[Resuelto] Blacklist username

[Autor]

Mensajes

[Akhil]

hi. how do i blacklist certain username or pattern , in the username field ?

exp : admin, administrator, etc etc.

thanks.

[Nigel]

For that you would need to add server-side validation using the cred_form_validate hook.

The documentation includes an example of how to use it.

https://toolset.com/documentation/programmer-reference/cred-api/#cred_form_validate

You can use the PHP function stripos to check if a string contains or starts with "admin" for example.

enlace oculto

Let me know if you get stuck.

[Akhil]

Thanks,

I have this field user field : username [cred_field field='user_login ..] , my code is :

add_filter('cred_form_validate','my_validation',10,2);
function my_validation($error_fields, $form_data)
{
    //field data are field values and errors
    list($fields,$errors)=$error_fields;
    //uncomment this if you want to print the field values
    //print_r($fields);
    //validate if specific form
    if ($form_data['id']==6590)
    {
        //check my_field value
        if ($fields['user_login']['value']!='admin OR administrator OR author')
        {
            //set error message for my_field
            $errors['user_login']='Pls fill the username';
        }

        
    }
    //return result
    return array($fields,$errors);
}

somewhere is wrong i am guessing. ..

[Nigel]

Can you describe specifically what you want to achieve and I can try and help you.

You simply want to blacklist the three usernames "admin", "administrator", and "author".

That's it, nothing else?

[Akhil]

Hi Nigel yes,

what have toolset form set in place to prevent this case of public creating this kind of unwanted usernames ?
i guess none for now ? we can take it as future request if the large agree to this.

On your question. yes i need some kind of security in place, thats all. and also to display error "Pls fill the username" if the username field is empty.

Thank You,

[Nigel]

It is not necessary to check if any username has been entered as it is already a required field.

I updated your code to specify a list of restricted usernames:

add_filter( 'cred_form_validate', 'tssupp_validation', 10, 2 );
function tssupp_validation( $error_fields, $form_data ) {

    // split error_fields into fields and errors
    list( $fields,$errors ) = $error_fields;

    // apply to specific form
    if ( $form_data['id'] == 6590 ) { 

        // disallow restricted names
        $restricted = array( 'admin', 'administrator', 'author' );

        if ( isset( $fields['user_login']['value'] ) && in_array( $fields['user_login']['value'], $restricted ) ) {

            //set error message for my_field
            $errors['user_login'] = 'That username is restricted, please try another';
        }
         
    }

    return array( $fields, $errors );
}

There is nothing inherently unsafe about such usernames for non-admin users so I don't see this being added as a feature given that you can achieve it with the existing API, as above.

I tested the above and it worked fine, but let me know if you have any problems. It should be straightforward to expand the array of blacklisted usernames.

[Akhil]

Thanks Nigel ,

could you take a look at this too pls, i think christian not working tonight ?

https://toolset.com/forums/topic/passwords-do-not-match-function/