View Full Version : Illegal Username Characters?
August 13th, 2008, 10:10 AM
I use vBulletin integration and I'm wondering if there are any limitations on the type of characters that can be used in usernames? I currently have users with '&' in their names, but for some reason they cannot login, despite typing the right passwords. I have confirmed this on my own.
Is this a limitation that I'm unaware of or a bug?
August 13th, 2008, 10:20 AM
Do you mean they cant login to vbulletin or cant login to photopost? If your using vb integration the login prompt is vb's
Please explain your issue a little more indepth.
August 13th, 2008, 10:27 AM
I use the vbulletin registration, which works, but I use the photopost login page for logging in. authenticate() is returning false for valid logins (with &)
August 13th, 2008, 10:29 AM
If I log in directly to the forums, it works fine.
August 13th, 2008, 10:51 AM
Interesting so how is the username stored in your database?
August 13th, 2008, 11:05 AM
hmmm... it's stored as 'a&a' (for a&a)
this might be going somewhere...
August 13th, 2008, 11:08 AM
Okay try this in vb3.php add the line in bold around line 22
$authuser = htmlspecialchars($authuser);
if ( $userid != 0 )
August 13th, 2008, 01:34 PM
SELECT userid,username,email,password,usergroupid,timezoneoffset,salt,lastactivity,membergroupids FROM vb_user WHERE username='a&a'
in get_userinfo, the above line is executed and returns no results, but if i do a straight query on the database with that exact code, then it selects fine..
August 13th, 2008, 02:21 PM
What happens when you use this code?
please email us ftp url login and photopost url login and if possible database logins to support at photopost dot com
August 13th, 2008, 02:32 PM
I think that code you gave me fixed it... I was double encoding the authuser.. so i took out the encoding in typecast (its simply a trim) and I added the htmlspecialchars to get_userinfo...
That seemed to have fixed the problem.
August 13th, 2008, 02:34 PM
ah okay no problem figured it would work thats why I asked for info as I would not understand why it would not work based on what you have told me ;)
August 13th, 2008, 02:42 PM
yes, its odd to me why in the first place that vbulletin stores users with special chars as the html.... thats how it seems to be right? (but at the same time it doesn't encode passwords before they are md5'd and compared.)
other then that, thanks for the help at squashing the bug! boy that was annoying...
August 13th, 2008, 03:37 PM
How vb stores the username is up to them really I have seen it both ways in software.
Not a problem glad to assist
vBulletin® v3.8.1, Copyright ©2000-2014, Jelsoft Enterprises Ltd.