[SOLVED] Dissallow Usernames

steviez · October 24, 2007

Hi,

On my signup form i need to stop people from signing up with the username admin etc. How is this done?

My code so far:

if (isset($_POST['signup_continue'])){

/* ... checking if username already exists */
$username_exists = mysql_query("SELECT * FROM users 
							WHERE username='".$_POST['username']."'");

/* ... checking if email address is already in use */								
$email_exists = mysql_query("SELECT * FROM users 
						 WHERE email='".$_POST['email']."'");

/* ... checking if email address has been banned */					 
$banned_exists = mysql_query("SELECT * FROM banned 
						  WHERE banned_email='".$_POST['email']."'");

/* username is empty */
if (empty($_POST['username'])){

$signup_error = '<table width="100%" border="0" cellpadding="4" cellspacing="0" class="error_table">
				  <tr>
			  <td width="10%" align="center"><img src="themes/' .$site_theme . '/images/icons/017.gif" /></td>
			  <td width="90%">' . $lang['signup_error'] . '</td>
			  </tr>
			  </table>
			  <br />';

}

/* username exists */
else if (mysql_num_rows($username_exists)==1){

$signup_error = '<table width="100%" border="0" cellpadding="4" cellspacing="0" class="error_table">
				  <tr>
			  <td width="10%" align="center"><img src="themes/' .$site_theme . '/images/icons/017.gif" /></td>
			  <td width="90%">' . $lang['signup_error_usernameX'] . '</td>
			  </tr>
			  </table>
			  <br />';

}

/* username includes invalid characters */
else if (!preg_match("/^[a-zA-Z\d\-_]+$/i", $_POST["username"])){

$signup_error = '<table width="100%" border="0" cellpadding="4" cellspacing="0" class="error_table">
				  <tr>
			  <td width="10%" align="center"><img src="themes/' .$site_theme . '/images/icons/017.gif" /></td>
			  <td width="90%">' . $lang['signup_error_invalid'] . '</td>
			  </tr>
			  </table>
			  <br />';

}

Thanks

severndigital · October 24, 2007

i would define an array of usernames you don't want to log in prior to any of the if statments and then just add another else at the end of your script like this


$disallow = array("username1","username2","username3");

//then add something like this within your if/else

else if(in_array($disallow)){
  //the code that generates the error message or whatever
}

It's probably not the most robust way, but it should get the job done.

http://us2.php.net/manual/en/function.in-array.php //the link to the function at php.net

only one · October 24, 2007

Here's a quick solution:

if ((empty($_POST['username'])) || (strtolower($_POST['username']) == 'admin')){

severndigital · October 24, 2007

Here's a quick solution:

if ((empty($_POST['username'])) || (strtolower($_POST['username']) == 'admin')){

that will only accommodate one user name.

On my signup form i need to stop people from signing up with the username admin etc.

note the etc. at the end of the statement.

ale1981 · October 24, 2007

i would define an array of usernames you don't want to log in prior to any of the if statments and then just add another else at the end of your script like this
$disallow = array("username1","username2","username3");

//then add something like this within your if/else

else if(in_array($disallow)){
  //the code that generates the error message or whatever
}
It's probably not the most robust way, but it should get the job done.

http://us2.php.net/manual/en/function.in-array.php //the link to the function at php.net

I would use the solution above or by storing the disallowed names in lowercase form in a db table and query the table;


strtolower($_POST['username']);
$sql = 'SELECT * FROM dissallowed_users WHERE username="' .$_POST['username']. '"';

Zane · October 24, 2007

a good idea is to use a funciton to check it all at once

here's a markup I made out of some of it to give you the idea

function checkUser($theUser) {
$pass = true;
/* username is empty */
if (empty($_POST['username']))
$pass = false;
/* ... checking if username already exists */
$username_exists = mysql_query("SELECT * FROM users WHERE username='".$_POST['username']."'");
$pass = mysql_num_rows($username_exists) > 0?false:true;
/* ... checking if email address is already in use */								
$email_exists = mysql_query("SELECT * FROM users  WHERE email='".$_POST['email']."'");
$pass = mysql_num_rows($email_exists) > 0?false:true;
/* ... checking if email address has been banned */					 
$banned_exists = mysql_query("SELECT * FROM banned WHERE banned_email='".$_POST['email']."'");
$pass = mysql_num_rows($banned_exists) > 0?false:true;
if($theUser == 'admin')
$pass == false;

return $pass;'
}


if(checkUser('zanus'))
//if it passes then
//continue with signup

steviez · October 24, 2007

Thanks guys, in the end i used this code bellow:

<?php

$dissallowed_users = mysql_query("SELECT * FROM dissallowed_users WHERE username='".$_POST['username']."'");
else if (mysql_num_rows($dissallowed_users)==1){
$signup_error = '<table width="100%" border="0" cellpadding="4" cellspacing="0" class="error_table">
				  <tr>
			  <td width="10%" align="center"><img src="themes/' .$site_theme . '/images/icons/017.gif" /></td>
			  <td width="90%">Sorry but that usernane is not allowed</td>
			  </tr>
			  </table>
			  <br />';

}
?>

Thanks for all your help!

Sign In

[SOLVED] Dissallow Usernames

Recommended Posts

steviez

Link to comment

Share on other sites

severndigital

Link to comment

Share on other sites

only one

Link to comment

Share on other sites

severndigital

Link to comment

Share on other sites

ale1981

Link to comment

Share on other sites

Zane

Link to comment

Share on other sites

steviez

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information