+- UserSpice (https://userspice.com/forums)
+-- Forum: Support Center (https://userspice.com/forums/forumdisplay.php?fid=23)
+--- Forum: UserSpice 4.3 and Below (https://userspice.com/forums/forumdisplay.php?fid=26)
+--- Thread: Registration (/showthread.php?tid=150)
Registration - Sebastian - 05-30-2016
Hi,
I'm currently testing the registration form and the Username requires "No Spaces or Special Characters - Min 5 characters", but there is no check for spaces or special chars. Thus I included an new rule in "join.php", i.e.
Code:
'no_special_char' => true,<pre>
Code:
case 'no_special_char':
if (!ctype_alnum($value)) {
$this->addError(["{$display} must not contain special characters or spaces.",$item]);
}
break;Further, I found that it is not possible to use passwords containing some special chars, e.g. mypassword§${3bc1fe685386cc4c3ab89a3f76566d8931e181ad17f08aed9ad73b30bf28114d}, the validation says "Password and Confirm must match". Thus I found in "Validate.php" that the "$value" is sanitized, which is essentially the "htmlentities" check in "helpers.php". But, for the "match" case "$source[$rule_value]" is not sanitized. Thus I simply applied the sanitize function to "$source[$rule_value]" and everything works fine.
Cheers,
Sebastian
Registration - danh - 05-30-2016
Great catch! We can fix that. That is a holdover from an old version that never got updated.
Registration - Trioxin - 09-05-2016
Instead of using sanitize just add the same validation for updating the password. Of course I suppose you could change it to allow special characters. I'll wind up doing that since it's ridiculous to restrict people from using them.
Registration - mudmin - 09-06-2016
Yep. That's a legacy thing from UserCake. I agree. I also don't see why usernames need to be 5 or 6 characters. That will get changed. Obviously all that stuff is user changeable for a reason.