List similar usernames when moderating user registration

Hi all.

I have a client that runs a board that has about 100 members that are his personal friends, and the other 3400 members are just regular users. Lately poeple have been registering with usernames very similar to those of his friends, and his friends are complaining.

He asked me for a way to display a list of usernames that "sound like" or "are similar to" existing users, so that when he moderates user registrations it's easy to make a decision as to allow the new user or not.

Anyway, this VERY simple hack searches the database for existing usernames, and checks to see if they are similar to the username that is being registered. If it finds any, it simply lists them.

The system uses my own combination of metaphone and levenshtein to try to find similar matches.

There are options in the code to limit the number of returned matches, and to set the "tolerance level" of the search. A higher tolerance allows more matches.

Did I mention this was an EXCEEDINGLY simple hack? The only modifications are to admin/user.php.

You need to add two bits of code. The first is around line 1182, when you see the following code:

PHP Code:

$users=$DB_site->query("SELECT userid,username,email FROM user WHERE usergroupid=4 ORDER BY username"); 


Add this AFTER the code above:

PHP Code:

// DLST hack! Show similar usernames when moderating a user signup
  // to speed things up, get an array of all the users in the system here
  $sim_all_users=$DB_site->query("SELECT username FROM user WHERE usergroupid!=4");
  while ($sim_all_user=$DB_site->fetch_array($sim_all_users)) {
    $sim_arr_all_users[] = $sim_all_user[username];
  }
  // now we have $sim_arr_all_users, an array with all the usernames in the system that a current
  // END 


Then, find the following (a couple lines down, around 1190):

PHP Code:

echo "<td><p>$user[username]</p></td><td><p><a href=\"mailto:$user['email']\">$user['email']</a></p></td><td><p><a href=\"user.php?s=$session[sessionhash]&action=edit&userid=$user[userid]\" target=_blank>View profile</a></p></td></tr>\n"; 


And add this code AFTER:

PHP Code:

// DLST hack! Show similar usernames when moderating a user signup
        //********************
        // Options for Show Similar Usernames Hack
        $sim_limit_show = 10; // maximum number of similar names to show
        $sim_tolerance = 2; // how close a match to the username do you want?  The lower it is, the closer 
                            // the usernames must match to show up in list.  Experiment for yourself, but 
                            // this number works best for me.
        // END Options
        //********************
        // $user[username] is the username trying to get registered
        // $sim_message is the list of similar usernames that gets generated
        $sim_meta1 = metaphone( $user[username] ); // get the metaphone for the username we are checking
        reset ($sim_arr_all_users); // reset the array
        while ( $sim_thiscount < $sim_limit_show && list(, $sim_current_user) = each ($sim_arr_all_users) ) {
            $sim_meta2 = metaphone( $sim_current_user ); // get the metaphone for the usernames that already exist
            $sim_score = levenshtein( $sim_meta1, $sim_meta2 ); // generate a score with the lev. method
            if ( $sim_score <= $sim_tolerance ) { // compare the score to the tolerance (set above)
                $sim_users_found[] = $sim_current_user; // if it's good, add it to the list
                $sim_thiscount++; // increase the count of matched usernames by one
            }   
        }
        if ( $sim_thiscount > 0 ) {
            $sim_message = "A total of $sim_thiscount similar users were found: ";
            foreach ($sim_users_found as $sim_value) {
                $sim_message .= "<b>$sim_value</b>, ";
            }
            $sim_message = substr( $sim_message, 0, -2 ); // remove the last comma     
        } else {
            $sim_message = "No similar usernames were found in the user list.";
        }
        
        //echo "<tr><td><p>Validate option</p></td><td><p>$user[username]</p></td><td><p>$user["email"]</p></td><td><p>View profile</p></td></tr>\n";
        echo "<tr class='".getrowbg()."'><td><p></p></td><td colspan=3><p>$sim_message</p></td></tr>\n";
unset($sim_meta1, $sim_thiscount);
        // END DLST hack 


And that's it! Moderate a user registration to see it in action.

I'd very much like to get as much feedback as possible for this, so don't hold back! If you have any suggestions, or ways to optimize the code further, also let me know.

-DLST

[TheComputerGuy]

Very good idea, if I do say so. Thanks for the hack

[Jawelin]

GREAT !!!
I'm gonna to install asap!

Just an enhancement: how could I modify the code to search (and to add the same array... ) even for similar emails or identical encrypted passwords ?

Thanks again for you excellent work!
Bye

[Lesane]

Great. Thanks. I gonna install this hack later.

[dlst]

[QUOTE]Originally posted by Jawelin

Just an enhancement: how could I modify the code to search (and to add the same array... ) even for similar emails or identical encrypted passwords ?

Thanks again for you excellent work!
Bye [/B]

[dlst]

[QUOTE]Originally posted by Jawelin

Just an enhancement: how could I modify the code to search (and to add the same array... ) even for similar emails or identical encrypted passwords ?

Thanks again for you excellent work!
Bye [/B]

[Jawelin]

You're absolutely right about passwords... Just I thought I could be notified of possible duplicates without knowing them (as hashed in 2.2.x) ...
Later, the Admin could evaluate or investigate better tracking those user this way identified...

The other thing, the email: well, my board has about 30 new users a day, but most of them are only 'readers' cause login/pw are necessary even to reach the forums, then I use email verification and admin validation to find potential dupe users.

Till now I always did this way: about once a month, I close the new subscriptions for a day, download the user.csv to excel and sort again and again with small function utilities to find 'probably' matching (at 90%... ) userid, emails, md5(pw), ipaddress, and so on... Most dupe email are similar id on different servers (yahoo, hotmail, etc.) or 'soundex-like' ids on the same one...

Then I always found out about 100-200 potential dupe users (I experimented the most popular sport is, when forgettin pw, re-subscribe again and again... ), and if in doubt contacted them to choose the right one...

As you can see, your great hack seems solving almost my problems...

That's all ... Thanks for support.

[dlst]

Ok, so tell me if I'm hearing you right:

You would like a system that does the following:

1) check the list of users and find similar email usernames (the part that comes before that @domain.com)

2) take that list of similars (call them potential dupes) and check passwords and ip addresses for possible close or match.

3) generate that list of potentials, with links to contact that user about the potential problem.

You would have the following options:

$sim_limit_show - how many duplicates to show (-1 for all)
$sim_tolerance - how close a match do you want?
$sim_checkpass - (T/F) check for similar passwords?
$sim_pass_tolerance - how close a match on passwords?
$sim_checkip - (T/F) check for similar ips?
$sim_ip_tolerance - how close a match on ips?
$sim_orderby - (DATE/ALPHA) how do you want list displayed?

And the code above would have to be it's own section in the admin, which you could run from time to time, without having to take down the registration at all...

Have I got this right? Is this what you are looking for? let me know if I've left out anything.

-dlst

[Jawelin]

[QUOTE]Have I got this right? Is this what you are looking for? let me know if I've left out anything.

[Jawelin]

Ehi ?!?

Nobody's there ?
You gave me such an input and now ? Ehehehe
Thanks