1
Albright
Allow Spaces in Username Hack (easy!)
  • 2004/4/27 4:42

  • Albright

  • Just popping in

  • Posts: 7

  • Since: 2004/4/25


Normal hack caveats apply.

We're going to edit one file: register.php. Open it up, and go to lines 60-73. It should look something like this...

switch ( $xoopsConfigUser['uname_test_level'] ) {
    case 
0:
        
// strict
        
$restriction '/[^a-zA-Z0-9_-]/';
        break;
    case 
1:
        
// medium
        
$restriction '/[^a-zA-Z0-9_-<>,.$%#@!\'"]/';
        break;
    case 2:
        // loose
        
$restriction = '/[00-40]/';
        break;
    }


The following line of code should be added BEFORE this block of code. This line will prevent people from creating new accounts which "spoof" currently-existing accounts by adding extraneous spaces. For example, without this line, someone could spoof "The [space] Administrator" by creating an account with the name "The [space] [space] Administrator." This person wouldn't really have admin powers, but they could appear to post as the admin.

$uname preg_replace('/s+/'' '$uname);


Now, before the ] in the first two lines that start with $restriction, we want to add "\s", which signifies a whitespace as created by the space bar; on the third $restriction line, it needs to be "\s\". (Depending on your "strictness" setting in the User Info section of the site Preferences, you actually only have to edit the relevant line, but in order to not "break" things should you change this setting in the future, we'll do all three.) Note that \ is a BACKSLASH (the key above Return and below Delete on a Mac or above Enter and below Backspace on a PC), not a / SLASH (which shares a key with the ? question mark.) The block of code, with the line added to the beginning, should look like this...

$uname preg_replace('/s+/'' '$uname);
     switch ( 
$xoopsConfigUser['uname_test_level'] ) {
    case 
0:
        
// strict
        
$restriction '/[^a-zA-Z0-9_-s]/';
        break;
    case 
1:
        
// medium
        
$restriction '/[^a-zA-Z0-9_-<>,.$%#@!\'"s]/';
        break;
    case 2:
        // loose
        
$restriction = '/[00-40s]/';
        break;
    }


Now there's one more thing we gotta do. Let's look at lines 90-92 (they were lines 89-91 before we added that line of code above);

if ( strrpos($uname,' ') > ) {
        
$stop .= _US_NICKNAMENOSPACES."<br />";
    }


We don't want these lines. You could delete them if you want, but I suggest we "comment out" the lines instead. This means we're going to signify this code as a "comment" which should be ignored. To do this, we want to put /* before the block, and */ after it. (Note we're using a / slash this time, and not a \ backslash.)

/*    if ( strrpos($uname,' ') > 0 ) {
        $stop .= _US_NICKNAMENOSPACES."<br />";
    }*/


Save the file, and make a test account with a space in the username to make sure it works.

Xoops seems to work just fine with usernames with spaces... Let me know if something broke in your case.

2
wtravel
Re: Allow Spaces in Username Hack (easy!)

Albright,

Wonderfull hack!! I will try and see if that does the trick.

Regards,

Martijn

3
KubaZ
Re: Allow Spaces in Username Hack (easy!)
  • 2004/4/27 7:49

  • KubaZ

  • Just popping in

  • Posts: 37

  • Since: 2002/10/9


to avoid fake usernames like 'admin ' (some spaces on the right/left side) we can use php function trim (Strip whitespace from the beginning and end of a string)

..heh..now I've seen that register.php uses trim($uname)
so even we use this hack white spaces before and after username will be deleted



4
Albright
Re: Allow Spaces in Username Hack (easy!)
  • 2004/4/27 8:22

  • Albright

  • Just popping in

  • Posts: 7

  • Since: 2004/4/25


Ah, yeah, good eye, KubaZ... I also adjusted my post and added a line of code so that people can't spoof as people with spaces in the middle of their names ("The [space] Admin" and "The [space] [space] Admin.") trim() should put the kaibosh on all-space usernames too, so I took that part out as well.

5
Brad
Re: Allow Spaces in Username Hack (easy!)
  • 2004/4/27 13:57

  • Brad

  • Not too shy to talk

  • Posts: 150

  • Since: 2003/12/4


It'd be nice to see this hack integrated into the core. If you haven't yet, perhaps you should submit it to Feature Requests. If you are not able, or would rather not do it yourself, I can submit it for you.

6
drksoul
Re: Allow Spaces in Username Hack (easy!)
  • 2004/4/29 9:19

  • drksoul

  • Just popping in

  • Posts: 18

  • Since: 2004/3/24


Spectacular. Simply stellar work, you are a god among XOOPS users!

7
Albright
Re: Allow Spaces in Username Hack (easy!)
  • 2004/5/4 9:58

  • Albright

  • Just popping in

  • Posts: 7

  • Since: 2004/4/25


Shucks. It's just a li'l ol' three-minute hack, and I had to look up more info on regular expressions in order to do it (my regex experience is laughable).

Though one has to wonder that, if it really is this easy and it doesn't seem to break XOOPS at all, just what the XOOPS team's reason for going out of their way to prevent spaces in usernames was in the first place... I'm sure they had one.

8
Herko
Re: Allow Spaces in Username Hack (easy!)
  • 2004/5/4 10:03

  • Herko

  • XOOPS is my life!

  • Posts: 4238

  • Since: 2002/2/4 1


I have seen someone who had problems with the used editing is the admin section, which is probably due to this hack... at least they started when he installed this hack, and they are username related. If you can do some extensive testing, and add the report to the patch tracker on sourceforge.net's XOOPS project pages, then it would be wonderful

Herko

9
irmtfan
Re: Allow Spaces in Username Hack (easy!)
  • 2004/5/4 14:48

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


i replace first register.php file and see my problem is not related to this hack

its simply a cool work for use space in username

u can see my problem with admin groups here

10
Albright
Re: Allow Spaces in Username Hack (easy!)
  • 2004/5/5 10:06

  • Albright

  • Just popping in

  • Posts: 7

  • Since: 2004/4/25


Okay... so you're saying the problem occurred even with a non-edited version of register.php, and therefore the problem isn't related to your hack?

Just wanna make sure... I couldn't entirely understand either your or Herko's posts. For what it's worth, I just tested the group modification thingy, and I can see both boxes. I've been running a site which has had this hack for about a week now, and it has had members joining it for the last four days or so; sixteen of the members have put spaces in their name, and no incidents so far. I'd like to hear from others who have had had successes -- or disasters -- with this hack, please...

Herko: Perhaps I shall take your advice and submit this as a patch, though I'm a bit nervous as it will be my first time doing such a thing... That, and it could be a tad more efficient.

Login

Who's Online

84 user(s) are online (59 user(s) are browsing Support Forums)


Members: 0


Guests: 84


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: May 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits