Mod: Strip bad characters from Username

[crystal]

I did this so my site's usernames would not be email or web addresses or contain any special characters. This mod will strip out all bad characters while the user is typing. It will allow only A-Z, 0-9, and underscore (_) to be typed into the username field.

Open templates/default/user/userjoin.tpl

Find this (lines 1-28)

Code:

{literal}
<script language="JavaScript" type="text/javascript">
<!-- //
function checkform(frm) {
  {/literal}
     {$validation}
  {literal}
}
function showterms(){
	newwin=window.open("terms.php","Terms","menubar=no, scrollbars=yes, width=420, height=380, directories=no,location=no,resizable=yes,status=no,toolbar=no");
}
function new_freecap()
{
	// loads new freecap image
	if(document.getElementById)
	{
		// extract image name from image source (i.e. cut off ?randomness)
		thesrc = document.getElementById("freecap").src;
		thesrc = thesrc.substring(0,thesrc.lastIndexOf(".")+4);
		// add ?(random) to prevent caching
		document.getElementById("freecap").src = thesrc+"?"+Math.round(Math.random()*100000);
	} else {
		alert("Sorry, cannot autoreload freecap image\nSubmit the form and a new freecap will be loaded");
	}
}
//-->
</script>
{/literal}

Replace with this:

Code:

{literal}
<script language="JavaScript" type="text/javascript">
<!-- //
function checkform(frm) {
  {/literal}
     {$validation}
  {literal}
}
function showterms(){
	newwin=window.open("terms.php","Terms","menubar=no, scrollbars=yes, width=420, height=380, directories=no,location=no,resizable=yes,status=no,toolbar=no");
}
function new_freecap()
{
	// loads new freecap image
	if(document.getElementById)
	{
		// extract image name from image source (i.e. cut off ?randomness)
		thesrc = document.getElementById("freecap").src;
		thesrc = thesrc.substring(0,thesrc.lastIndexOf(".")+4);
		// add ?(random) to prevent caching
		document.getElementById("freecap").src = thesrc+"?"+Math.round(Math.random()*100000);
	} else {
		alert("Sorry, cannot autoreload freecap image\nSubmit the form and a new freecap will be loaded");
	}
}
//Strip bad characters
var badChars = /[-?!$\\@\/\#%\^\&\*\(\)\[\]\+\{\}\`\~\=\.,\'\";:|><]/;
function checkChars(val) {
var strPass = val.value;
var strLength = strPass.length;
var lchar = val.value.charAt((strLength) - 1);
if(lchar.search(badChars) != -1) {
var tst = val.value.substring(0, (strLength) - 1);
val.value = tst;
   }
}
// -->
</script>
{/literal}

Find this (now around line 153):

Code:

<input name="username" type="text" id="username" value="{$username}" size="{$smarty.const.FIELD_SIZE}" />

Replace with this:

Code:

<input name="username" type="text" id="username" value="{$username}" size="{$smarty.const.FIELD_SIZE}" maxlength="30"  onKeyUp="javascript:checkChars(login.username);"/>

Note: I have added a max length of 30 to the username field. This can be changed to your preference. I recommend setting a max length for all fields.