PDA

View Full Version : Blocking Usernames in ASP VB

sladmin
09-05-2007, 02:34 PM
Hey,

I'm currently trying to block certain usernames that try and sign up to my website. Obviously usernames such as 'administrator' and 'admin' are not allowed. :ninja:

I wrote this IF statement but the only problem with it is that it only blocks one word. I can't seem to be able to use more than one word for one statement. Of course I could use multiple statements but that would just take ages and would slow down the loading times of the webpage.

<% IF request.Form("Username") = "admin" then
session("UsernameBlock") = "That username is not allowed" & Response.redirect("/register/signup.asp")
End IF
%>I could do this...

<% IF request.Form("Username") = "admin","administrator" then
session("UsernameBlock") = "That username is not allowed" & Response.redirect("/register/signup.asp")
End IF
%>Any ideas how I could use multiple usernames?

Thanks,
siphilp
09-05-2007, 02:48 PM
you could put all the nicknames in a xml file or a sep datatable. Do a compare and if found return true else false?
sladmin
09-05-2007, 02:54 PM
Thanks for the reply Simon,

Do you basically mean search a table which has a 'blacklist' of names then search the contents of the table with the value in "Username"?
siphilp
09-05-2007, 02:59 PM
yes, means that it's scalable and you don't need tonnes of if statements. I would also make it that the username is .ToLower and store the usernames in lower case to :)

EDIT: Make sure that you check for sql injections depending on how you do the compare :S

Hope this helps

Si
sladmin
09-05-2007, 03:33 PM
ok thanks Simon. That make sense :)

Just a quickie, is it possible to lock part of the ASP code for use in templates? Thing is when I changed the dynamic content in my template it won't update the rest of the pages. I'm using dreamweaver 8.

Thanks,
Ben Collier
09-05-2007, 06:40 PM
It's a bit dodgy but for a quick workaround you can simply register all the usernames yourself that you want to block!

Handy if you're in a rush!

Ben
sladmin
09-05-2007, 10:48 PM
It's a bit dodgy but for a quick workaround you can simply register all the usernames yourself that you want to block!


lol that would bump up the member numbers :whistle:
pureinfinity
07-06-2007, 06:10 PM
you could always do an instr check against a list of usernames and if it exists then return a message to say please select another

eg.

usernames = "admin, administrator, user, superuser"
pos=instr(usernames, request.form("username"),1)
if pos > 0 then
session("UsernameBlock") = "That username is not allowed" & Response.redirect("/register/signup.asp")
else
Response.redirect("/register/complete.asp")
end if

this is the only real way of doing it without checking a table.

Easier in .NET you could just have a text file with all the unregisterable users and do a comparison on the text file from the username entered.