How to generate username of specific pattern in drupal during registration - module

I want to generate a usernames st + first two initials of their first name + their last name.
There are few modules to create username of specific pattern but none of them can accomplish my requirement. I am not Drupal module expert.

What you can do is to install the automatic username module:
Navigate to the configuration page of this module: admin/config/people/accounts/patterns
Then, in the "Other settings" section you can check the option "Evaluate PHP in pattern."
This allows you to execute PHP in the "Pattern for username" field. Two things to consider:
PHP is executed after the token replacement, this allows you to actually manipulate the strings.
You need to echo the final result.
Make sure that the php is wrapped with <?php ?> tags. Also, if you make a syntax error, it will only be seen upon registration (Or whenever the script is executed.)
Now let's say you configured your users to have a first_name field and a last_name field (with those specific field names)
Your PHP could look something like this:
<?php
$initials = substr("[user:field-first-name]", 0, 2);
echo 'str' . $initials . "[user:field-last-name]";
?>
First, Note that the token are between double quotes to make sure that what is outputted by the token is considered a string by PHP
Second, the php function substr is used to get the 2 first letters of the first name.
Now, things I don't know
I have no idea what happens if two users happen to have the same resulting username
I don't know what happen if a user enters a double quote in his name, might be dangerous, you might want to escape it with a str_replace or something like that

Related

Display markdown safely as HTML in Vue3

So I have a set of strings, with some "custom markdown" that I have created. My intention is to render these strings as HTML in the frontend. Let's say, I have this string:
This is a string <color>that I need</color> to\nrender <caution>safely in the browser</caution>. This is some trailing text
I would be expecting to get something like:
This is a string <span class="primaryColor">that I need</span> to<br>render <div class="caution">safely in the browser</div>. This is some trailing text
And the way I do it right now is with some basic Regex:
toHtml = text
.replace(/<color>(.*)<\/color>/gim, "<span class='primaryColor'>$1</span>")
.replace(/\\n/g, "<br>")
.replace(/<caution>(.*)<\/caution>/gims, "<div class='caution'>$1</div>")
This works fine and returns the correct string. And then for printing, in the template I just:
<div id="container" v-html="result"></div>
My problem is that at some point I expect users to be able to enter this strings themselves, and that would be displayed to other users too. So for sure, I am gonna be vulnerable to XSS attacks.
Is there any alternative I can use to avoid this? I have been looking at https://github.com/Vannsl/vue-3-sanitize which looks like a good way of just allowing the div, span and br tags that I am using, and set the allowed attributes to be only class for all the tags. Would this be safe enough? Is there something else I should do?
In that case, I believe it will not be necessary to sanitize it in the backend too, right? Meaning, there will be no way for the web browser to execut malicious code, even if the string in the server contains <script>malicious code</script>, right?
My problem is that at some point I expect users to be able to enter this strings themselves
So, Do we have a form input for the users to enter the string which you mentioned in the post ? If Yes, My suggestion is that you can sanitize the user input at first place before passing to the backend. So that in backend itself no malicious code should be stored.
Hence, By using string.replace() method. You can first replace the malicious tags for ex. <script>, <a, etc. from the input string and then store that in a database.
Steps you can follow :
Create a blacklist variable which will contain the regex of non-allowed characters/strings.
By using string.replace(), replace all the occurrence of the characters available in the string as per the blacklist regex with the empty string.
Store the sanitized string in database.
So that, You will not get worried about the string coming from backend and you can bind that via v-html without any harm.

Slack API - Don't notify user when parsing user id

In this message formatting doc: https://api.slack.com/docs/message-formatting, you can use special control sequence characters < and > to perform server-side parsing (server-side as in Slack API's server-side).
So using <#U024BE7LH> in your chat.postMessage() call will get parsed to something like #bob or whatever the username associated with that ID is, in the actual text that shows up in slack.
Unfortunately, this will cause a notification for the person you're referring to. How do I make it so that it doesn't notify the person? I've tried to enclose in a code block, i.e.:
`<#U024BE7LH>`
or
```
<#U024BE7LH>
```
But it still pings. I'm thinking the only way is to get a list of users and parse the name from the ID.
According to this, backticks should work but empirically it hasn't for me. The Slack employee says to just convert the user ID to their name and use that without the templating.
https://forums.slackcommunity.com/s/question/0D73a000005n0OXCAY/detail?language=en_US&fromEmail=1&s1oid=00Dj0000001q028&s1nid=0DB3a000000fxl3&s1uid=0053a00000Ry9cX&s1ext=0&emkind=chatterCommentNotification&emtm=1667894666436&emvtk=fH.W2M01lq9W1cf31RSROPwB7LYs.och8RgbVTqoNlg%3D&t=1667931570045

Best way to get a return tag from a sql SELECT command

I making a virtual assistant client for my University project and there is a slight problem in getting a tag return based on match string.
The system works like this:
1. The user speech input is converted into a string.
2. The string is then matched to column in table.
3. The matching column returns its id which then return two tags from another table.
The problem is for calling someone, how should I go around it?
I mean, the user will say something like this: "Call Arya", here I can't have predefined command for each person so I have to use "MATCH" or "LIKE" selectors in SQL.
But then if I use these selectors then it will return me the tag for say opening facebook app even if I just "facebook", as the commands for facebook will be "open facebook" or "run facebook".
So how to work around it. Please help.

LDAP Group Filter for authorization in Activiti

I am using activiti-ldap jar to achieve ldap in activiti. I am able to succeed with authentication but I am not able to perform authorization.
Code is using below filter to authenticate (It is giving result)
(&(objectClass=person)(objectClass=user)(sAMAccountName=my-name))
Code is using below filter to authorize (i.e search group based on authenticated user). The enunumeration is not giving any result
(&(objectClass=group)(member=my-distinguised-name))
However when use the same group filter Softerra LDAP Browser, it is giving result.
NamingEnumeration< ? > namingEnum = initialDirContext.search(baseDn, searchExpression, createSearchControls());
while (namingEnum.hasMore()) {
System.out.println("Inside While");
}
I am sure, I am missing something. Can anyone point out my mistake?
I'm not sure if this answers your question, but something you have to be careful of when using a Distinguished name with Active Directory (I am assuming it is Active Directory because there is a sAMAccountName attribute) is comma's, or other special characters in the DN (an example would be cn=Harley, Gregory). Comma's and other special characters need to be escaped with a single backslash ("\"), Softerra may automatically escape these in the query string for you.
Like I said, it may not answer your question, but may give you an avenue to search.
Cheers,
Greg

BuddyPress: Custom profile date field not showing in loop

I'm working on a buddypress site in which members are allowed to post an ad that appears in the member directory, provided they also set an expiration date for it. Both fields are just Extended Profile Fields; the ad is a text area and the expiration date is, of course, a date picker.
In my theme, within the members-loop.php loop, I have the following code:
// This one works
<?php $ad = bp_get_member_profile_data('field=Member Directory Ad'); ?>
// This one doesn't
<?php $ad_expiry = bp_get_member_profile_data('field=Member Directory Ad Expiration'); ?>
There is no other special code to make this happen. I see no reason why the $ad_expiry is blank for a member who definitely has it set, especially when $ad has the correct value.
Digging into the buddypress code, my extended profile datebox data is not being returned by bp_get_member_profile_data(). Inside xprofile_format_profile_field() the value is being "formatted" by bp_format_time() and the output is empty. So I guess it's a buddypress bug.
I've figured out the bug, at least. BuddyPress stores the output of the datebox as a string like "2012-07-19 00:00:00". bp_get_member_profile_data() retrieves that from the database and then passes it to xprofile_format_profile_field(), which passes it to bp_format_time(), which returns false because the value fails the is_numeric() check.
Try this workaround -
//you need to specify the $user_id
$ad_expiry = xprofile_get_field_data('Member Directory Ad Expiration', $user_id );
// reformat, if you like
$ad_expiry = strtotime($ad_expiry);
echo date('m/d/Y', $ad_expiry);
.
And thanks for the bug report on trac.