HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

username restriction

Is there a way to restrict the allowed string in the username during registration in a custom plugin?

example: spaces, . etc are not allowed

Comments

  • Thank you!

  • Great posts, guys! Now is there any way to restrict predefined usernames?

  • You mean to prevent certain words to be ever registered as a username by somebody (without due permission)?

  • edited October 2019

    You would need to add this function to your plugin or themehook, after the last closing curly bracket

    TESTED, AND WORKS!!!

    if (!function_exists('validateAgainstUsernameBlacklist')) {
        function validateAgainstUsernameBlacklist($value) {
            $vanillaBlackList = UserModel::getUsernameBlacklist();
            $myBlackList = c('Garden.User.UsernameBlacklist', 'boss, admin, administrator, owner, founder, staff, system, manager');
            //change the defaults ^^^
            $myBlackList = explode(',', $myBlackList);
            $myBlackList = array_map('trim', $myBlackList);
            $myBlackList = array_filter($myBlackList);
            $myBlackList = array_map('strtolower', $myBlackList);
            $finalList = array_merge($vanillaBlackList, $myBlackList);
            if (in_array(strtolower($value), $finalList)) {
                return '('.$value.') - '.t('Username is reserved. Please choose a different username.');
            }
            return true;
        }
    }
    


    To make $myBlackList more configurable, make a config for it (comma-separated list of names, case does not matter!):

    $Configuration['Garden']['User']['UsernameBlacklist'] = 'boss, admin, administrator, owner, founder, staff, system, manager';
    

    If you are curious what the existing vanilla blacklist is:

    public static function getUsernameBlacklist() {
    $pluginEndpoints = [
        'addons',
        'applyrank',
        'avatar',
        'card',
        'comments',
        'deletenote',
        'discussions',
        'facebookconnect',
        'following',
        'githubconnect',
        'hubsso',
        'ignore',
        'jsconnect',
        'linkedinconnect',
        'note',
        'notes',
        'online',
        'pegaconnect',
        'picture',
        'quotes',
        'reactions',
        'removepicture',
        'removewarning',
        'reversewarning',
        'salesforceconnect',
        'setlocale',
        'signature',
        'thumbnail',
        'twitterconnect',
        'usercard',
        'username',
        'viewnote',
        'warn',
        'warnings',
        'whosonline',
        'zendeskconnect'
    ];
    


  • Thanks a bunch, @donshakespeare! I appreciate your help. I'll try this out as soon as I can.

  • edited October 2019

    Cheers!

    When you try it let us know how it goes.

    I use SSO, so I have a custom solution from the mother site :)

    UPDATE...

    I went and tested the code, so I corrected a few things above. Works as expected now.

  • edited April 2021

    Any recommended changes since the release of 2021.003 in regards to the username blacklist?

  • BleistivtBleistivt Moderator

    @somerandomfellow You can also just add a ban rule for the user name to prevent it being registered.

  • @Bleistivt Where are the ban rules located?

    I wondered if I could just append it as this method doesn't seem to work anymore.

  • KasparKaspar ✭✭✭

    See left side


  • edited April 2021

    @Kaspar You know what, didn't even realize the UI/Dashboard had a selection for username.

    Thought it was just IP and email.

    Nvm, although am still curious where the ban rules are in the directory as I'd like to change the alert/message users receive when being rejected.

Sign In or Register to comment.