My verification pattern is

/^[a-z\d]{1}[a-z\d.]{6,18}[a-z\d]{1}$/i

. In other words, users can choose a username with 8-20 alphanumeric characters and periods, where the first and last character has to be alphanumeric. The "test your pattern" function tells me that the verification pattern is correct, but when I log in as a non-admin user, I can change my username to anything I like.

Comments

q0rban’s picture

This is a bug in the form_alter, I believe. The only form that is being validated against is the user_register form.

q0rban’s picture

Status: Active » Needs review
StatusFileSize
new1.82 KB

Attached patch fixes it for me. I did a bit of refactoring here to get the affected code in line with drupal coding standards. Note, there is another permission to bypass any validation, so be sure no roles have that permission set.

q0rban’s picture

Title: Username validation ineffective when user is allowed to change username » Username validation only occurs on registration form
semei’s picture

Can this be commited?

lolandese’s picture

Priority: Major » Normal
Status: Needs review » Reviewed & tested by the community

Works as expected.

Note that the user should NOT have the permission 'Override custom username validation' to have validation or custom messages.

Thanks q0rban.

Off topic:
I used /^(?!(?:admin|node|user)$)[A-Za-z0-9_\.\-]{2,}$/ to have a username that:

  • does NOT allow the username 'admin', node' or 'user' as this conflicts with drupal paths if used as a first argument
  • does NOT allow spaces
  • allows only alphanumeric characters plus a dot, underscore or hyphen
  • must be minimum 2 characters.
lolandese’s picture

Issue summary: View changes

typo

webservant316’s picture

what is the conclusion here? I just noticed that my validation requirements are still bypassed when the user edits their existing username. The requirements are there for new registrations.

I am confused by #5 above. This does not seem to be working as expected. I am using 7.x-1.1.

webservant316’s picture

The patch in #2 worked fine for me.
Hey how about a commit and push dev to 1.2?

sprite’s picture

Issue summary: View changes

This problem can be fixed easily be editing line 224 of the custom_username_validation.module file to change the if statement as shown in the code below to include the:

user_profile_form

form.

function custom_username_validation_form_alter(&$form, &$form_state, $form_id) {
  if ($form_id == 'user_profile_form' || $form_id == 'user_register_form') {

Problem solved.

Hopefully the module author will make this change in the official code.

firewaller’s picture

StatusFileSize
new648 bytes

Attached it the simplified patch outlined above.

q0rban’s picture

Thanks for that, @sprite and @firewaller! Looking back, it appears the patch in #2 is identical in function, but adds some readability improvements. Either way the maintainer chooses should be fine. :)

Schneck’s picture

Hi everyone,

thanks for the patches, unfortunately, as stated in the module description, this project is not maintained any more and is seeking an new maintainer. I haven't been working with Drupal for some years.

If you're interested in taking over, please drop me a note.

- Stefan

Schneck’s picture

Quick note: Today, lolandese offered his help to maintain the module, and I thankfully added him as co-maintainer.

  • lolandese committed 894aa02 on 7.x-1.x authored by q0rban
    Issue #1823428 by q0rban, firewaller: Username validation only occurs on...
lolandese’s picture

Version: 7.x-1.1 » 7.x-1.x-dev
Status: Reviewed & tested by the community » Fixed

Thanks for adding me.

James, thanks for your contribution.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.