HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Username validation

Does anyone knows why the following regex does not work for validation? I would like users to be able to use any character they like.

$Configuration['Garden']['User']['ValidationRegex'] = '[.*]+';

nor

$Configuration['Garden']['User']['ValidationRegex'] = '[.]';

Comments

  • Because "." and "*" inside the matching brackets are taken literally. But you certainly do not want to allow user names that only consist of dots and stars. If you want to allow any number of characters, use only this

     $Configuration['Garden']['User']['ValidationRegex'] = '.+';
    
  • warzydwarzyd New
    edited December 2020

    Does not work too. Whenever trying to put any username during the registration, all i get is:

    Usernames must be 3-20 characters and consist of letters, numbers, and underscores.

  • KasparKaspar ✭✭✭

    Remember to clear /cache

  • Cleared /cache/Smarty, /cache/theme and /cache/twig folders without any results.

  • That's another setting. This is the default: $Configuration['Garden']['User']['ValidationLength'] = "{3,20}";

    You can set it to {1, 191} if you like to, but don't exceed 191 since that is the columns maximim length. Since it would completly mess up every view, I would keep it to a much lesser limit anyway

  • warzydwarzyd New
    edited December 2020

    @R_J Forgot to mention that whenever i put '.+' i am unable to register any username. Whatever characters I type (even the simplest string like test123) i still get the same error about Usernames must be 3-20 characters ...

    So basically, after setting up own regex, registration form does not work because validation do not want to pass any username.

  • To find things like that by yourself, search the source code for things you already know, like e.g. "ValidationRegex" and you will see the other configuration option in the file functions.validation.php right next to the one you already knew 👍️

  • Did it before I decided to create this topic ;) There are only 2 functions responsible for the username validation. So basically, definition above located in conf.php file should work but because of unknown reasons, don't.


  • R_JR_J Admin
    edited December 2020

    Oh, I found the problem! This is where the config values are used:

    $validateUsernameRegex = sprintf(
       "[%s]%s",
       c("Garden.User.ValidationRegex", $defaultPattern),
       c("Garden.User.ValidationLength", "{3,20}")
    );
    


    As you can see the regex is created by "sprintf [regex]length" which requires the regex config to be a character class. The length could either be a range like the default is or either a "+" or even a "*" although this still wouldn't allow a user name of zero length for other reasons. But the main "problem" is that the regex is enclosed in brackets. I would say that "\w\s" should be permissive enough, but if you like to change that, you need to define a function validateUsernameRegex which returns ".+"

    That would require a /conf/bootstrap.before.php file where you put that simple function:

    <?php
    function  validateUsernameRegex() {
        return '.*';
    }
    
  • warzydwarzyd New
    edited December 2020

    Seems like you are right and I thought that the following declaration

    $Configuration['Garden']['User']['ValidationRegex'] = '\w\s';
    

    would do the trick but it doesn't. Looks like such basic character like "-" is still not allowed.

    However, it seems like adding extra \W do the job as it does accept characters like *-+=)

    $Configuration['Garden']['User']['ValidationRegex'] = '\w\s\W';
    


Sign In or Register to comment.