User System (Part 2 - Blocking Usernames)


Want to stop people registering on your site with names they shouldn't be using?
This tutorial will allow you to create a list of username which cannot be used during the signup process.

For this tutorial I will assume you already have followed the User System (Part 1) tutorial and this is working correctly.



Creating a list of blocked usernames


Inside the config.php lets set an array of regex bad usernames

PHP Code
  1. $blockedUsernames = array('/badword/i', '/testname[0-9]+/i', '/admin/i');




Blocking the Usernames


In the register.php file find the following line
PHP Code
  1. if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['cpassword']) || empty($_POST['email'])) {



Above this line add the following
PHP Code
  1. $badUsernameDetected = false;
  2. foreach ($blockedUsernames as $pattern) {
  3. if (preg_match($pattern, $username)) {
  4. $badUsernameDetected = true;
  5. break;
  6. }
  7. }
  8. if($badUsernameDetected) {
  9. echo "A field was left blank, please go back and try again.";
  10. } else



Full code for register.php
register.php
  1. <?php
  2. include "config.php";
  3.  
  4. if (isset($_GET['verify'])) { // Account verification process
  5. $code = $_GET['code']; // Directly use GET value (PDO already sanitizes input)
  6.  
  7. $getcode = $conn->prepare("SELECT * FROM `verification` WHERE `code` = :code");
  8. $getcode->execute([':code' => $code]);
  9.  
  10. if ($getcode->rowCount() == 0) {
  11. // Doesn't match any codes in the database
  12. echo "Invalid verification code!";
  13. } else {
  14. $userdata = $getcode->fetch(PDO::FETCH_ASSOC);
  15.  
  16. // userlevel of 2 indicates account has now been email activated
  17. $update = $conn->prepare("UPDATE `members` SET `userlevel` = '2' WHERE `username` = :username");
  18. $update->execute([':username' => $userdata['username'}});
  19.  
  20. // Remove the verification code from the database
  21. $delete = $conn->prepare("DELETE FROM `verification` WHERE `code` = :code");
  22. $delete->execute([':code' => $code]);
  23.  
  24. echo "Thank you, Your account has been verified.";
  25. }
  26. } else if (isset($_GET['register'])) { // User registration
  27. $badUsernameDetected = false;
  28. foreach ($blockedUsernames as $pattern) {
  29. if (preg_match($pattern, $username)) {
  30. $badUsernameDetected = true;
  31. break;
  32. }
  33. }
  34. if($badUsernameDetected) {
  35. echo "Username not allowed, please go back and try again.";
  36. } else if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['cpassword']) || empty($_POST['email'])) {
  37. // If any fields are left blank
  38. echo "A field was left blank, please go back and try again.";
  39. } else if ($_POST['password'] != $_POST['cpassword']) {
  40. // If passwords do not match
  41. echo "Your password and confirmation password do not match!";
  42. } else {
  43. // Hash password using a strong one-way hashing algorithm
  44. $password = password_hash($_POST['password'], PASSWORD_DEFAULT); // Encrypt the password
  45.  
  46. $cname = $conn->prepare("SELECT `username` FROM `members` WHERE `username` = :username");
  47. $cname->execute([':username' => $_POST['username'}});
  48.  
  49. if ($cname->rowCount() >= 1) {
  50. // Account already exists with this username
  51. echo "The username is already in use";
  52. } else {
  53. $email = $_POST['email'];
  54. if ($email_activation) { // Email activation is enabled
  55. $insert = $conn->prepare("INSERT INTO `members` (`username`, `password`, `email`) VALUES (:username, :password, :email)");
  56. $insert->execute([':username' => $_POST['username'], ':password' => $password, ':email' => $email]);
  57.  
  58. $code = substr(str_shuffle("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"), 0, 16); //Generate a random 16 charater code
  59.  
  60. $insert_verification = $conn->prepare("INSERT INTO `verification` (`username`, `code`) VALUES (:username, :code)");
  61. $insert_verification->execute([':username' => $_POST['username'], ':code' => $code]);
  62.  
  63. $link = "https://$host$self?verify&code=$code";
  64. // Send activation link to the user
  65. mail("$email", "Member-Ship Validation", "Thank you for registering on $sitename. Please copy the below link into your address bar: $link", "From: Site Verification");
  66.  
  67. echo "You are now registered, please check your email to activate your account.";
  68. } else { // No email activation
  69. $insert = $conn->prepare("INSERT INTO `members` (`username`, `password`, `email`, `userlevel`) VALUES (:username, :password, :email, '2')");
  70. $insert->execute([':username' => $_POST['username'], ':password' => $password, ':email' => $email]);
  71.  
  72. echo "You are now registered, you can now login to your account.";
  73. }
  74. }
  75. }
  76. } else { // Show the registration form
  77. echo "<form action='register.php?register' method='post'>
  78. <table>
  79. <tr><td>Username:</td><td><input type='text' name='username' size='30'></td></tr>
  80. <tr><td>Password:</td><td><input type='password' name='password' size='30'></td></tr>
  81. <tr><td>Confirm Password:</td><td><input type='password' name='cpassword' size='30'></td></tr>
  82. <tr><td>Email:</td><td><input type='text' name='email' size='30'></td></tr>
  83. <tr><td colspan='2'><input type='submit' value='Register'></td></tr>
  84. </table>
  85. </form>";
  86. }
  87. ?>
DanielXP's Avatar
Author:
Views:
42
Rating:
There are currently no comments for this tutorial, login or register to leave one.