Skip Navigation
Buy Now

Home Toolset Professional Support [Resolved] Blacklist username

[Resolved] Blacklist username

This thread is resolved. Here is a description of the problem and solution.

Problem:
Client wants to blacklist certain usernames on a User Form to register users.

Solution:
Server-side validation is required, such as with the following PHP code that should be added to the child theme's functions.php file:

add_filter( 'cred_form_validate', 'tssupp_validation', 10, 2 );
function tssupp_validation( $error_fields, $form_data ) {
 
    // split error_fields into fields and errors
    list( $fields,$errors ) = $error_fields;
 
    // apply to specific form
    if ( $form_data['id'] == 6590 ) { 
 
        // disallow restricted names
        $restricted = array( 'admin', 'administrator', 'author' );
 
        if ( isset( $fields['user_login']['value'] ) && in_array( $fields['user_login']['value'], $restricted ) ) {
 
            //set error message for my_field
            $errors['user_login'] = 'That username is restricted, please try another';
        }
          
    }
 
    return array( $fields, $errors );
}

Relevant Documentation:
https://toolset.com/documentation/programmer-reference/cred-api/#cred_form_validate

This support ticket is created 6 years, 3 months ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun Mon Tue Wed Thu Fri Sat
- 7:00 – 14:00 7:00 – 14:00 7:00 – 14:00 7:00 – 14:00 7:00 – 14:00 -
- 15:00 – 16:00 15:00 – 16:00 15:00 – 16:00 15:00 – 16:00 15:00 – 16:00 -

Supporter timezone: Europe/London (GMT+00:00)

Tagged: ,

This topic contains 6 replies, has 2 voices.

Last updated by Akhil 6 years, 3 months ago.

Assisted by: Nigel.

Author
Posts
#1082839

Akhil

hi. how do i blacklist certain username or pattern , in the username field ?

exp : admin, administrator, etc etc.

thanks.

#1082965

Nigel
Supporter

Languages: English (English ) Spanish (Español )

Timezone: Europe/London (GMT+00:00)

For that you would need to add server-side validation using the cred_form_validate hook.

The documentation includes an example of how to use it.

https://toolset.com/documentation/programmer-reference/cred-api/#cred_form_validate

You can use the PHP function stripos to check if a string contains or starts with "admin" for example.

hidden link

Let me know if you get stuck.

#1082971

Akhil

Thanks,

I have this field user field : username [cred_field field='user_login ..] , my code is : 

add_filter('cred_form_validate','my_validation',10,2);
function my_validation($error_fields, $form_data)
{
    //field data are field values and errors
    list($fields,$errors)=$error_fields;
    //uncomment this if you want to print the field values
    //print_r($fields);
    //validate if specific form
    if ($form_data['id']==6590)
    {
        //check my_field value
        if ($fields['user_login']['value']!='admin OR administrator OR author')
        {
            //set error message for my_field
            $errors['user_login']='Pls fill the username';
        }

        
    }
    //return result
    return array($fields,$errors);
}

somewhere is wrong i am guessing. ..

#1083062

Nigel
Supporter

Languages: English (English ) Spanish (Español )

Timezone: Europe/London (GMT+00:00)

Can you describe specifically what you want to achieve and I can try and help you.

You simply want to blacklist the three usernames "admin", "administrator", and "author".

That's it, nothing else?

#1083065

Akhil

Hi Nigel yes,

what have toolset form set in place to prevent this case of public creating this kind of unwanted usernames ?
i guess none for now ? we can take it as future request if the large agree to this.

On your question. yes i need some kind of security in place, thats all. and also to display error "Pls fill the username" if the username field is empty.

Thank You,

#1083692

Nigel
Supporter

Languages: English (English ) Spanish (Español )

Timezone: Europe/London (GMT+00:00)

It is not necessary to check if any username has been entered as it is already a required field.

I updated your code to specify a list of restricted usernames:

add_filter( 'cred_form_validate', 'tssupp_validation', 10, 2 );
function tssupp_validation( $error_fields, $form_data ) {

    // split error_fields into fields and errors
    list( $fields,$errors ) = $error_fields;

    // apply to specific form
    if ( $form_data['id'] == 6590 ) { 

        // disallow restricted names
        $restricted = array( 'admin', 'administrator', 'author' );

        if ( isset( $fields['user_login']['value'] ) && in_array( $fields['user_login']['value'], $restricted ) ) {

            //set error message for my_field
            $errors['user_login'] = 'That username is restricted, please try another';
        }
         
    }

    return array( $fields, $errors );
}

There is nothing inherently unsafe about such usernames for non-admin users so I don't see this being added as a feature given that you can achieve it with the existing API, as above.

I tested the above and it worked fine, but let me know if you have any problems. It should be straightforward to expand the array of blacklisted usernames.

#1084648

Akhil

Thanks Nigel ,

could you take a look at this too pls, i think christian not working tonight ?

https://toolset.com/forums/topic/passwords-do-not-match-function/

Known issues and solutions

Frequently asked support questions

Support tickets archive

Get help from experienced contractors

Meet Toolset support team

Toolset Customer Support Policy

Need to tell us something about the quality of support

How to remove personal information from your database for support