I didnt see the $badwords variable inside that function (I may have missed it, bleeding eyes from lots of code ;). So I'm assuming that you have something like -

$badwords = 'green¦vegetables¦exercise'; // ;)
function checkUsername($username) {
..
}

If this is what you have then you can either place the $badwords variable inside the function block, or use the global word to make the $badwords variable global.

$badwords = 'green¦vegetables¦exercise';
function checkUsername($username) {
global $badwords;
..
}

Have a look at variable scope [php.net]

You also left in the real version of the words in your code...although I dont think that many people are going to be surprised at the language (this is supposed to be for webmasters, so I'm going to assume people are older than about 12 and therefor already know all of those words). In fact it may well be more educational to leave it in so people can see what you are blocking. As if someone is searching for a badword blocking script its not going to help blocking a load of *'s after all ;)

last time i had left the badwords in (back when i was first making my badwords function, the original one, and i was warned by a mod, and my post had to be verified, so i didn't bother leave it.

edit//
eek if you look up at my first post you will notice i accidentally copied the next function from my file "//Check for Badwords"
and the editing time is up, anyways anyone who wants to see my badwords function just look up -.-'

also, thanks a lot for telling me about global, i had never done anything like this before, i have a feeling its going to work, working on it now.

thanks in advanced!

/// THIS IS A NEW POST, OK!

i tried the global like this...

function checkUsername($username) 
{
$errors = array(); 
global $badwords;

so i put it at the top of my function how i saw on the php.net site.
but not only some badwords actually make the function kick in, like i type in the username "fu**" without the stars and its coming up as a valid username! then i tried "bit**" and that came up as bad, its weird, i also then tried "myas*" (i only added the my because username requires 4 letters or more..) and that also came up as a valid username! i dont know whats wrong its messed up. anyways heres my $badwords which is at the top of my functions.php file, and here is my eregi

sorry about the badwords, but it is for educational purposes :)

badwords

$badwords = "\"fuc?k¦[kc]unt¦ar[zs]e?hole?¦a[sz]?[zs]hole?¦face$¦pi[zs]?[zs]¦#*$!¦wank¦pric?k¦to[zs]?[sz]er¦#*$!¦vaginer¦pu[zs]?[zs][yi]¦mo?oke?[iy]¦bit?ch¦bar?[sz]tar?d¦s[kc]rew¦bal?l[sz]¦bol?lo[kc]?[ck][zs]¦gonads?¦mole[zs]ter¦mole[sz]t¦pen[iu][sz]¦anu[sz]¦coc?k¦cum¦dic?k¦head$¦(you )¦( you )¦(u )¦( u )¦( of?f$)¦( of?f )¦[asz]{3,}\"";

(please tell me if i can find a better ereg for badwords.)

and here is my complete function..

function checkUsername($username) 
{
$errors = array(); 
global $badwords;
$username = stripslashes($username);
if (strlen($username) < 1){ // if the username is 0 characters long then it tells you its empty!
 $errors[] = "You left the username field empty!";
}
else{
if (eregi('^[[:alnum:]\?\!\-\_\'\-]', stripslashes(trim($username)) )) {//must be 4-12 letters/chars long .?! - _ ' all aloud + nums and letters
$user = mysql_real_escape_string($username);
  $query_usernamecheck = "SELECT username FROM hfs_users WHERE username = '$username'";
  $result = @mysql_query($query_usernamecheck);
  $num_samename = @mysql_num_rows($result_usernamecheck);  
  if ($num_samename> 0) { //checks if anyone is using this name
   $errors[] = "This name is not availible.";//error message if someones using name
}
  else {
if (strlen($username) < 4){
$errors[] = "Username must be atleast 4 characters in length!";
}
else
{
if (strlen($username) > 12){
$errors[] = "Username can not be more than 12 characters in length!";
}
else
{
$check= eregi($badwords, $username);
if ($check) { 
$errors[] = "Usernames are not aloud to contain foul language.";
}
else
{
$user = mysql_real_escape_string($username);
  $query_blockedname = "SELECT username FROM hfs_blockedname WHERE username = '$username'";
  $result_blockedname = @mysql_query($query_blockedname);
  $num_blockedname = @mysql_num_rows($result_usernamecheck);  
  if ($num_blockedname> 0) {
$errors[] = "The username you entered is not aloud.";//error message if name is put in unacceptable list
}}}}}}
   else {
   $errors[] = "You're username must contain only letters, numbers and the following characters: .?! - _";
  }}
if(!empty($errors)){ return $errors; } 
return false; 
} 

PLEASE HELP!

[edited by: GamingLoft at 2:59 am (utc) on Feb. 8, 2008]

If your function is working some of the time then I would have a check of your regex.
You may want to break it down so that you test each bit at a time. So split it into each of the segments you have put together to make you long expression then check to see if each works.

Although this may not help with the actual problem that you are facing you could make you code easier to read by using an array.

$badwords = array('green', 'vegetables');
foreach ($badwords as $word) {
$check = eregi($word, $username);
if ($check) {
$error[] = "Usernames are not aloud to contain foul language.";
}
}

This should make it a little easier to check your code, as you can just add a new element to the array and check that.

I PRETTY MUCH REWROTE MOST OF MY THING, NOT REALLY BUT IT WORKS A LOT DIFFERENTLY!

ok, i took out most of my else statements except for one, because i want my users to know all of the errors that the entered username had, not just the first error that is found...

<u>PROBLEM 1:</u>
so i made it so if it was empty than no other errors would come up (so the one that checks if its under 4 characters wont come up..)

alright so i added a else statement after that, but it did nothing! when the name is empty it still says "Username must be atleast 4 characters in length!" after the "You left the username field empty!"

<u>PROBLEM 2:</u>
"Usernames are not aloud to contain foul language." comes up no matter what and i cant figure out why!

here is my function... also i have a array at the top of my file for $badwords...

function checkUsername($username) 
{
$errors = array(); 
global $badwords;
$username = stripslashes($username);
if (strlen($username) < 1){ // if the username is 0 characters long then it tells you its empty!
 $errors[] = "You left the username field empty!";
}
else{
if (!eregi('^[[:alnum:]\?\!\-\_\'\-]', stripslashes(trim($username)) )) {//must be 4-12 letters/chars long .?! - _ ' all aloud + nums and letters
$errors[] = "You're username must contain only letters, numbers and the following characters: .?! - _";
}
$user = mysql_real_escape_string($username);
 $query_usernamecheck = "SELECT username FROM hfs_users WHERE username = '$username'";
 $result = @mysql_query($query_usernamecheck);
 $num_samename = @mysql_num_rows($result_usernamecheck); 
 if ($num_samename> 0) { //checks if anyone is using this name
  $errors[] = "This name is not availible.";//error message if someones using name
}
}
if (strlen($username) < 4){
$errors[] = "Username must be atleast 4 characters in length!";
}
if (strlen($username) > 12){
$errors[] = "Username can not be more than 12 characters in length!";
}
foreach ($badwords as $bword) {
if (eregi($bword, $username)) { 
}}
$errors[] = "Usernames are not aloud to contain foul language.";
$user = mysql_real_escape_string($username);
 $query_blockedname = "SELECT username FROM hfs_blockedname WHERE username = '$username'";
 $result_blockedname = @mysql_query($query_blockedname);
 $num_blockedname = @mysql_num_rows($result_usernamecheck);
 if ($num_blockedname> 0) {
$errors[] = "The username you entered is not aloud.";//error message if name is put in unacceptable list
}
if(!empty($errors)){ return $errors; } 
return false; 
} 

[edited by: GamingLoft at 10:42 pm (utc) on Feb. 8, 2008]

Here is an adjusted version of the code that you posted. It is starting to go a little object orientated, but it means that you can use an if/elseif/else list to run through your checks.

function checkBadLanguage($username) {
global $badwords;
foreach ($badwords as $bword) {
if (eregi($bword, $username) {
return true; // true as there is a bad word
}
else {
return false; // false as there is no bad word
}
}
}
function checkAlreadyRegistered($username) {
$username = mysql_real_escape_string($username);
$query_usernamecheck = "SELECT username FROM hfs_users WHERE username = '$username'";
$result = @mysql_query($query_usernamecheck);
$num_samename = @mysql_num_rows($result_usernamecheck);
if ($num_samename!= 0) {
//!= 0 will add this error if there is a problem, or that name is already taken
return true;
}
else {
return false;
}
}
function checkBlockedList($username) {
$username = mysql_real_escape_string($username);
$query_blockedname = "SELECT username FROM hfs_blockedname WHERE username = '$username'";
$result_blockedname = @mysql_query($query_blockedname);
$num_blockedname = @mysql_num_rows($result_usernamecheck);
if ($num_blockedname!= 0) {
//!= 0 for same reason as the above elseif block
return true;
}
else {
return false;
}
}
function checkUsername($username) {
$errors = ''; //array();
$username = trim($username); // remove spaces from $username 
if (get_magic_quotes_gpc()) { // more portable
$username = stripslashes($username);
}
// START CHECKS
// check length of $username
if (empty($username)) { // donesnt allow 0 as a user name
$errors = "You left the username field empty!";
return $errors;
}
elseif (strlen($username) < 4){
$errors = "Username must be atleast 4 characters in length!";
return $errors;
}
elseif (strlen($username) > 12){
$errors = "Username can not be more than 12 characters in length!";
return $errors;
}
// check name contains only correct characters
elseif (!eregi('^[[:alnum:]\?\!\-\_\'\-]',$username)) {
$errors = "You're username must contain only letters, numbers and the following characters: .?! - _";
return $errors;
}
// check for bad language
elseif (checkBadLanguage($username)){
$error = 'Usernames are not allowed to contain bad language';
return $errors;
}
// checks if anyone is using this name
elseif (checkAlreadyRegistered($username)){
$errors = "This name is not available.";
return $errors;
}
// checks if username on blocked list
elseif (checkBlockedList($username)){
$errors = "The username you entered is not aloud.";
return $errors;
}
// FINISHED CHECKS
else {
// to get through to here none of the other blocks should have been used.
return false;
} // end if, elseif, else checking blocks.

So the return values for your checkUserName will be either -
false if there are no errors
or an error message, if there are any errors.
The return statement will stop the code as soon as it has to return, so you shouldnt need an array for the errors, as each error will be returned when it is encountered.

You may want to adjust that so all of the checks are run through first then they get a list of there errors.

Hopefully that will work for you.

ok i got my code to work, the one you posted was just way to long and complicated for me to even understand. + i didnt want to bother you asking what every thing ment so i fixed my own.

everything is working fine but im wondering how do i setup my eregi to only find the first badword in the name.

cuz if i entered a name like "badword1-Badword2" the error

"Usernames are not aloud to contain foul language.
Usernames are not aloud to contain foul language."

would come up, now i only want this to come up once, so i believe that if i make my eregi find only the first coincidence of a badword in the name this will correct the problem, but i forget how to do that and i've search all afternoon :/

heres my eregi...

global $badwords;
foreach ($badwords as $bword) {
if (eregi($bword, $username)){

$errors[] = "Usernames are not aloud to contain foul language.";}}

i think i might have to use something else other than ereg, please help.

Humm...It would be easy if your bad words were all in a string...are we going around in circles here? ;)

Using return will stop the script at that point and allow you to return a message. The reason for all those return statements in my code above.

Another option would be to call array_unique [uk.php.net] on the $error array to remove duplicates.
So if they trip 3 or 4 of your bad words then this will result in 3 or 4 of the same error messages that you can then remove.
So your error array will have all of the error messages your code has generated, however there will be no duplicates.

thanks a lot mate. works like a charm, added unique array at the bottom of function.

....

if(!empty($errors)){ $unqErrors = array_unique($errors);
return $unqErrors; } 
return true; 
}