Password suddenly stops working for certain users (slight return)

[lwiz]

As my previous post about the subject: https://www.simplemachines.org/community/index.php?topic=545864.msg3874781#msg3874781

The issue - users suddenly are unable to log in has been continuing and as of now, the issue seems to be related to the fact that if we have user named say "user" someone is able to register username "User" without problems.

Been poking around the code, but I haven't yet been able to find the place where username to be registered is compared to already registered usernames.

Any pointers how to go on from here - the issue persists on board with plugins completely removed.

DB emgine is postgres, encoding UTF-8 and collation is set on Finnish UTF.

-L

[Sir Osis of Liver]

That shouldn't happen, usernames are not case sensitive.  If you change language to english does problem persist?

[lwiz]

That shouldn't happen, usernames are not case sensitive.  If you change language to english does problem persist?

Yeah, shouldn't :/ No joy if default language is set to English or English UTF-8 instead of Finnish, one can still register "duplicate" username with case differences.

-L

[Sir Osis of Liver]

Best guess is you had a mod installed that didn't uninstall completely.  If you've aleady uninstalled all mods, upload a clean set of files, see if that fixes it.  Going offline shortly, don't have time to look for the code, but if you still can't fix it will take a look tonight.

[lwiz]

Best guess is you had a mod installed that didn't uninstall completely.  If you've aleady uninstalled all mods, upload a clean set of files, see if that fixes it.  Going offline shortly, don't have time to look for the code, but if you still can't fix it will take a look tonight.

Since the problem surfaced back when the forum has been reinstalled completely from fresh files twice, then remodded. My hunch is that either some portion of forum isn't aware that the db encoding is UTF8 (I had to manually define that to Settings.php) or similar. The forum was converted partly (and unsuccessfully) to UTF8 before my time.

-L

[lwiz]

No-one knows where existing usernames are compared to one to be registered - file and row?

[Sir Osis of Liver]

I believe that's handled in /scripts/register.js, no idea how it works.

[Doug Heffernan]

No-one knows where existing usernames are compared to one to be registered - file and row?

You can find that in the Register.php file inside the Sources directory.

Code Select Expand

/**
* See if a username already exists.
*/
function RegisterCheckUsername()
{
global $sourcedir, $context;

// This is XML!
loadTemplate('Xml');
$context['sub_template'] = 'check_username';
$context['checked_username'] = isset($_GET['username']) ? un_htmlspecialchars($_GET['username']) : '';
$context['valid_username'] = true;

// Clean it up like mother would.
$context['checked_username'] = preg_replace('~[\t\n\r \x0B\0' . ($context['utf8'] ? '\x{A0}\x{AD}\x{2000}-\x{200F}\x{201F}\x{202F}\x{3000}\x{FEFF}' : '\x00-\x08\x0B\x0C\x0E-\x19\xA0') . ']+~' . ($context['utf8'] ? 'u' : ''), ' ', $context['checked_username']);

require_once($sourcedir . '/Subs-Auth.php');
$errors = validateUsername(0, $context['checked_username'], true);

$context['valid_username'] = empty($errors);
}

[Kindred]

actually, no, Doug...     that code snippet CALLS the validateUsername function, but is not the validate function in and of itself.

You most certainly do ***NOT*** want to just remove the line calling the validateUsername

[Doug Heffernan]

In that case my mistake Kindred. What is the actual code where existing usernames are compared to one to be registered?

Is it in the Register.php file?

[Kindred]

not sure...   but probably register, or one of the subs-*** files.

[lwiz]

Line 970 (if mods haven't messed the linenumbers) in Sources/Subs-Members.php

Once I rewrote the line - adding LOWER next to each name to be compared:

Code Select Expand

AND ') . '(LOWER(real_name) LIKE LOWER({string:check_name}) OR LOWER(member_name) LIKE LOWER({string:check_name}))

duplicate registrations weren't possible anymore. Not the most stylish solution, but something that had to be done before the "double registrations" went completely out of hand. I wonder if the reason is that MySQL (and derivatives) return lowercase names by default, where Postgres is case sensitive?

-L