farkewie Posted December 23, 2006 Share Posted December 23, 2006 Hey i have a small site where my friends login and can register. it all works fine has been for ages but i have just had a few people make usernames using the "&" symbol, for somereason i cant actvate the account delete it or anything i have to go in to php myadmin and change there username to something without the "&" in it.so i have 2 questions..1) why does it become "locked" when "&" is in it?2) what do i need to add to the code below to check for it before it makes it past the registration proccess?here is the code which handles the registration form.[code]<??><? require_once ("signupconfig.php"); ?><HTML><HEAD><TITLE>vSignup 2.5</TITLE><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"></HEAD><BODY bgcolor="#FFFFFF" text="#000000"><? include ("auth.php"); $connection = mysql_connect($dbhost, $dbusername, $dbpassword); $db = mysql_select_db($dbname); // EDIT THIS IF YOU MODIFIED THE SIGNUP PAGE OR // IF YOU ARE USING YOUR OWN SIGNUP FORM // We use the addslashes() function on some variables to prevent SQL Injection $username = addslashes($_POST['username']); $password = $_POST['password']; $fname = $_POST['fname']; $lname = $_POST['lname']; $email = addslashes($_POST['email']); $country = $_POST['country']; $zipcode = $_POST['zipcode']; // SIGNUP SETTINGS $qSetup = mysql_query("SELECT * FROM signupsetup"); $SetupRow = mysql_fetch_array($qSetup); $ValidEmailDomains = $SetupRow['validemail']; $profile = $SetupRow['profile']; $defaultgroup = $SetupRow['defaultgroup']; $defaultlevel = $SetupRow['defaultlevel']; $AutoApprove = $SetupRow['autoapprove']; $AutoSend = $SetupRow['autosend']; $AutoSendAdmin = $SetupRow['autosendadmin']; // EMAILER SETTINGS $qEmailer = mysql_query("SELECT * FROM emailer WHERE profile='$profile'"); $EmailerRow = mysql_fetch_array($qEmailer); $EmailerName = $EmailerRow["name"]; $EmailerFrom = $EmailerRow["email"]; $EmailerSubject = $EmailerRow["subject"]; $EmailerMessage = $EmailerRow["emailmessage"]; // SIGNUP FORM PROCESSING $EmailQuery = mysql_query("SELECT * FROM signup WHERE email='$email'"); $email = strtolower($email); $EmailExist = mysql_num_rows($EmailQuery); // Returns 0 if not yet existing $username = strtolower($username); $UsernameQuery = mysql_query ("SELECT * FROM signup WHERE uname='$username'"); $UsernameExist = mysql_num_rows($UsernameQuery); if (trim($ValidEmailDomains)=="") { $EmailArray = ""; } else { $EmailArray = split (" ", $ValidEmailDomains); } // Generate confirmation key for settings which require one $confirmkey = md5(uniqid(rand())); // CHECK FOR RESERVED USERNAMES if (trim($username)=='sa' || trim($username)=='admin' || trim($username)=='test') { $UsernameExist = 1; } // CHECK FOR REQUIRED FIELDS if (empty($username)) { print "<p><font size=\"3\" face=\"Verdana, Arial\" color=\"#FF0000\"><b>Username field cannot be left blank!</b></font></p>"; exit; } if (empty($password)) { print "<p><font size=\"3\" face=\"Verdana, Arial\" color=\"#FF0000\"><b>Password field cannot be left blank!</b></font></p>"; exit; } if (empty($fname)) { print "<p><font size=\"3\" face=\"Verdana, Arial\" color=\"#FF0000\"><b>First Name field cannot be left blank!</b></font></p>"; exit; } if (empty($lname)) { print "<p><font size=\"3\" face=\"Verdana, Arial\" color=\"#FF0000\"><b>Last Name field cannot be left blank!</b></font></p>"; exit; } if (empty($email)) { print "<p><font size=\"3\" face=\"Verdana, Arial\" color=\"#FF0000\"><b>Email field cannot be left blank!</b></font></p>"; exit; } if (empty($country)) { print "<p><font size=\"3\" face=\"Verdana, Arial\" color=\"#FF0000\"><b>Tell me where i know you from!!</b></font></p>"; exit; } // Validate Email Address String $good = ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'. '@'. '[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.'. '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $email); if (!$good) { print "<p><font size=\"3\" face=\"Verdana, Arial\" color=\"#FF0000\"><b>Email field has invalid characters!</b></font></p>"; exit; } // Validate Email Address String - FOR VALID EMAIL DOMAINS $found=false; if ($EmailArray!="") { for ($ct=0;$ct<=sizeof($EmailArray)-1;$ct++) { if (eregi($EmailArray[$ct], $email)) { $ct=sizeof($EmailArray); $found=true; } else { $found=false; } } } else { $found = true; } if (!$found) { print "<p><font size=\"3\" face=\"Verdana, Arial\" color=\"#FF0000\"><b>Email address does not belong to the list of allowable email domains!</b></font></p>"; exit; } // Make sure username does not yet exist in the db if ($UsernameExist>0) { print "<p><font size=\"3\" face=\"Verdana, Arial\" color=\"#FF0000\"><b>Username already exists in the database!</b></font></p>"; exit; } // Make sure email address does not yet exist in the db if ($EmailExist>0) { print "<p><font size=\"3\" face=\"Verdana, Arial\" color=\"#FF0000\"><b>Email address already exists in the database!</b></font></p>"; exit; } // ********************************************************* // CHANGE THIS IF YOU WANT TO ADD FIELDS TO YOUR SIGNUP FORM // ********************************************************* // Add new member to table signup $addmember = mysql_query("INSERT INTO signup VALUES ('','$username','$fname','$lname','$email','$country','$zipcode',NOW(),'$confirmkey')"); // If SUCCESSFUL, add to vAuthenticate tables too if ($addmember) { // Is the member auto-approved or not? if ($AutoApprove==1) { $MemberStatus = "active"; } else { $MemberStatus = "inactive"; } $AddToAuth = new auth(); $add = $AddToAuth->add_user($username,$password,$defaultgroup,$defaultlevel,$MemberStatus,'', 0); } // Do we automatically send email notification to member or not? if ($AutoSend == 1) { // if successful in adding to vAuthenticate, send confirmation email if ($add==1) { // Replace all occurrences of the keys // AVAILABLE KEYS: [[UNAME]], [[LNAME]], [[FNAME]], [[PASSWD]], [[EMAIL]], [[CONFIRM]] $EmailerMessage = str_replace("[[UNAME]]", $username, $EmailerMessage); $EmailerMessage = str_replace("[[PASSWD]]", $password, $EmailerMessage); $EmailerMessage = str_replace("[[FNAME]]", $fname, $EmailerMessage); $EmailerMessage = str_replace("[[LNAME]]", $lname, $EmailerMessage); $EmailerMessage = str_replace("[[EMAIL]]", $email, $EmailerMessage); $EmailerMessage = str_replace("[[CONFIRM]]", $confirm . '?confirmkey=' . $confirmkey, $EmailerMessage); $sent = @mail($email, $EmailerSubject, $EmailerMessage, "From:$EmailerName<$EmailerFrom>\nReply-to:$EmailerFrom"); // $sent = @mail($email, $EmailerSubject, $EmailerMessage, "From:$EmailerName<$EmailerFrom>\nReply-to:$EmailerFrom\nContent-Type: text/html; charset=iso-8859-15"); } } // echo $EmailerMessage; // DEBUGGER // Do we automatically send notification message to the admin's email address (see signupconfig.php)? if ($AutoSendAdmin == 1) { if ($add==1) { $AdminSubject = "New Membership Application!"; $AdminMessage = "This is to inform you that " . $fname . " with the username " . $username . " has applied for membership to our site. ypu know them from -------------- " .$country. "****************** you can reply to " . $email . " click here to activate " . $$confirm . " " . $confirmkey . " [[CONFIRM]]"; $sent = @mail($adminemail, $AdminSubject, $AdminMessage, "From:$EmailerName<$EmailerFrom>\nReply-to:$EmailerFrom"); } }?><P><FONT size="3" face="Verdana, Arial, Helvetica, sans-serif" color="#FF0000"><B>Thank you for signing up!</B></FONT></P><P> <? if ($AutoSend == 1) { print "<p><font size=\"2\" face=\"Verdana, Arial, Helvetica, sans-serif\">"; print "A confirmation email was sent to the email address you specified. <br>"; print "Please confirm your membership as soon as you receive the email."; print "</font></p>"; } else { print "<p><font size=\"2\" face=\"Verdana, Arial, Helvetica, sans-serif\">"; print "Please click <a href=\"$RelLogin\">here</a> to go back to the login area"; print "</font></p>"; }?></P><P>Click <STRONG><A href="login.php">here</A></STRONG> to login </P><P>Or you can piss off!!</P><FORM method="get" action="http://www.google.com/custom"> <TABLE bgcolor="#FFFFFF" cellspacing="0" cellpadding="0" border="0"> <TR> <TD><A href="http://www.google.com/custom/"><IMG src="http://www.google.com/logos/Logo_40wht.gif" border="0" alt="Google" align="absmiddle"></A></TD> <TD><INPUT type="text" name="q" size="25" maxlength="255" value=""> <INPUT type="submit" name="btnG" value="Google Search"> <INPUT type="hidden" name="cof" value="L:/public_html/FLASH/logo.swf;AH:center;GL:2;BGC:#000000;BIMG:www.tyspics.com;T:#FF0000;GALT:#CCFF33;GIMP:#FF00FF;GFNT:#339900;LC:#FF00CC;ALC:#CC6600;VLC:#00FF00;"> </TD> </TR> </TABLE></FORM><P> </P></BODY></HTML>[/code]i tried to add this code but it kept saying i had invalid characters in it no matter what i put in[code] // Validate username Address String $good = ereg('&+/', $username); if (!$good) { print "<p><font size=\"3\" face=\"Verdana, Arial\" color=\"#FF0000\"><b>Username field has invalid characters!</b></font></p>"; exit; }[/code]thanksin advance for any help..[tt]cheers[/tt] Quote Link to comment https://forums.phpfreaks.com/topic/31682-how-to-stop-people-using-symbols-in-username-field/ Share on other sites More sharing options...
HuggieBear Posted December 24, 2006 Share Posted December 24, 2006 Try this code:[code=php:0]if (!preg_match("/[a-z0-9]/i", $username){ print "<p><font size=\"3\" face=\"Verdana, Arial\" color=\"#FF0000\"><b>Username field has invalid characters!</b></font></p>"; exit;}[/code]This should allow only numbers and letters, if you want a few additional characters, like underscore(_) period(.) or hyphen(-) then this needs to be altered slightly.RegardsHuggie Quote Link to comment https://forums.phpfreaks.com/topic/31682-how-to-stop-people-using-symbols-in-username-field/#findComment-147262 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.