=== modified file 'modules/comment/comment.module'
--- modules/comment/comment.module	2008-12-06 09:01:58 +0000
+++ modules/comment/comment.module	2008-12-07 12:03:44 +0000
@@ -1244,7 +1244,7 @@
       if ($edit['name']) {
         $query = db_select('users', 'u');
         $query->addField('u', 'uid', 'uid');
-        $taken = $query->where('LOWER(name) = :name', array(':name' => $edit['name']))
+        $taken = $query->where('username = :name', array(':name' => $edit['name']))
           ->countQuery()
           ->execute()
           ->fetchField();

=== modified file 'modules/node/node.module'
--- modules/node/node.module	2008-12-06 09:01:58 +0000
+++ modules/node/node.module	2008-12-07 12:02:43 +0000
@@ -2890,7 +2890,7 @@
   // Use dropdown for fewer than 200 users; textbox for more than that.
   if (intval($count) < 200) {
     $options = array();
-    $result = db_query("SELECT uid, name FROM {users} WHERE uid > 0 ORDER BY name");
+    $result = db_query("SELECT uid, name FROM {users} WHERE uid > 0 ORDER BY username");
     while ($data = db_fetch_object($result)) {
       $options[$data->name] = $data->name;
     }
@@ -2917,7 +2917,7 @@
 }
 
 function node_assign_owner_action_validate($form, $form_state) {
-  $count = db_result(db_query("SELECT COUNT(*) FROM {users} WHERE name = '%s'", $form_state['values']['owner_name']));
+  $count = db_result(db_query("SELECT COUNT(*) FROM {users} WHERE username = LOWER(:owner_name)", array(':owner_name' => $form_state['values']['owner_name'])));
   if (intval($count) != 1) {
     form_set_error('owner_name', t('Please enter a valid username.'));
   }
@@ -2925,7 +2925,7 @@
 
 function node_assign_owner_action_submit($form, $form_state) {
   // Username can change, so we need to store the ID, not the username.
-  $uid = db_result(db_query("SELECT uid from {users} WHERE name = '%s'", $form_state['values']['owner_name']));
+  $uid = db_result(db_query("SELECT uid from {users} WHERE username = LOWER(:owner_name)", array(':owner_name:' => $form_state['values']['owner_name'])));
   return array('owner_uid' => $uid);
 }
 

=== modified file 'modules/system/system.admin.inc'
--- modules/system/system.admin.inc	2008-12-06 09:01:58 +0000
+++ modules/system/system.admin.inc	2008-12-07 12:02:43 +0000
@@ -1796,7 +1796,7 @@
   }
   // MySQL import might have set the uid of the anonymous user to autoincrement
   // value. Let's try fixing it. See http://drupal.org/node/204411
-  db_query("UPDATE {users} SET uid = uid - uid WHERE name = '' AND pass = '' AND status = 0");
+  db_query("UPDATE {users} SET uid = uid - uid WHERE username = '' AND pass = '' AND status = 0");
 
   return theme('status_report', $requirements);
 }

=== modified file 'modules/system/system.install'
--- modules/system/system.install	2008-12-06 09:01:58 +0000
+++ modules/system/system.install	2008-12-07 12:02:43 +0000
@@ -351,17 +351,17 @@
   // uid 2 which is not what we want. So we insert the first user here, the
   // anonymous user. uid is 1 here for now, but very soon it will be changed
   // to 0.
-  db_query("INSERT INTO {users} (name, mail) VALUES('%s', '%s')", '', '');
+  db_query("INSERT INTO {users} (name, username, mail) VALUES(:empty, :empty, :empty)", array(':empty' => ''));
   // We need some placeholders here as name and mail are uniques and data is
   // presumed to be a serialized array. Install will change uid 1 immediately
   // anyways. So we insert the superuser here, the uid is 2 here for now, but
   // very soon it will be changed to 1.
-  db_query("INSERT INTO {users} (name, mail, created, status, data) VALUES('%s', '%s', %d, %d, '%s')", 'placeholder-for-uid-1', 'placeholder-for-uid-1', REQUEST_TIME, 1, serialize(array()));
+  db_query("INSERT INTO {users} (name, username, mail, created, data) VALUES(:placeholder, :placeholder, :placeholder, :time, :serial)", array(':placeholder' => 'placeholder-for-uid-1', ':time' =>  REQUEST_TIME, ':serial' => serialize(array())));
   // This sets the above two users uid 0 (anonymous). We avoid an explicit 0
   // otherwise MySQL might insert the next auto_increment value.
-  db_query("UPDATE {users} SET uid = uid - uid WHERE name = '%s'", '');
+  db_query("UPDATE {users} SET uid = uid - uid WHERE username = :empty", array(':empty' =>''));  
   // This sets uid 1 (superuser). We skip uid 2 but that's not a big problem.
-  db_query("UPDATE {users} SET uid = 1 WHERE name = '%s'", 'placeholder-for-uid-1');
+  db_query("UPDATE {users} SET uid = 1 WHERE username = :placeholder", array(':placeholder' => 'placeholder-for-uid-1'));
 
   // Built-in roles.
   db_query("INSERT INTO {role} (name) VALUES ('%s')", 'anonymous user');

=== modified file 'modules/user/user.admin.inc'
--- modules/user/user.admin.inc	2008-12-06 09:01:58 +0000
+++ modules/user/user.admin.inc	2008-12-07 12:02:43 +0000
@@ -131,7 +131,7 @@
 
   $header = array(
     array(),
-    array('data' => t('Username'), 'field' => 'u.name'),
+    array('data' => t('Username'), 'field' => 'u.username'),
     array('data' => t('Status'), 'field' => 'u.status'),
     t('Roles'),
     array('data' => t('Member for'), 'field' => 'u.created', 'sort' => 'desc'),

=== modified file 'modules/user/user.install'
--- modules/user/user.install	2008-12-06 09:01:58 +0000
+++ modules/user/user.install	2008-12-07 12:02:43 +0000
@@ -103,6 +103,13 @@
         'default' => '',
         'description' => 'Unique user name.',
       ),
+      'username' => array(
+        'type' => 'varchar',
+        'length' => 60,
+        'not null' => TRUE,
+        'default' => '',
+        'description' => t('LOWER() version of {users}.name for query performance.  This column should be used for WHERE, ORDER BY, etc in queries, instead of {users}.name '),
+      ),
       'pass' => array(
         'type' => 'varchar',
         'length' => 128,
@@ -197,7 +204,7 @@
       'mail' => array('mail'),
     ),
     'unique keys' => array(
-      'name' => array('name'),
+      'username' => array('username'),
     ),
     'primary key' => array('uid'),
   );
@@ -360,6 +367,18 @@
 }
 
 /**
+ * Add username column and populate it with lowercased versions of existing names.
+ */
+function user_update_7002() {
+  $ret = array();
+  db_add_field($ret, 'users', 'username', array('type' => 'varchar', 'length' => 60, 'not null' => TRUE, 'default' => ''));
+  $ret[] = update_sql("UPDATE {users} SET username = LOWER(name)");
+  db_add_unique_key($ret, 'users', 'username', array('username'));
+  db_drop_unique_key($ret, 'users', 'name');
+  return $ret;
+}
+
+/**
  * @} End of "defgroup user-updates-6.x-to-7.x"
  * The next series of updates should start at 8000.
  */

=== modified file 'modules/user/user.module'
--- modules/user/user.module	2008-12-06 09:01:58 +0000
+++ modules/user/user.module	2008-12-07 12:02:43 +0000
@@ -164,6 +164,10 @@
       $query[] = "pass = '%s'";
       $params[] = $value;
     }
+    elseif ($key == 'username') {
+      $query[] = "username = LOWER('%s')";
+      $params[] = $value;
+    }
     else {
       $query[]= "LOWER($key) = LOWER('%s')";
       $params[] = $value;
@@ -232,6 +236,11 @@
     unset($edit['pass']);
   }
 
+  // If username isn't set, populate it with name.
+  if (empty($edit['username'])) {
+    $edit['username'] = $edit['name'];
+  }
+
   if (is_object($account) && $account->uid) {
     user_module_invoke('update', $edit, $account, $category);
     $data = unserialize(db_result(db_query('SELECT data FROM {users} WHERE uid = %d', $account->uid)));
@@ -262,6 +271,15 @@
       return FALSE;
     }
 
+    // Ensure $user->username is lowercase if it's the same as $user->name.
+    // We use the database to do the lowercasing to ensure correct searches
+    // in case of any discrepencies in character handling between the
+    // database and PHP.
+    // LOWER() is also slightly faster than mb_strtolower() for this task.
+    if ($edit['username'] == $edit['name']) {
+      db_query("UPDATE {users} SET username = LOWER(username) WHERE uid = :uid", array(':uid' => $account->uid));
+    }
+
     // Reload user roles if provided.
     if (isset($edit['roles']) && is_array($edit['roles'])) {
       db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid);
@@ -315,6 +333,14 @@
       return FALSE;
     }
 
+    // Ensure $user->username is lowercase if it's the same as $user->name.
+    // We use the database to do the lowercasing to ensure that there are
+    // no discrepencies in collation handling between the database and PHP.
+    // LOWER() is also slightly faster than mb_strtolower() for this task.
+    if ($edit['username'] == $edit['name']) {
+      db_query("UPDATE {users} SET username = LOWER(username) WHERE uid = :uid", array(':uid' => $edit['uid']));
+    }
+
     // Build the initial user object.
     $user = user_load(array('uid' => $edit['uid']));
 
@@ -558,8 +584,8 @@
  *
  * @return boolean TRUE for blocked users, FALSE for active.
  */
-function user_is_blocked($name) {
-  $deny = db_fetch_object(db_query("SELECT name FROM {users} WHERE status = 0 AND name = LOWER('%s')", $name));
+function user_is_blocked($username) {
+  $deny = db_fetch_object(db_query("SELECT name FROM {users} WHERE status = 0 AND username = LOWER(:username)", array(':username' => $username)));
 
   return $deny;
 }
@@ -616,13 +642,13 @@
         $keys = preg_replace('!\*+!', '%', $keys);
         if (user_access('administer users')) {
           // Administrators can also search in the otherwise private email field.
-          $result = pager_query("SELECT name, uid, mail FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%') OR LOWER(mail) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys, $keys);
+          $result = pager_query("SELECT name, uid, mail FROM {users} WHERE username LIKE LOWER('%%%s%%') OR LOWER(mail) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys, $keys);
           while ($account = db_fetch_object($result)) {
             $find[] = array('title' => $account->name . ' (' . $account->mail . ')', 'link' => url('user/' . $account->uid, array('absolute' => TRUE)));
           }
         }
         else {
-          $result = pager_query("SELECT name, uid FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys);
+          $result = pager_query("SELECT name, uid FROM {users} WHERE username LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys);
           while ($account = db_fetch_object($result)) {
             $find[] = array('title' => $account->name, 'link' => url('user/' . $account->uid, array('absolute' => TRUE)));
           }
@@ -1325,7 +1351,7 @@
   $password = trim($form_values['pass']);
   // Name and pass keys are required.
   if (!empty($form_values['name']) && !empty($password)) {
-    $account = db_fetch_object(db_query("SELECT * FROM {users} WHERE name = '%s' AND status = 1", $form_values['name']));
+    $account = db_fetch_object(db_query("SELECT * FROM {users} WHERE username = LOWER(:name) AND status = 1", array(':name' => $form_values['name'])));
     if ($account) {
       // Allow alternate password hashing schemes.
       require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
@@ -1541,7 +1567,7 @@
     if ($error = user_validate_name($edit['name'])) {
       form_set_error('name', $error);
     }
-    elseif (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(name) = LOWER('%s')", $uid, $edit['name'])) > 0) {
+    elseif (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != :uid AND username = LOWER(:name)", array(':uid' => $uid, ':name' => $edit['name']))) > 0) {
       form_set_error('name', t('The name %name is already taken.', array('%name' => $edit['name'])));
     }
   }

=== modified file 'modules/user/user.pages.inc'
--- modules/user/user.pages.inc	2008-12-06 09:01:58 +0000
+++ modules/user/user.pages.inc	2008-12-07 12:02:43 +0000
@@ -12,7 +12,7 @@
 function user_autocomplete($string = '') {
   $matches = array();
   if ($string) {
-    $result = db_query_range("SELECT name FROM {users} WHERE LOWER(name) LIKE LOWER(:name)", array(':name' => $string .'%'), 0, 10);
+    $result = db_query_range("SELECT name FROM {users} WHERE username LIKE LOWER(:name)", array(':name' => $string .'%'), 0, 10);
     while ($user = db_fetch_object($result)) {
       $matches[$user->name] = check_plain($user->name);
     }

=== modified file 'modules/user/user.test'
--- modules/user/user.test	2008-12-06 09:01:58 +0000
+++ modules/user/user.test	2008-12-07 12:02:43 +0000
@@ -27,6 +27,8 @@
     $edit = array();
     $edit['name'] = $name = $this->randomName();
     $edit['mail'] = $mail = $edit['name'] . '@example.com';
+    $this->drupalGet('user/register');
+    $this->assertResponse('200');
     $this->drupalPost('user/register', $edit, t('Create new account'));
     $this->assertText(t('Your password and further instructions have been sent to your e-mail address.'), t('User registered successfully.'));
 
@@ -36,7 +38,10 @@
     $this->assertTrue($user->uid > 0, t('User has valid user id.'));
 
     // Check user fields.
-    $this->assertEqual($user->name, $name, t('Username matches.'));
+    $this->assertEqual($user->name, $name, t('User name matches.'));
+    $name = db_result(db_query("SELECT LOWER(name) FROM {users} WHERE uid = %d", $user->uid));
+    $username = db_result(db_query("SELECT username FROM {users} WHERE uid = :uid", array(':uid' => $user->uid)));
+    $this->assertEqual($name, $username, t('Username matches.'));
     $this->assertEqual($user->mail, $mail, t('E-mail address matches.'));
     $this->assertEqual($user->theme, '', t('Correct theme field.'));
     $this->assertEqual($user->signature, '', t('Correct signature field.'));
@@ -47,6 +52,10 @@
     $this->assertEqual($user->picture, '', t('Correct picture field.'));
     $this->assertEqual($user->init, $mail, t('Correct init field.'));
 
+    // Attempt to register with a duplicate username.
+    $this->drupalPost('user/register', $edit, t('Create new account'));
+    $this->assertRaw(t('The name %name is already taken.', array('%name' => $edit['name'])), t('Duplicate username registration prevented.'));
+
     // Attempt to login with incorrect password.
     $edit = array();
     $edit['name'] = $name;
@@ -459,6 +468,68 @@
 
 }
 
+class UserSearchTestCase extends DrupalWebTestCase {
+  /**
+   * Implementation of getInfo().
+   */
+  function getInfo() {
+    return array(
+      'name' => t('User search'),
+      'description' => t('Tests user integration with the search module.'),
+      'group' => t('User')
+    );
+  }
+
+  /**
+   * Implementation of setUp().
+   */
+ function setUp() {
+    parent::setUp('search');
+    // Create users.
+    $this->normal_user = $this->drupalCreateUser(array('access user profiles', 'search content'));
+    $this->admin_user = $this->drupalCreateUser(array('administer users', 'search content'));
+  }
+
+  function testUserSearch() {
+    // Register a new user for searching.
+    $edit = array();
+    $edit['name'] = $name = $this->randomName();
+    $edit['mail'] = $mail = $edit['name'] . '@example.com';
+    $this->drupalPost('user/register', $edit, t('Create new account'));
+    $this->assertText(t('Your password and further instructions have been sent to your e-mail address.'), t('User registered successfully.'));
+    $this->drupalLogin($this->admin_user);
+    $this->drupalGet('search/user');
+    $this->assertResponse(200, t('User search page exists.'));
+
+    // Search for a username with 'administer users' permission.
+    $edit = array();
+    $edit['keys'] = $name;
+    $this->drupalPost(NULL,  $edit, t('Search'));
+    $this->assertRaw($name, t('Username search successful.'));
+    // Email address search.
+    $this->drupalGet('search/user');
+    $edit = array();
+    $edit['keys'] = $mail;
+    $this->drupalPost(NULL,  $edit, t('Search'));
+    $this->assertRaw($name, t('Email search successful.'));
+    $this->drupalLogout();
+
+    // Search for a username with 'access user profiles' permission.
+    $this->drupalLogin($this->normal_user);
+    $this->drupalGet('search/user');
+    $this->assertResponse(200, t('User search page exists.'));
+    $edit = array();
+    $edit['keys'] = $name;
+    $this->drupalPost(NULL,  $edit, t('Search'));
+    $this->assertRaw($name, t('Username search successful'));
+    // E-mail address search.
+    $edit = array();
+    $edit['keys'] = $mail;
+    $this->drupalPost(NULL,  $edit, t('Search'));
+    $this->assertRaw($name, t('Email search does not return results without appropriate permission'));
+  }
+}
+
 class UserAdminTestCase extends DrupalWebTestCase {
   function getInfo() {
     return array(

