Data validation on Birthdate and username?

[aquapyrofan]

Lately I've had some issues on my site with people either having malformed (as in, way too many slashes), improbable/impossible birth years (such as 1900 or 1003), and usernames with special characters (which probably won't validate against PMs and such properly). Is there any way to make sure the information they give is at least in the right format and/or the birth year is plausible before they sign up?

[Dinocanid]

I'm not too sure on the date checking, but you should be able to prevent special characters in usernames by adding this under "protected function usernamevalidate" in class_registervalidator.php:

PHP Code:

if(preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬-]/', $username)){

         $this->seterror("Your username cannot contain special characters!");

         return FALSE;

      } 


So it looks like this:

PHP Code:

protected function usernamevalidate($username = ""){
      // The username validator, note its a bit complicate here due to the different mechanism of username check for register and other validators
      $lang = Registry::get("lang");
      if(!$this->emptyvalidate($username)){
         $this->seterror("The field Username is Empty.");
         return FALSE;
      }
      if($username == "SYSTEM"){
         $this->seterror("Cannot use SYSTEM as username.");
         return FALSE;
      }
      if(preg_match('/[\'^£$%&*()}{@#~?><>,|=_+¬-]/', $username)){
         $this->seterror("Your username cannot contain special characters!");
         return FALSE;
      }
      $username = (empty($username))?$this->value['username']:$username;      
      $userexist = $this->datavalidate("users", array("username"), "username = '{$username}'");
      if($userexist == TRUE){
         $this->seterror($lang->user);
         return FALSE;
      }
      else return TRUE;
  } 


I haven't tried it, but I got the answer from here:
http://stackoverflow.com/questions/3...characters-php

EDIT: Thought I should say that this won't/can't do anything about users who already registered with special characters; only new ones.

[KatFennec]

The birthday is actually pretty simple.
You just need to drop

PHP Code:

elseif(preg_match('/[01]\d\/[0123]\d\/19\d\d|20[012]\d/', $birthday)){

         $this->seterror("Please enter your birthdate in the format provided.");

         return FALSE;

      } 


into the birthdayvalidate function in the same file.

EDIT:
It looks like I was wrong. You need to partially re-write the birthdayvalidate function like so:

PHP Code:

protected function birthdayvalidate($birthday = ""){
      $lang = Registry::get("lang");
      if(empty($this->value['birthday'])){
         $this->seterror($lang->birthday, TRUE);
         return FALSE;
      }
      if(preg_match_all('/[01]\d\/[0123]\d\/19\d\d|20[012]\d/', $birthday)){

         

         return TRUE;

      }
      else{
         $this->seterror("Please enter your birthdate in the format provided.");
          return FALSE;
      };
  }