[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: www bugs. Please read.
- To: "Administrative (website/upkeep) Discussions" <admin at arabeyes dot org>
- Subject: Re: www bugs. Please read.
- From: Nadim Shaikli <shaikli at yahoo dot com>
- Date: Tue, 25 Nov 2003 20:51:24 -0800 (PST)
--- Arafat Mohamed <biku at comcast dot net> wrote:
> On Wed, 19 Nov 2003 18:28:46 -0600
> Arafat Mohamed <biku at comcast dot net> wrote:
> > 1) refuse re-registration
> > 2) check for invalid chars at registration.
>
> Guys, especially Nadim,
Sorry for the delay - I've had a backlog of emails to get through.
> 1) Currently the registration process automatically assigns a username to new
> registrants. The only way to check if the user already exists is to verify
> against email (which the site currently does). Was there something else you
> had in mind for this?
>From a couple of conversations on IRC with various newbies that dislike
their usernames, I think it would be best to give the person registering
the option of selecting (or entering) his/her own username. If the username
is taken, then a prompt with suggestions or fall back to what is being done
today (ie. worst case scenario being first_letter_of_first_name + last_name +
last_2_digits_of_birth).
I'm guessing that some people had multi-registered with fake lastnames to
get the username they like. Just a hunch.
As for checking, email and username existence is more than sufficient.
Case in point, search for user 'Elaatifi' why does he have 2 accounts ?
We should not have allowed him to re-register and instead prompted him
to correct his already pre-existing account instead - I'm sure there
are others. In short, if the username exists and the first and last
names match what is in the database, then that's a clear hit and a new
account should not be created (do make sure that this is safe somehow
so that others can't kill people's accounts/etc).
> 2) Should I consider any character not alpha (a-z) invalid? What about
> hyphens for last names? Any other char you think is valid?
I'd go with strict ASCII. No dashes/slashes/etc and I would even bound
the names to some reasonable safe upper limit (say 30 characters or
something). So if someone comes in with last name of 'Al Insan' or
'Al-Insan' or 'Al_Insan' all should be 'alinsan' (no caps to ease life)
so as not to possibly let anyone run scripts or do anything funny.
Just my $0.02's worth.
Salam.
- Nadim
__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/