views:

243

answers:

4

Hi, for security reasons i want the users on my website not to be able to register a username that resembles their email adress. Someone with email adress [email protected] cant register as user or us.er, etc

For example i want this not to be possible:

tester -> [email protected] (wrong) tes.ter -> [email protected] (wrong) etc.

But i do want to be able to use the following:

tester6 -> [email protected] (good) etc.

//edit tester6 is wrong too. i ment user6 -> [email protected] (good).

Does anyone have an idea how to achieve this, or something as close as possible. I am checking this in javascript, and after that on the server in php.

Ciao!

ps. Maybe there is some jquery plugin to do this, i can't find this so far. The downside tho of using a plugin for this, is that i have to implement the same in php. If it is a long plugin it will take some time to translate.

//Edit again If i only check the part before the @ they can still use userhotmailcom, or usergmail, etc. If they supply that there email is abvious.

+3  A: 

Something like this?

var charsRe = /[.+]/g; // Add your characters here
if (username.replace(charsRe,  '') == email.split('@')[0].replace(charsRe, ''))
    doError();
Greg
+9  A: 

Typically, I use the Levenshtein distance algorithm to check whether a password looks like a login.

PHP has a native levenshtein function and here is one written in JavaScript.

Fabien Ménager
Hey, yes i have looked at this method before. It looks a but complicated, and i read it was used for spelling checks, so i skipped it, but i have a look at this link again. thank you
Saif Bechan
Awesome +1. If you include this in your answer -- http://phpjs.org/functions/levenshtein:463 -- it'll be more useful.
Yar
Well my answer ended up sucking... have a +1 :D
alex
A: 

If all you want is to disallow user names that vary from the email address only with periods (.), you can remove periods from the user name and compare it with email address.

//I don't know php - translating this pseudo code won't be hard

$email = "[email protected]"
$emailname = $email.substring(0, $email.indexOf('@'));
$uname = "som.e.on.e";
$uname = $uname.replace(/\./g, "");//regex matching a '.' globally

if($uname === $emailname)
  showInvalidNameErrorMessage();

Modified regex to prevent hyphens and underscores /[\-._]/g

Amarghosh
A: 

Well, I am a newbie PHP developer. But the answer I have in my mind is, wouldn't it be great if you just allow them to register only with their email address (which won't be shared with others) and then ask for their first name and last name separately and only show their first name within public contents (i.e. Blogs, etc). I am not an expert in programming and if I am wrong please correct me and still I couldn't understand what you by security for you. Sorry for the bad English, I am not a native English speaker.

khalil_kuk