Allowing Caps in usernames etc

Hello

I want to allow caps & numbers in the usernames. I tried this plugin “Restrict Usernames Emails Characters” which works really well but created an issue with my Pro Sites URL registration links removing the dots (.) from the sites URL so it would look like this (theirsitemysitecom) instead of like this (theirsite.mysite.com) and I would need to go into the sites settings to fix it.

It took me while to find the plugin that was causing the issue and it had to be one I really need/like.

I have looked for others but they all out of date in their updates so not compatible at all.

Would anyone know of a solution to allow characters, caps and numbers in usernames please.

Cheers

  • Adam Czajczyk
    • Support Gorilla

    Hello Philippe

    I hope you’re well today and thank you for your question!

    The numbers should already be allowed – by default both WordPress and ProSites plugin do allow them. However, capital letters (upper case) is indeed something that’d need to be addressed.

    I tried some “plugin” solution but to no luck and I think apart from WP there might also be some additional sanitization in ProSites itself, though I’m not sure about that.

    I need to consult that with our developers so I’ve already passed the question to them and am awaiting response. Please keep an eye on this ticket and we’ll update you here as soon as we get to know more bout possible solution.

    Best regards,

    Adam

  • Adam Czajczyk
    • Support Gorilla

    Hello again Philippe

    It’s me again :slight_smile: I forgot to write that in my previous post:

    Since this seems to be related to our Pro Sites plugin I took a liberty of moving your ticket from the Members forum to our Support forum and assigning it to the Pro Sites plugin. This way we can include developers in the case and, hopefully, help you better.

    I hope that’s fine for you? But if you want me to move it back to the Members Only forum, just let me know, please, and I’ll do it right away.

    Best regards,

    Adam

  • Konstantinos Xenos
    • Rubber Duck Debugger

    Hey Philippe ,

    WordPress Multisite disallow the usage of uppercase lettering since most likely the site that will be created will have the username as well and it would be a problem to have an uppercase subdomain/subsite. That’s just to understand why it’s by default not available as an option from core itself.

    To “bypass” this you can add this mu-plugin to allow uppercase letters as well within usernames by ‘tricking’ the registration process.

    How to install:

    Always make sure to keep a backup of your site before changing/adding custom code.

    1] Navigate to your /wp-content/ directory and create a new one named mu-plugins if it doesn’t exist.

    2] In the mu-plugins folder create a file named allow-uppercase.php and edit it.

    3] Copy this code and paste it into the .php you created.

    <?php

    add_action( 'init', 'remove_automatic_lowercase_signup' );
    function remove_automatic_lowercase_signup() {
    remove_action( 'sanitize_user', 'strtolower' );
    }

    add_filter( 'wpmu_validate_user_signup', 'allow_uppercase_usernames_mu' );
    function allow_uppercase_usernames_mu( $result ) {
    if ( ! is_wp_error( $result['errors'] ) ) {
    return $result;
    }

    $username = $result['user_name'];
    $new_errors = new WP_Error();
    $errors = $result['errors'];
    $codes = $errors->get_error_codes();

    foreach ( $codes as $code ) {
    $messages = $errors->get_error_messages( $code );

    if ( 'user_name' === $code ) {
    foreach ( $messages as $message ) {
    if ( __( 'Usernames can only contain lowercase letters (a-z) and numbers.' ) === $message ) {
    preg_match( '/[A-Za-z0-9]+/', $username, $maybe );

    if ( $username !== $maybe[0] ) {
    $new_errors->add( $code, $message );
    }
    } else {
    $new_errors->add( $code, $message );
    }
    }
    } else {
    foreach ( $messages as $message ) {
    $new_errors->add( $code, $message );
    }
    }
    }

    $result['errors'] = $new_errors;

    return $result;
    }

    4] Save and close the file.

    5] In your Network -> Plugins you should see a Must-Use plugin as well and everything should work automatically after that.

    Tell me if you need further help!

    Regards,

    Konstantinos

  • Philippe
    • Flash Drive

    Which Roles issue are you referring to, is this something from another ticket of yours?

    My role issue is sorta complex as I have every member roles accounted for when it comes to following a member from one network sub-site to another all except the actual site admin when they create a site.

    Firstly: I need to change the default admin role assigned a newly registered site owner gets as this (admin) role connects them top my admin role as the main site owner and I want to remove that possibility/risk and create an admin role just for new site owners. This I think should be doable through/from the Pro Sites plugin as it must have something in their telling it which roles to be allocated once the site has been verified or along those lines

    Secondly: the reason for the above mentioned is that since I have roles setup to follow the user on every site with ability to have multiple roles allowing for plugins that come with new roles, my problem is the current ADMIN role also follows the site owner from site to site meaning they all have access to every other sites back end including mine.

    This is just not one.

    My only solution I can think of is 1 of 3 things and they both may need to be custom work (I do realise that) but if it needs to be then so be it but it can’t stay the way it is currently.

    1. Pro Sites code is amended to only allow a specific role specified by me other than admin upon registering a new site which will give them admin access but can be setup so it is site specific only using an additional code that follows the role.

    2. I could create a new role for each individual new site owner only giving them access to that site only but creates quite a numerous amount of roles in the future.

    3. somehow only allowing the new site owner to use that membership for that site only restricting them from being logged into other sites using the same login details meaning each site owner would need 2 accounts if they choose to register/enter as a member into other sites.

    Unless someone knows any other simpler options then please help me with one of these options as I can’t allow anyone to register a site till this problem is fixed.

    Cheers

  • Adam Czajczyk
    • Support Gorilla

    Hello Philippe

    Thank you for the explanation.

    If I may ask for future: it would be best if you could create separate tickets for separate issues that are not really related (like here: the user roles is not related to use of upper/lowercase letters). This would help us help you better :slight_smile: But since we are already here, let’s continue here :slight_smile:

    By default a user that registers on your Multisite and creates a site, gets an “admin” user role only for that site that he/she created – not for any other sites, including the main site. Pro Sites doesn’t change it either and the only site that user should have an “admin” role would be the one that user owns/created. If they got admin role on other sites, that is either because such role was manually granted to them or there is some plugin or code that does that. But it should not be happening “out of the box”.

    If I understand correctly, that does happen on your setup though: a user that registers via Pro Sites for his/her new site gets that site and admin role on that site but also gets an admin role on the main site and any other site on the network – is that right?

    If yes, that’s not an expected and correct behavior and I’d rather say it’s either some sort of mis-configuration or some unexpected/not-discovered-yet bug.

    That being said

    – can you tell me if you got any additional “custom codes” used on site, especially related to: user account creation/processing, site creation and/or Pro Sites? If so, could you share that code along with explanation what it’s supposed/expected to be doing?

    – would you mind enabling support access to the site so I could take a closer look there? To do so, please go to the “Network Admin -> WPMU DEV -> Support” page in your site’s back-end and click on “Grant support access” button there, then let me know here once it’s done.

    Best regards,

    Adam

  • Philippe
    • Flash Drive

    If I understand correctly, that does happen on your setup though: a user that registers via Pro Sites for his/her new site gets that site and admin role on that site but also gets an admin role on the main site and any other site on the network – is that right?

    Yes it is happening 100% with every registration but I think I may have just found the problem at long last.

    I just tested a newly registered site and it seems to have worked.

    But this leads me to my original dilemma that roles don’t follow the users from site to site.

    I had the Multisite User Sync plugin active which doesn’t have a admin setting but instead works in the background once installed which is why I kept missing it from my admin settings. What it does is automatically makes a role follow that member from site to site and I knew this was the problem with the admin for new sites and my quest was finding a work around for it.

    I never once said pro sites was the cause of the issue but instead the pro sites code to be customised to make it work the way I need it to.

    As for custom code: no I do not have any.

    It’s 2am in the morning here right now so I am off to bed and will do more testing tomorrow on this then.

    As for access I have allowed access for you if your still interested, Just please if deactivating plugins I have many which are not network activated but activated on individual sites.

    Will update here as soon as I check this out more.

    Cheers

  • Adam Czajczyk
    • Support Gorilla

    Hi Philippe

    Thanks for getting back to me and for additional explanation.

    I did access your site now just to check that Mulsite User Sync plugin that you mentioned (I made no changes to the site whatsoever, only looked at the plugin list) and I think you’re completely right about it being the culprit here.

    As its description says:

    Multisite User Sync will automatically synchronise users to all sites in multisite. Roles of users will be same on everysite. If Role change in one site it will also synchronise to all site. If new user/site created it will also add to all site/users.

    So yes, as far as I understand this, it means that if a user is registered on one sub-site and goes to another one, he/she automatically becomes the user of that other sub-site with the same user role he originally has. So, if a user creates a site he/she obviously gets an admin role for that site – therefore if goes to another site, the plugin automatically makes him/her an admin on that other site too.

    I suppose the plugin can be useful in some cases but not really on such kind of setup where users can sign up for their own sites. I can see that you got Join My Multisite installed and that seems to be a better choice as it’s maybe not “that automated” but if I remember correctly it at least allows you to actually define the default role of a user on “per site” mode :slight_smile:

    Best regards,

    Adam

    • Adam Czajczyk
      • Support Gorilla

      Hi PowerQuest

      You could replace this line

      preg_match( '/[A-Za-z0-9]+/', $username, $maybe );

      with this one

      preg_match( '/.*/', $username, $maybe );

      in the code from this post above:

      https://premium.wpmudev.org/forums/topic/allowing-caps-in-usernames-etc#post-1371269

      This should allow all possible characters but I’ve never tried that in a production environment so I’m not quite sure how will WordPress “react” to this in a long run. I mean, it will allow these characters but I’m not sure if it won’t cause some additional unexpected issues in future. There’s also a serious downside: allowing all characters means getting rid of fundamental data sanitization so in m opinion that would make the site more prone to SQL injection attacks.

      Best regards,

      Adam

  • PowerQuest
    • Syntax Hero

    Hi Adam Czajczyk :smile:

    Thank you so much!

    Well quote:

    There’s also a serious downside: allowing all characters means getting rid of fundamental data sanitization so in m opinion that would make the site more prone to SQL injection attacks.

    You are right!

    That is a heavy argument for serious consideration indeed which should not be taken lightly. SQL injection attacks is some serious stuff for sure!

    As always: appreciate very much your help and advise.:thumbsup::smirk:

    By the way when we are on talking security too; I found this script code snippet that restricts allowed users name to be registered:

    //WordPress Username Restrictions
    function sozot_validate_username($valid, $username) {
    $forbidden = array('directory', 'domain', 'download', 'downloads', 'edit', 'editor', 'email', 'ecommerce', 'forum', 'forums', 'favorite', 'feedback', 'follow', 'files', 'gadget', 'gadgets', 'games', 'guest', 'group', 'groups', 'homepage', 'hosting', 'hostname', 'httpd', 'https', 'information', 'image', 'images', 'index', 'invite', 'intranet', 'indice', 'iphone', 'javascript', 'knowledgebase', 'lists','websites', 'webmaster', 'workshop', 'yourname', 'yourusername', 'yoursite', 'yourdomain');
    $pages = get_pages();
    foreach ($pages as $page) {
    $forbidden[] = $page->post_name;
    }
    if(!$valid || is_user_logged_in() && current_user_can('create_users') ) return $valid;
    $username = strtolower($username);
    if ($valid && strpos( $username, ' ' ) !== false) $valid=false;
    if ($valid && in_array( $username, $forbidden )) $valid=false;
    if ($valid && strlen($username) < 5) $valid=false;
    return $valid;
    }
    add_filter('validate_username', 'sozot_validate_username', 10, 2);

    function sozot_registration_errors($errors) {
    if ( isset( $errors->errors['invalid_username'] ) )
    $errors->errors['invalid_username'][0] = __( 'ERROR: Invalid username.', 'sozot' );
    return $errors;
    }
    add_filter('registration_errors', 'sozot_registration_errors');

    From this website:

    https://sozot.com/wordpress-username-restrictions-without-a-plugin/

    Maybe something other WPMU DEV members could be happy for to secure their system with..?!

    Kind regards

    PowerQuest

  • PowerQuest
    • Syntax Hero

    Here is a a little improved version by me of the above original script as a MU-plugin:

    <?php
    /**
    * Plugin Name: WPMU | Restrict registered users names.
    * Plugin URI: https://sozot.com/wordpress-username-restrictions-without-a-plugin/
    * Description: This MU-plugin restricts what usernames that can be used to register with by en-users. Basically, there’s a list of forbidden terms that you can easily expand. It also queries the list of pages and forbids usernames that match page names.
    * Author: Andy Sozot
    * License: GNU General Public License v3 or later
    * License URI: http://www.gnu.org/licenses/gpl-3.0.html
    */

    // Basic security, prevents file from being loaded directly.
    defined( 'ABSPATH' ) or die( 'Cheatin’ uh?' );

    function sozot_validate_username($valid, $username) {
    $forbidden = array('directory', 'domain', 'download', 'downloads', 'edit', 'editor', 'email', 'ecommerce', 'forum', 'forums', 'favorite', 'feedback', 'follow', 'files', 'gadget', 'gadgets', 'games', 'guest', 'group', 'groups', 'homepage', 'hosting', 'hostname', 'httpd', 'https', 'information', 'image', 'images', 'index', 'invite', 'intranet', 'indice', 'iphone', 'javascript', 'knowledgebase', 'lists','websites', 'webmaster', 'workshop', 'yourname', 'yourusername', 'yoursite', 'yourdomain');
    $pages = get_pages();
    foreach ($pages as $page) {
    $forbidden[] = $page->post_name;
    }
    if(!$valid || is_user_logged_in() && current_user_can('create_users') ) return $valid;
    $username = strtolower($username);
    if ($valid && strpos( $username, ' ' ) !== false) $valid=false;
    if ($valid && in_array( $username, $forbidden )) $valid=false;
    if ($valid && strlen($username) < 5) $valid=false;
    return $valid;
    }
    add_filter('validate_username', 'sozot_validate_username', 10, 2);

    function sozot_registration_errors($errors) {
    if ( isset( $errors->errors['invalid_username'] ) )
    $errors->errors['invalid_username'][0] = __( 'ERROR: Invalid username.', 'sozot' );
    return $errors;
    }
    add_filter('registration_errors', 'sozot_registration_errors');

    Here is a suggested listed of banned usernames too! :thumbsup:

    http://blog.postbit.com/reserved-username-list.html

    Cheers! :smirk:

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.