Special Chars in Usernames

p.s by the way, WordPress by default if i’m not wrong (and for this i say i will return over as soon with some answer) not allow the use of specific character for usernames: for example you can’t use into an username mynice’usern’ame because the char ‘ isn’t allowed as part of an username in WP. The integration require in fact as explained on procedure, that you not allow certain chars as usernames in phpBB because these are possible options in phpBB but not in WP. But as said i will return over this, that maybe i’ve misunderstand in the past.

p.s as i can (presumably within tomorrow) i will try as last chance to use wp filters
pre_user_login and pre_user_nicename
to see what happen and if wp will archive these values to be after suitable to use.

the problem is that you can also force to work wp with wp_w3all to login the user with not allowed chars as username, but after, seem to me that wordpress not recognize by the way the cookie, and not setup for him a valid session.
The plugin re-login the user each time in front end, and seem to work fine, but it isn’t, re-login each time the user, while loop in profile.php.
In change, wordpress refuse you to login via his wp-login form with unwanted chars: more … even if you have an apparent valid cookie in WP released under wp_w3all and you disable the plugin to test an user with a valid cookie and this kind of unwanted username, you’ll see that wordpress ignore the cookie, and the user is logged out.
Due to all the above at moment, and until no possible light about, the applied one is the “at max” solution.

ok andrey in the wild and with all that this imply … i’ve just go little more deep, and i’ve get the joke work.
Now, this may imply some security problem, so better in case do something like what i will explain after (and still not totally clear also to me). Just let before point you to:
how to add usernames in wordpress with wp_w3all, also with unwanted chars?
open wp_w3all.php
on bottom, just before the closing php tag
?>
add the follow:

function my_sanitize_user($user, $raw_user, $strict) {

    return $raw_user;
}
add_filter('sanitize_user', 'my_sanitize_user', 10, 3);

now open class.wp.w3all-phpbb.php
search for this code:

        if ( preg_match('/[^-0-9A-Za-z _.@]/',$phpbb_user_session[0]->username) ){
	          echo '<p style="padding:30px;background-color:#fff;color:#000;font-size:1.3em">Sorry, your <strong>registered username on our forum contain characters not allowed on this CMS system</strong>, you can\'t be added or login in this site side (and you\'ll see this message) until logged in on forums as <b>'.$phpbb_user_session[0]->username.'</b>. Please return back and contact the administrator reporting about this error issue. Thank you <input type="button" value="Go Back" onclick="history.back(-1)" /></p>';
           return;
         }

remove or comment out.
Now when an user from phpBB come as logged in phpBB and visit wordpress, is added with his full username, but if the user try to access profile, then the code will loop.
I’ve see that the reason is that the wp logged in cookie, in this case for an username like
a-z0-9_.\-@
store the cookie value as
a-z0-9_.\\-@
to resolve on the wild i’ve so open wp-includes/pluggable.php and search for
wp_validate_auth_cookie( function
and on it where code
$user = get_user_by('login', $username);
i’ve ADD just BEFORE this to test:
$username = stripslashes($username);
Now all work fine. You’ll see the user is logged and can now access to profile also, the cookie is recognized by wordpress.

All this in this state is a security risk.
1) the filter
add_filter('sanitize_user', 'my_sanitize_user', 10, 3);
not need to be used in this way, but now i know is possible to hook into.
Then could be possible apply this rule/code: before to accept the username input, check that this same exact username exists in phpBB, then you can be sure it is an user coming from phpBB and existent. Would be necessary to disable registration and login on WordPress also. ALso would be possible to use the filter to sanitize in the right way and work around the problem.

SO:

I’m now quite sure that yes can be achieved, of course, without going to edit the function wp_validate_auth_cookie( that is not necessary (this is just a test!) and a wild dangerous thing. It can be maybe safe in this way only if you let register/login users exclusively in phpBB side.
There are several hooks/filters that can be used, so i need to check how …
What this about security, in total, imply, still isn’t clear but i will ask to smart slack boys at this point …

• This reply was modified 7 years, 12 months ago by axew3.
• This reply was modified 7 years, 12 months ago by axew3.
• This reply was modified 7 years, 12 months ago by axew3.

before to finish another plugin example this morning, i can assume that this is the solution to your problem whenever it is needed:
usernames in wordpress with any character: the obscure way …
cheers!