Piwik::checkValidLoginString(): allow "@" in login #1762

anonymous-piwik-user opened this Issue Oct 12, 2010 · 8 comments


None yet

3 participants


Currently, piwik explicitely forbid use of "@" in a user login. (only [a-zA-Z0-9-._] are allowed )

It doesn't make much sense to forbid the "@" and it make it impossible to integrate piwik with any service where the login is the email (such as lot of LDAP setup).


Fixing this bug is really easy :

core/Piwik.php, line 1595


&& (preg_match('/^[A-Za-z0-9_.-]*$/', $userLogin) > 0))


&& (preg_match('/^[@A-Za-z0-9_.-]*$/', $userLogin) > 0))


(I've tested it and it works great)


re: LDAP. Is this change necessary, given the LDAP plugin in #734?


I guess it is because it looks like the http_auth plugin is more interesting anyway. Ldap is only use to do authentification, piwik still do the authorization.

Comments in the bug related to the http_auth plugin seems to think the same;-)

mattab commented Nov 16, 2010

increasing priority, as it makes sense to allow @ in logins

mattab commented Nov 29, 2010

(In [3381]) Fixes #1762


(In [3388]) refs #1762 - fix unit test


(In [3646]) fixes #1970, refs #1762 - add more unit tests

@anonymous-piwik-user anonymous-piwik-user added this to the Piwik 1.1 milestone Jul 8, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment