menu

Questions & Answers

Username Checking

I am creating a web app where when you register you give input of username and password, now at first I thought I was done with the login/register system but then I realized I can create accounts with the same username as long as I add a space ( ) to the end or change a letter to capital. I want only one person to have a username no matter what the capitalization is, how can I detect these fakes? my detection code:

if(user) {
                    res.json({
                        message: "User Already Exists"
                    })
                }

user = searching for a user in the db with the input but it doesn't have any other detection!

I though of adding a "pronunciation" to the db info so it would be all lower case to prevent capital letter abuse but that seems unnecessary, also how can I detect spaces ( )?

Comments:
2023-01-20 23:10:04
When you check if the username exists convert the input username and all existing usersnames to lower or upper case and compare?
2023-01-20 23:10:04
I would store the username and a sanitized username in lowercase without spaces as index. That way the users can have their own cases and spaces, and you can efficiently search the table for a lowercase username without spaces.
2023-01-20 23:10:04
Also, .trim to prevent whitespace at the start/end of the string
2023-01-20 23:10:04
You could potentially disallow spaces to begin with as a validation step, or at least leading/trailing spaces. Also perform case-insensitive comparisons (both on registration and on login, casing shouldn't matter in a username but very much should in a password). Though the effort to stop people from making names that are similar to other names should only go so far. There comes a point where such restrictions cause more problems than they solve.
2023-01-20 23:10:04
ok, thanks to all for information
Answers(0) :