To make $myBlackList more configurable, make a config for it (comma-separated list of names, case does not matter!):

    $Configuration['Garden']['User']['UsernameBlacklist'] = 'boss, admin, administrator, owner, founder, staff, system, manager';
    

    If you are curious what the existing vanilla blacklist is:

    public static function getUsernameBlacklist() {
    $pluginEndpoints = [
        'addons',
        'applyrank',
        'avatar',
        'card',
        'comments',
        'deletenote',
        'discussions',
        'facebookconnect',
        'following',
        'githubconnect',
        'hubsso',
        'ignore',
        'jsconnect',
        'linkedinconnect',
        'note',
        'notes',
        'online',
        'pegaconnect',
        'picture',
        'quotes',
        'reactions',
        'removepicture',
        'removewarning',
        'reversewarning',
        'salesforceconnect',
        'setlocale',
        'signature',
        'thumbnail',
        'twitterconnect',
        'usercard',
        'username',
        'viewnote',
        'warn',
        'warnings',
        'whosonline',
        'zendeskconnect'
    ];
    


    subdreamerR_Jrloyola
  • subdreamersubdreamer San Jose, CA

    Thanks a bunch, @donshakespeare! I appreciate your help. I'll try this out as soon as I can.

  • edited October 6

    Cheers!

    When you try it let us know how it goes.

    I use SSO, so I have a custom solution from the mother site :)

    UPDATE...

    I went and tested the code, so I corrected a few things above. Works as expected now.

    R_Jsubdreamer
Sign In or Register to comment.