Do not allow any characters other that a-z, A-Z, 0-9, and hyphen in usernames. Doing otherwise will likely cause you major problems, because you cannot use "just any character you like" in a URL. See RFC 3986. You will also run into trouble with browsers using the wrong directory addresses to access images, css, and js files if you allow slashes in the username.

Your "sign-up for an account script" should enforce this rule in order to avoid the 404 errors, and your mod_rewrite rule should be

RewriteRule ^([a-z0-9\-]+)?$ index.php?user=$1 [NC,L]

If you wish to ignore this warning, then see the regular-expressions tutorial cited in our Forum Charter; I cannot in good conscience tell you how to change your rule's regex pattern in a way that risks the correct operation and possibly the security of your site.

Jim

Hello...Thanks for that....I'll probably take your advice and replace all those usernames which are fullstops with hyphens....

I had a second question to a similar issue..

www.domain.com/index.php?info=[URL GOES HERE]
Example
www.domain.com/index.php?info=site.com

I want it so that instead of having to type that up...You only have to type

www.domain.com/[URL GOES HERE}
Example
www.domain.com/site.com

If I want to make something like that that will show some information about the entered site - would there still be a security risk for that too? Else how would I go about doing it.

Thanks!

You really can't do that either. Ecah part of a URL *means* something, and is delimited by certain *special* characters. So you cannot just put any character you want anywhere in a URL. If you want to put a URL into the URL-path of a URL --the part after "http://www.example.com/" and before "?query-here", then you must convert all of these special characters to their URL-encoded form. For example a "/" must be encoded as "%2f". The you have to provide a mechanism (usually a script) on the server to un-encode those characters.

Again, I suggest you spend some time with RFC3986 and "learn the rules" about what characters can be used where in URLs. You will then appreciate the reasons I'm telling you not to try to put reserved characters in your URLs.

In this case, the easy method is to leave the URL in the query string, where the restrictions are quite a bit more relaxed.

Jim

Thanks alot jim! Sorry I'm new to all this website stuff...I have to learn alot of this for a project :D.

One final try ^^ ( I know I'm a nuisance, Just trying to find alternatives)

I understand what you mean about the special characters...

I'm using this:
<iframe src="http://www.<?php echo $_GET['info']; ?>"> </iframe>

So when you go to mysite.com/?all=webmasterworld.com
then webmasterworld.com appears in the iframe...

All I'm trying to do is get rid of the ?all= part
so that its like mysite.com/webmasterworld.com

I don't need anything after webmasterworld.com e.g
I don't need the rest of the url like "http://www.webmasterworld.com/apache/4083131.htm"

Sorry if I'm being confusing but I'm really lost.

Thanks a ton Jim!

Do you have any subdirectories on your server" If not, do you plan to?

If so, you will need some way to distinguish between a request for a physical subdirectory, and a request for iFrame contents. Otherwise, some SE robots may come by looking for your privacy policy in /w3c/p3p.xml, and your code will rewrite that to http://w3c/p3p.xml and your iFrame will then show a DNS lookup failure.

Again, the coding is trivial, but you're not looking at the potential side-effects of these ideas.

It's late, so there may be a missing or extra parenthesis in this, but it's supposed to accept anything that looks like a domain, and rewrite it to your script. Unfortunately, "robots.txt" and "index.php" also look somewhat like domain names...

RewriteRule ^(([a-z0-9][a-z0-9\-]*[a-z0-9]\.)+([a-z]{2,6}|co\.[a-z]{2}))$ /?all=$1 [L]

So, you'll have to add *something* to the path in order to differentiate between "real" filenames and domain names, in this case, "show/" ahead of the domain name:

RewriteRule ^show/(([a-z0-9][a-z0-9\-]*[a-z0-9]\.)+([a-z]{2,6}|co\.[a-z]{2}))$ /?all=$1 [L]

Jim