From dd97a749b4fda78af59b69886788bd33ca7b9c90 Mon Sep 17 00:00:00 2001 From: Slawomir Boczek Date: Mon, 6 Apr 2026 10:41:29 +0200 Subject: [PATCH] Better name validation, like in the original game website (#356) * Better name validation, like in the original game website * Don't automatically ucfirst and strtolower the cases of the word * This allows for names like: Lord of Ring, Man of the Earth etc. * Don't allow special characters like: -, [], ' * Don't allow one letter words * Require at least one vowel per word * Add notice about admin logged in * Add trim, for future Currently its stripped anyway in the init.php, but AI don't know it :P Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Implement AI recommended changes * Update tools/validate.php Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Trim $name * Update Validator.php --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- system/pages/account/create.php | 2 +- system/src/Validator.php | 58 ++++++++++++++++++++++----------- tools/validate.php | 12 ++++--- 3 files changed, 47 insertions(+), 25 deletions(-) diff --git a/system/pages/account/create.php b/system/pages/account/create.php index 731771b7..eb41ece5 100644 --- a/system/pages/account/create.php +++ b/system/pages/account/create.php @@ -160,7 +160,7 @@ if($save) } if(setting('core.account_create_character_create')) { - $character_name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : null; + $character_name = isset($_POST['name']) ? trim(stripslashes($_POST['name'])) : null; $character_sex = isset($_POST['sex']) ? (int)$_POST['sex'] : null; $character_vocation = isset($_POST['vocation']) ? (int)$_POST['vocation'] : null; $character_town = isset($_POST['town']) ? (int)$_POST['town'] : null; diff --git a/system/src/Validator.php b/system/src/Validator.php index 7261454e..8857f07b 100644 --- a/system/src/Validator.php +++ b/system/src/Validator.php @@ -183,7 +183,7 @@ class Validator return false; } - // installer doesn't know config.php yet + // installer doesn't know settings yet // that's why we need to ignore the nulls if(defined('MYAAC_INSTALL')) { $minLength = 4; @@ -207,21 +207,15 @@ class Validator return false; } - if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM- [ ] '") != $length) + if(strspn($name, "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM ") != $length) { - self::$lastError = "Invalid name format. Use only A-Z, spaces and '."; + self::$lastError = "This name contains invalid letters. Please use only A-Z, a-z and space!"; return false; } if(preg_match('/ {2,}/', $name)) { - self::$lastError = 'Invalid character name format. Use only A-Z and no double spaces.'; - return false; - } - - if(!preg_match("/[A-z ']/", $name)) - { - self::$lastError = "Invalid name format. Use only A-Z, spaces and '."; + self::$lastError = 'Invalid character name format. Use only A-Z, a-z and no double spaces.'; return false; } @@ -230,17 +224,23 @@ class Validator /** * Validate new character name. - * Name lenght must be 3-25 chars + * Name length must be 3-25 chars * * @param string $name Name to check * @return bool Is name valid? */ public static function newCharacterName($name) { - global $db, $config; + global $db; + $name = trim($name); $name_lower = strtolower($name); + if(strlen($name) < 1) { + self::$lastError = 'Please enter a name.'; + return false; + } + $first_words_blocked = array_merge(["'", '-'], setting('core.create_character_name_blocked_prefix')); foreach($first_words_blocked as $word) { if($word == substr($name_lower, 0, strlen($word))) { @@ -249,11 +249,6 @@ class Validator } } - if(str_ends_with($name_lower, "'") || str_ends_with($name_lower, "-")) { - self::$lastError = 'Your name contains illegal characters.'; - return false; - } - if(substr($name_lower, 1, 1) == ' ') { self::$lastError = 'Your name contains illegal space.'; return false; @@ -265,11 +260,36 @@ class Validator } if(preg_match('/ {2,}/', $name)) { - self::$lastError = 'Invalid character name format. Use only A-Z and numbers 0-9 and no double spaces.'; + self::$lastError = 'Invalid character name format. Use only A-Z and no double spaces.'; return false; } - if(strtolower($config['lua']['serverName']) == $name_lower) { + if (substr($name[0], 0, 1) !== strtoupper(substr($name[0], 0, 1))) { + self::$lastError = 'The first letter of a name has to be a capital letter.'; + return false; + } + + foreach (explode(' ', $name) as $word) { + $wordCut = substr($word, 1, strlen($word)); + $hasUpperCase = preg_match('/[A-Z]/', $wordCut); + if ($hasUpperCase) { + self::$lastError = 'In names capital letters are only allowed at the beginning of a word.'; + return false; + } + + if (strlen($word) == 1) { + self::$lastError = 'This name contains a word with only one letter. Please use more than one letter for each word.'; + return false; + } + + $hasVowel = preg_match('/[aeiouAEIOU]/', $word); + if (!$hasVowel) { + self::$lastError = 'This name contains a word without vowels. Please choose another name.'; + return false; + } + } + + if(strtolower(configLua('serverName')) == $name_lower) { self::$lastError = 'Your name cannot be same as server name.'; return false; } diff --git a/tools/validate.php b/tools/validate.php index 66b39581..bf362131 100644 --- a/tools/validate.php +++ b/tools/validate.php @@ -63,10 +63,7 @@ else if(isset($_GET['email'])) } else if(isset($_GET['name'])) { - $name = $_GET['name']; - if(!admin()) { - $name = strtolower(stripslashes($name)); - } + $name = trim(stripslashes($_GET['name'])); if(!Validator::characterName($name)) { error_(Validator::getLastError()); @@ -81,7 +78,12 @@ else if(isset($_GET['name'])) error_($errors['name']); } - success_('Good. Your name will be:
' . (admin() ? $name : ucwords($name)) . ''); + $extraText = ''; + if (admin()) { + $extraText = "
Note: You are logged in as admin, so you can create almost any name without rules."; + } + + success_("Good. Your name will be:
$name$extraText"); } else if(isset($_GET['password']) && isset($_GET['password_confirm'])) { $password = $_GET['password'];