search

Znote / ZnoteAAC

Developement repository for the Znote AAC project. A website portal to represent and manage your Open Tibia server.
MIT License
145 stars 127 forks source link

Account Name add Symbols #473

Closed kungen32 closed 3 years ago

kungen32 commented 3 years ago

Hello

Im trying to add symbols like @ and . into username ( account name ) but seems is not the good method on a-zA-Z0-9

if ($config['ServerEngine'] !== 'OTHIRE' && $config['client'] >= 830) { if (preg_match("/^[a-zA-Z0-9]+$/", $_POST['username']) == false) { $errors[] = 'Your account name can only contain characters a-z, A-Z and 0-9.'; }

There is a way to add this symbols here ? For account registration accepts all Kind of Symbols, ?;é:k'éà)p^$*&.+-

I Know the fastest Way is, at right instead of name > username, change it on name>email, same for email and same for else. But im using a Custom Client , it accept Name column from database, but it needs and email on this field, but also i use a normal client, and atm is with email for conection ( username ) so instead of email is username for conection, and for the custom is working with the email conection.

if ($config['ServerEngine'] !== 'OTHIRE') { $register_data = array( 'name' => $_POST['email'], 'password' => $_POST['password'], 'email' => $_POST['username'], 'created' => time(), 'ip' => getIPLong(), 'flag' => $_POST['flag'] ); } else { $register_data = array( 'id' => $_POST['email'], 'password' => $_POST['password'], 'email' => $_POST['username'], 'created' => time(), 'ip' => getIPLong(), 'flag' => $_POST['flag'] );

Znote commented 3 years ago

The preg_match function uses something known as "regular expression". You can just look up a regular expression generator online and modify the function to allow the symbols you care about.

kungen32 commented 3 years ago

So if im not wrong set to '.' matches all characters, '.' character will match any character without regard to what character it is. The matched character can be an alphabet, number of any special character.

Thanks for your help :)

Znote commented 3 years ago

Yes, although I wont recommend it. Opening up all characters will also loosen the security of the AAC, opening up more potential attack vectors for hackers that might not be properly accounted for. Especially when using custom pages/layouts that are not in this repository and maintained.

I would manually whitelist characters with something along the lines of this: ^[ A-Za-z0-9_@.\/\%\!#+-]*$ You can check regular expressions here: https://regex101.com/