Skip to content


Piwik::checkValidLoginString(): allow "@" in login #1762

anonymous-piwik-user opened this Issue · 8 comments

3 participants


Currently, piwik explicitely forbid use of "@" in a user login. (only [a-zA-Z0-9-._] are allowed )

It doesn't make much sense to forbid the "@" and it make it impossible to integrate piwik with any service where the login is the email (such as lot of LDAP setup).


Fixing this bug is really easy :

core/Piwik.php, line 1595


&& (preg_match('/^[A-Za-z0-9_.-]*$/', $userLogin) > 0))


&& (preg_match('/^[@A-Za-z0-9_.-]*$/', $userLogin) > 0))


(I've tested it and it works great)


re: LDAP. Is this change necessary, given the LDAP plugin in #734?


I guess it is because it looks like the http_auth plugin is more interesting anyway. Ldap is only use to do authentification, piwik still do the authorization.

Comments in the bug related to the http_auth plugin seems to think the same;-)

Piwik Open Source Analytics member

increasing priority, as it makes sense to allow @ in logins

Piwik Open Source Analytics member

(In [3381]) Fixes #1762


(In [3388]) refs #1762 - fix unit test


(In [3646]) fixes #1970, refs #1762 - add more unit tests

@anonymous-piwik-user anonymous-piwik-user added this to the Piwik 1.1 milestone
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.