Why not just have javascript code to watch for an "@" and throw up a flag for the user and/or prevent submission?
On Friday, February 13, 2026 at 15:22, Will Martin eloquently inscribed:
> All,
>
> We've had a problem for years where people enter their email address as the
> user name, which fails because our current configuration assumes they're
> entering just their user name. We've had a JavaScript attached to our login
> pages for a long time which was designed to strip those suffixes off. But
> occasionally one would slip through anyway. I've never been clear on what set
> of circumstances led the JavaScript to fail, but it's been happening more
> frequently of late.
>
> So over the past week we spent some time fiddling with user.txt and
> expressions, and came up with a server-side solution which appears to work.
> Here is the code:
>
> ::Common
> If login:user =~ /@.*$/i {
> Set login:user = REReplace(/@.*$/i, "", login:user)
> Set login:loguser = login:user
> }
> /Common
>
> This block of code goes immediate before the opening ::LDAP bit. If you wish
> to adjust this for use on your own servers, just swap out the email suffixes
> that you want to strip off in that regular expression on lines 2 and 3.
>
> The advantage of doing it server side in user.txt is consistency. No worrying
> about different browsers or the rare unicorn people who have JavaScript
> turned off or anything.
>
> We've had this going for a week at this point with no issues.
>
> Hope this helps someone.
>
> Will Martin (and also credit to Ethan Fria)
>
> Head of Digital Initiatives, Systems and Services
> Chester Fritz Library
> University of North Dakota
>
> He/his/him
>
> 701.777.4638
Received on Mon Feb 16 2026 - 11:25:41 EST