Page Index Toggle Pages: 1
Topic Tools
Hot Topic (More than 10 Replies) Login w/userid is case-sensitive; shouldn't be (Read 2,807 times)
Jet Li
Legacy Dev Team
Development Team
****
Offline



Posts: 6,588
Location: Hong Kong
Re: Login w/userid is case-sensitive; shouldn't be
Reply #10 - Feb 27th, 2010 at 9:50am
Post Tools
cepheid wrote on Feb 27th, 2010 at 9:33am:
Should this bug be copied to Y3 Bugs and fixed in SVN, as well?If the same code exists (for flatfile forums) in Y3, then this bug exists there, too.

Same here. Its on my ToDo List for Y3 too.  Grin
  

PM me for YaBB Installation Service
Back to top
WWWGTalkFacebook  
IP Logged
 
cepheid
Senior Member
****
Offline



Posts: 516
Re: Login w/userid is case-sensitive; shouldn't be
Reply #9 - Feb 27th, 2010 at 9:33am
Post Tools
Should this bug be copied to Y3 Bugs and fixed in SVN, as well?  If the same code exists (for flatfile forums) in Y3, then this bug exists there, too.
  
Back to top
WWW  
IP Logged
 
Jet Li
Legacy Dev Team
Development Team
****
Offline



Posts: 6,588
Location: Hong Kong
Re: Login w/userid is case-sensitive; shouldn't be
Reply #8 - Feb 27th, 2010 at 9:09am
Post Tools
Tested and works. Thnx cepheid.

New
Sources/System.pl
in CVS.
  

PM me for YaBB Installation Service
Back to top
WWWGTalkFacebook  
IP Logged
 
cepheid
Senior Member
****
Offline



Posts: 516
Re: Login w/userid is case-sensitive; shouldn't be
Reply #7 - Feb 27th, 2010 at 8:57am
Post Tools
OK, I've looked through the code... the reason this is happening is because the check for username isn't actually a check for the username, but rather a check to see if the file $memberdir/username.vars exists.  Since YaBB stores the file WITH case-sensitivity, then this check will fail if the username case is incorrect.

Because of the way the code works, the fix for this needs to be implemented in &MemberIndex.  Specifically:

find System.pl line 329:
Code
Select All
                        if    (lc $user eq lc $curmail) { undef %memberinf; return $curmemb; } 



And insert before it:
Code
Select All
                        if    (lc $user eq lc $curmemb) { undef %memberinf; return $curmemb; } 



This will check the user-input $user against the actual stored $curmemb, without caring about case - just like for displaynames or email - but will return real username with correct case, allowing all the file operations to still work.

The above will fix the problem - tested and verified on my board.
« Last Edit: Feb 27th, 2010 at 8:58am by cepheid »  
Back to top
WWW  
IP Logged
 
cepheid
Senior Member
****
Offline



Posts: 516
Re: Login w/userid is case-sensitive; shouldn't be
Reply #6 - Feb 27th, 2010 at 8:34am
Post Tools
Jet Li wrote on Feb 27th, 2010 at 8:29am:
Did you enable this in Member Controls - Reserved Names in Admin Center?

No, that box is unchecked, so this shouldn't be the issue.  Also, as I said, the case sensitivity appears to affect login with username only; login with displayname (if different from username) works regardless of case.
  
Back to top
WWW  
IP Logged
 
Jet Li
Legacy Dev Team
Development Team
****
Offline



Posts: 6,588
Location: Hong Kong
Re: Login w/userid is case-sensitive; shouldn't be
Reply #5 - Feb 27th, 2010 at 8:29am
Post Tools
@ cepheid

Did you enable this in Member Controls - Reserved Names in Admin Center?

Quote:
Reserved names will keep members from registering certain usernames or using these words in their displayed names. Choose the options you wish to use from the bottom before submitting.


[ ] Match whole name only. If unchecked, will search for reserved words within name.
[ ] Match case. If unchecked, search will be case insensitive.
[ ] Check username.
[ ] Check display name.
  

PM me for YaBB Installation Service
Back to top
WWWGTalkFacebook  
IP Logged
 
cepheid
Senior Member
****
Offline



Posts: 516
Re: Login w/userid is case-sensitive; shouldn't be
Reply #4 - Feb 27th, 2010 at 5:07am
Post Tools
I see what you're saying.  If that is the case, this was not implemented properly.  What should happen is that the algorithm that checks whether a username is already taken by converting the username to all lowercase internally.  I believe this already happens.  However, because of this, there is no reason to check case on usernames when logging in.

For all these reasons, usernames should be case-insensitive when logging in, and everywhere else - it would prevent multiple users with identical-except-for-case names, it would be more user-friendly, and it would be consistent with logging in using email or displayname.
  
Back to top
WWW  
IP Logged
 
Captain John
Ex Member


Re: Login w/userid is case-sensitive; shouldn't be
Reply #3 - Feb 27th, 2010 at 4:46am
Post Tools
No .. what I was saying or should have conveyed ... If a user registered in caps, the saved name was in normal (small) letters.  A username in Caps could not be saved, eliminating the change of 2 users, one in caps the other in small letters  (been awhile since this was hatched out).
  
Back to top
 
IP Logged
 
cepheid
Senior Member
****
Offline



Posts: 516
Re: Login w/userid is case-sensitive; shouldn't be
Reply #2 - Feb 27th, 2010 at 1:24am
Post Tools
Quote:
We had problems of enabling 2 users with the same names.

Right, that's the entire point - you should not be able to do that, and hence the username should be case-insensitive.  By making it case-insensitive, you prevent users with the "same" names that differ only by case.

If you enable case-sensitivity, you allow users with the "same" name but differing in case.  It must be case-insensitive, as I originally stated.
  
Back to top
WWW  
IP Logged
 
Captain John
Ex Member


Re: Login w/userid is case-sensitive; shouldn't be
Reply #1 - Feb 27th, 2010 at 1:12am
Post Tools
  I believe .. (not sure) the check was inserted to catch usernames that were written as either (caps vs normal).  We had problems of enabling 2 users with the same names.

   The displayname should be checked.
  
Back to top
 
IP Logged
 
cepheid
Senior Member
****
Offline



Posts: 516
Login w/userid is case-sensitive; shouldn't be
Feb 26th, 2010 at 9:28pm
Post Tools
It appears that Y2.4 uses a case-sensitive check for usernames during login (and possibly other places, e.g. password changes); IMHO, this shouldn't happen.  Logging in with a displayname or email address is not case-sensitive; usernames should not be, either.

This is repeatable; for a user account where the display name is NOT the same as the username, try logging in using the username but with incorrect case - you'll get an error.  (If the displayname is the same as the username, login will work fine, because the displayname check is case-insensitive.)

I believe that we discussed this in a previous thread somewhere (I can't remember where) but agreed that usernames shouldn't be case-sensitive so that there couldn't be both a "user" and a "User," as that could get confusing.

As such, the userid check during login (and anywhere else) should not be case-sensitive.

If/when this is fixed (I regret that I don't have time to do it right now as I'm in the middle of writing up my thesis), could you please post the code change here, preferably as a patch file, so I can manually apply it to my release boards?

Thanks.
  
Back to top
WWW  
IP Logged
 
Page Index Toggle Pages: 1
Topic Tools
 
  « Board Index ‹ Board  ^Top