for security reasons i want the users on my website not to be able to register a username that resembles their email adress. Someone with email adress [email protected] cant register as user or us.er, etc
For example i want this not to be possible:
tester -> [email protected] (wrong) tes.ter -> [email protected] (wrong) etc.
But i do want to be able to use the following:
tester6 -> [email protected] (good) etc.
//edit tester6 is wrong too. i ment user6 -> [email protected] (good).
Does anyone have an idea how to achieve this, or something as close as possible. I am checking this in javascript, and after that on the server in php.
Ciao!
ps. Maybe there is some jquery plugin to do this, i can't find this so far. The downside tho of using a plugin for this, is that i have to implement the same in php. If it is a long plugin it will take some time to translate.
//Edit again If i only check the part before the @ they can still use userhotmail, or usergmail, etc. If they supply that there email is abvious.
for security reasons i want the users on my website not to be able to register a username that resembles their email adress. Someone with email adress [email protected] cant register as user or us.er, etc
For example i want this not to be possible:
tester -> [email protected] (wrong) tes.ter -> [email protected] (wrong) etc.
But i do want to be able to use the following:
tester6 -> [email protected] (good) etc.
//edit tester6 is wrong too. i ment user6 -> [email protected] (good).
Does anyone have an idea how to achieve this, or something as close as possible. I am checking this in javascript, and after that on the server in php.
Ciao!
ps. Maybe there is some jquery plugin to do this, i can't find this so far. The downside tho of using a plugin for this, is that i have to implement the same in php. If it is a long plugin it will take some time to translate.
//Edit again If i only check the part before the @ they can still use userhotmail, or usergmail, etc. If they supply that there email is abvious.
Share Improve this question edited Nov 25, 2009 at 12:28 Saif Bechan asked Nov 25, 2009 at 11:47 Saif BechanSaif Bechan 17.2k23 gold badges85 silver badges125 bronze badges 13- 5 why would this benifit security? – NDM Commented Nov 25, 2009 at 11:51
- In what way is tes.ter worse than tester6? – Jonas Elfström Commented Nov 25, 2009 at 11:55
- Another question - why is tes.ter bad but tester6 good? They both differ by exactly one character. Can you be more specific (formal) about what is "good" and what is not? – Vilx- Commented Nov 25, 2009 at 11:55
- This is more a security issue for me as owner of the website. I want to minimize the amount of munication there is between the users. – Saif Bechan Commented Nov 25, 2009 at 11:57
- 1 I wouldnt go this way. I use my name as username on many websites (and in fact ones that won't allow me that have much bigger chance of never seeing me again - their loss :). And besides, I dont really see how having a username 'tester' would allow others to contact me: should they email [email protected], [email protected] or any other of zillions emailable domains out there? – kender Commented Nov 25, 2009 at 12:01
4 Answers
Reset to default 9Typically, I use the Levenshtein distance algorithm to check whether a password looks like a login.
PHP has a native levenshtein function and here is one written in JavaScript.
Something like this?
var charsRe = /[.+]/g; // Add your characters here
if (username.replace(charsRe, '') == email.split('@')[0].replace(charsRe, ''))
doError();
If all you want is to disallow user names that vary from the email address only with periods (.), you can remove periods from the user name and pare it with email address.
//I don't know php - translating this pseudo code won't be hard
$email = "[email protected]"
$emailname = $email.substring(0, $email.indexOf('@'));
$uname = "som.e.on.e";
$uname = $uname.replace(/\./g, "");//regex matching a '.' globally
if($uname === $emailname)
showInvalidNameErrorMessage();
Modified regex to prevent hyphens and underscores /[\-._]/g
Well, I am a newbie PHP developer. But the answer I have in my mind is, wouldn't it be great if you just allow them to register only with their email address (which won't be shared with others) and then ask for their first name and last name separately and only show their first name within public contents (i.e. Blogs, etc). I am not an expert in programming and if I am wrong please correct me and still I couldn't understand what you by security for you. Sorry for the bad English, I am not a native English speaker.