=== modified file 'modules/comment/comment.module' --- modules/comment/comment.module 2008-12-06 09:01:58 +0000 +++ modules/comment/comment.module 2008-12-07 12:03:44 +0000 @@ -1244,7 +1244,7 @@ if ($edit['name']) { $query = db_select('users', 'u'); $query->addField('u', 'uid', 'uid'); - $taken = $query->where('LOWER(name) = :name', array(':name' => $edit['name'])) + $taken = $query->where('username = :name', array(':name' => $edit['name'])) ->countQuery() ->execute() ->fetchField(); === modified file 'modules/node/node.module' --- modules/node/node.module 2008-12-06 09:01:58 +0000 +++ modules/node/node.module 2008-12-07 12:02:43 +0000 @@ -2890,7 +2890,7 @@ // Use dropdown for fewer than 200 users; textbox for more than that. if (intval($count) < 200) { $options = array(); - $result = db_query("SELECT uid, name FROM {users} WHERE uid > 0 ORDER BY name"); + $result = db_query("SELECT uid, name FROM {users} WHERE uid > 0 ORDER BY username"); while ($data = db_fetch_object($result)) { $options[$data->name] = $data->name; } @@ -2917,7 +2917,7 @@ } function node_assign_owner_action_validate($form, $form_state) { - $count = db_result(db_query("SELECT COUNT(*) FROM {users} WHERE name = '%s'", $form_state['values']['owner_name'])); + $count = db_result(db_query("SELECT COUNT(*) FROM {users} WHERE username = LOWER(:owner_name)", array(':owner_name' => $form_state['values']['owner_name']))); if (intval($count) != 1) { form_set_error('owner_name', t('Please enter a valid username.')); } @@ -2925,7 +2925,7 @@ function node_assign_owner_action_submit($form, $form_state) { // Username can change, so we need to store the ID, not the username. - $uid = db_result(db_query("SELECT uid from {users} WHERE name = '%s'", $form_state['values']['owner_name'])); + $uid = db_result(db_query("SELECT uid from {users} WHERE username = LOWER(:owner_name)", array(':owner_name:' => $form_state['values']['owner_name']))); return array('owner_uid' => $uid); } === modified file 'modules/system/system.admin.inc' --- modules/system/system.admin.inc 2008-12-06 09:01:58 +0000 +++ modules/system/system.admin.inc 2008-12-07 12:02:43 +0000 @@ -1796,7 +1796,7 @@ } // MySQL import might have set the uid of the anonymous user to autoincrement // value. Let's try fixing it. See http://drupal.org/node/204411 - db_query("UPDATE {users} SET uid = uid - uid WHERE name = '' AND pass = '' AND status = 0"); + db_query("UPDATE {users} SET uid = uid - uid WHERE username = '' AND pass = '' AND status = 0"); return theme('status_report', $requirements); } === modified file 'modules/system/system.install' --- modules/system/system.install 2008-12-06 09:01:58 +0000 +++ modules/system/system.install 2008-12-07 12:02:43 +0000 @@ -351,17 +351,17 @@ // uid 2 which is not what we want. So we insert the first user here, the // anonymous user. uid is 1 here for now, but very soon it will be changed // to 0. - db_query("INSERT INTO {users} (name, mail) VALUES('%s', '%s')", '', ''); + db_query("INSERT INTO {users} (name, username, mail) VALUES(:empty, :empty, :empty)", array(':empty' => '')); // We need some placeholders here as name and mail are uniques and data is // presumed to be a serialized array. Install will change uid 1 immediately // anyways. So we insert the superuser here, the uid is 2 here for now, but // very soon it will be changed to 1. - db_query("INSERT INTO {users} (name, mail, created, status, data) VALUES('%s', '%s', %d, %d, '%s')", 'placeholder-for-uid-1', 'placeholder-for-uid-1', REQUEST_TIME, 1, serialize(array())); + db_query("INSERT INTO {users} (name, username, mail, created, data) VALUES(:placeholder, :placeholder, :placeholder, :time, :serial)", array(':placeholder' => 'placeholder-for-uid-1', ':time' => REQUEST_TIME, ':serial' => serialize(array()))); // This sets the above two users uid 0 (anonymous). We avoid an explicit 0 // otherwise MySQL might insert the next auto_increment value. - db_query("UPDATE {users} SET uid = uid - uid WHERE name = '%s'", ''); + db_query("UPDATE {users} SET uid = uid - uid WHERE username = :empty", array(':empty' =>'')); // This sets uid 1 (superuser). We skip uid 2 but that's not a big problem. - db_query("UPDATE {users} SET uid = 1 WHERE name = '%s'", 'placeholder-for-uid-1'); + db_query("UPDATE {users} SET uid = 1 WHERE username = :placeholder", array(':placeholder' => 'placeholder-for-uid-1')); // Built-in roles. db_query("INSERT INTO {role} (name) VALUES ('%s')", 'anonymous user'); === modified file 'modules/user/user.admin.inc' --- modules/user/user.admin.inc 2008-12-06 09:01:58 +0000 +++ modules/user/user.admin.inc 2008-12-07 12:02:43 +0000 @@ -131,7 +131,7 @@ $header = array( array(), - array('data' => t('Username'), 'field' => 'u.name'), + array('data' => t('Username'), 'field' => 'u.username'), array('data' => t('Status'), 'field' => 'u.status'), t('Roles'), array('data' => t('Member for'), 'field' => 'u.created', 'sort' => 'desc'), === modified file 'modules/user/user.install' --- modules/user/user.install 2008-12-06 09:01:58 +0000 +++ modules/user/user.install 2008-12-07 12:02:43 +0000 @@ -103,6 +103,13 @@ 'default' => '', 'description' => 'Unique user name.', ), + 'username' => array( + 'type' => 'varchar', + 'length' => 60, + 'not null' => TRUE, + 'default' => '', + 'description' => t('LOWER() version of {users}.name for query performance. This column should be used for WHERE, ORDER BY, etc in queries, instead of {users}.name '), + ), 'pass' => array( 'type' => 'varchar', 'length' => 128, @@ -197,7 +204,7 @@ 'mail' => array('mail'), ), 'unique keys' => array( - 'name' => array('name'), + 'username' => array('username'), ), 'primary key' => array('uid'), ); @@ -360,6 +367,18 @@ } /** + * Add username column and populate it with lowercased versions of existing names. + */ +function user_update_7002() { + $ret = array(); + db_add_field($ret, 'users', 'username', array('type' => 'varchar', 'length' => 60, 'not null' => TRUE, 'default' => '')); + $ret[] = update_sql("UPDATE {users} SET username = LOWER(name)"); + db_add_unique_key($ret, 'users', 'username', array('username')); + db_drop_unique_key($ret, 'users', 'name'); + return $ret; +} + +/** * @} End of "defgroup user-updates-6.x-to-7.x" * The next series of updates should start at 8000. */ === modified file 'modules/user/user.module' --- modules/user/user.module 2008-12-06 09:01:58 +0000 +++ modules/user/user.module 2008-12-07 12:02:43 +0000 @@ -164,6 +164,10 @@ $query[] = "pass = '%s'"; $params[] = $value; } + elseif ($key == 'username') { + $query[] = "username = LOWER('%s')"; + $params[] = $value; + } else { $query[]= "LOWER($key) = LOWER('%s')"; $params[] = $value; @@ -232,6 +236,11 @@ unset($edit['pass']); } + // If username isn't set, populate it with name. + if (empty($edit['username'])) { + $edit['username'] = $edit['name']; + } + if (is_object($account) && $account->uid) { user_module_invoke('update', $edit, $account, $category); $data = unserialize(db_result(db_query('SELECT data FROM {users} WHERE uid = %d', $account->uid))); @@ -262,6 +271,15 @@ return FALSE; } + // Ensure $user->username is lowercase if it's the same as $user->name. + // We use the database to do the lowercasing to ensure correct searches + // in case of any discrepencies in character handling between the + // database and PHP. + // LOWER() is also slightly faster than mb_strtolower() for this task. + if ($edit['username'] == $edit['name']) { + db_query("UPDATE {users} SET username = LOWER(username) WHERE uid = :uid", array(':uid' => $account->uid)); + } + // Reload user roles if provided. if (isset($edit['roles']) && is_array($edit['roles'])) { db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid); @@ -315,6 +333,14 @@ return FALSE; } + // Ensure $user->username is lowercase if it's the same as $user->name. + // We use the database to do the lowercasing to ensure that there are + // no discrepencies in collation handling between the database and PHP. + // LOWER() is also slightly faster than mb_strtolower() for this task. + if ($edit['username'] == $edit['name']) { + db_query("UPDATE {users} SET username = LOWER(username) WHERE uid = :uid", array(':uid' => $edit['uid'])); + } + // Build the initial user object. $user = user_load(array('uid' => $edit['uid'])); @@ -558,8 +584,8 @@ * * @return boolean TRUE for blocked users, FALSE for active. */ -function user_is_blocked($name) { - $deny = db_fetch_object(db_query("SELECT name FROM {users} WHERE status = 0 AND name = LOWER('%s')", $name)); +function user_is_blocked($username) { + $deny = db_fetch_object(db_query("SELECT name FROM {users} WHERE status = 0 AND username = LOWER(:username)", array(':username' => $username))); return $deny; } @@ -616,13 +642,13 @@ $keys = preg_replace('!\*+!', '%', $keys); if (user_access('administer users')) { // Administrators can also search in the otherwise private email field. - $result = pager_query("SELECT name, uid, mail FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%') OR LOWER(mail) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys, $keys); + $result = pager_query("SELECT name, uid, mail FROM {users} WHERE username LIKE LOWER('%%%s%%') OR LOWER(mail) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys, $keys); while ($account = db_fetch_object($result)) { $find[] = array('title' => $account->name . ' (' . $account->mail . ')', 'link' => url('user/' . $account->uid, array('absolute' => TRUE))); } } else { - $result = pager_query("SELECT name, uid FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys); + $result = pager_query("SELECT name, uid FROM {users} WHERE username LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys); while ($account = db_fetch_object($result)) { $find[] = array('title' => $account->name, 'link' => url('user/' . $account->uid, array('absolute' => TRUE))); } @@ -1325,7 +1351,7 @@ $password = trim($form_values['pass']); // Name and pass keys are required. if (!empty($form_values['name']) && !empty($password)) { - $account = db_fetch_object(db_query("SELECT * FROM {users} WHERE name = '%s' AND status = 1", $form_values['name'])); + $account = db_fetch_object(db_query("SELECT * FROM {users} WHERE username = LOWER(:name) AND status = 1", array(':name' => $form_values['name']))); if ($account) { // Allow alternate password hashing schemes. require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc'); @@ -1541,7 +1567,7 @@ if ($error = user_validate_name($edit['name'])) { form_set_error('name', $error); } - elseif (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(name) = LOWER('%s')", $uid, $edit['name'])) > 0) { + elseif (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != :uid AND username = LOWER(:name)", array(':uid' => $uid, ':name' => $edit['name']))) > 0) { form_set_error('name', t('The name %name is already taken.', array('%name' => $edit['name']))); } } === modified file 'modules/user/user.pages.inc' --- modules/user/user.pages.inc 2008-12-06 09:01:58 +0000 +++ modules/user/user.pages.inc 2008-12-07 12:02:43 +0000 @@ -12,7 +12,7 @@ function user_autocomplete($string = '') { $matches = array(); if ($string) { - $result = db_query_range("SELECT name FROM {users} WHERE LOWER(name) LIKE LOWER(:name)", array(':name' => $string .'%'), 0, 10); + $result = db_query_range("SELECT name FROM {users} WHERE username LIKE LOWER(:name)", array(':name' => $string .'%'), 0, 10); while ($user = db_fetch_object($result)) { $matches[$user->name] = check_plain($user->name); } === modified file 'modules/user/user.test' --- modules/user/user.test 2008-12-06 09:01:58 +0000 +++ modules/user/user.test 2008-12-07 12:02:43 +0000 @@ -27,6 +27,8 @@ $edit = array(); $edit['name'] = $name = $this->randomName(); $edit['mail'] = $mail = $edit['name'] . '@example.com'; + $this->drupalGet('user/register'); + $this->assertResponse('200'); $this->drupalPost('user/register', $edit, t('Create new account')); $this->assertText(t('Your password and further instructions have been sent to your e-mail address.'), t('User registered successfully.')); @@ -36,7 +38,10 @@ $this->assertTrue($user->uid > 0, t('User has valid user id.')); // Check user fields. - $this->assertEqual($user->name, $name, t('Username matches.')); + $this->assertEqual($user->name, $name, t('User name matches.')); + $name = db_result(db_query("SELECT LOWER(name) FROM {users} WHERE uid = %d", $user->uid)); + $username = db_result(db_query("SELECT username FROM {users} WHERE uid = :uid", array(':uid' => $user->uid))); + $this->assertEqual($name, $username, t('Username matches.')); $this->assertEqual($user->mail, $mail, t('E-mail address matches.')); $this->assertEqual($user->theme, '', t('Correct theme field.')); $this->assertEqual($user->signature, '', t('Correct signature field.')); @@ -47,6 +52,10 @@ $this->assertEqual($user->picture, '', t('Correct picture field.')); $this->assertEqual($user->init, $mail, t('Correct init field.')); + // Attempt to register with a duplicate username. + $this->drupalPost('user/register', $edit, t('Create new account')); + $this->assertRaw(t('The name %name is already taken.', array('%name' => $edit['name'])), t('Duplicate username registration prevented.')); + // Attempt to login with incorrect password. $edit = array(); $edit['name'] = $name; @@ -459,6 +468,68 @@ } +class UserSearchTestCase extends DrupalWebTestCase { + /** + * Implementation of getInfo(). + */ + function getInfo() { + return array( + 'name' => t('User search'), + 'description' => t('Tests user integration with the search module.'), + 'group' => t('User') + ); + } + + /** + * Implementation of setUp(). + */ + function setUp() { + parent::setUp('search'); + // Create users. + $this->normal_user = $this->drupalCreateUser(array('access user profiles', 'search content')); + $this->admin_user = $this->drupalCreateUser(array('administer users', 'search content')); + } + + function testUserSearch() { + // Register a new user for searching. + $edit = array(); + $edit['name'] = $name = $this->randomName(); + $edit['mail'] = $mail = $edit['name'] . '@example.com'; + $this->drupalPost('user/register', $edit, t('Create new account')); + $this->assertText(t('Your password and further instructions have been sent to your e-mail address.'), t('User registered successfully.')); + $this->drupalLogin($this->admin_user); + $this->drupalGet('search/user'); + $this->assertResponse(200, t('User search page exists.')); + + // Search for a username with 'administer users' permission. + $edit = array(); + $edit['keys'] = $name; + $this->drupalPost(NULL, $edit, t('Search')); + $this->assertRaw($name, t('Username search successful.')); + // Email address search. + $this->drupalGet('search/user'); + $edit = array(); + $edit['keys'] = $mail; + $this->drupalPost(NULL, $edit, t('Search')); + $this->assertRaw($name, t('Email search successful.')); + $this->drupalLogout(); + + // Search for a username with 'access user profiles' permission. + $this->drupalLogin($this->normal_user); + $this->drupalGet('search/user'); + $this->assertResponse(200, t('User search page exists.')); + $edit = array(); + $edit['keys'] = $name; + $this->drupalPost(NULL, $edit, t('Search')); + $this->assertRaw($name, t('Username search successful')); + // E-mail address search. + $edit = array(); + $edit['keys'] = $mail; + $this->drupalPost(NULL, $edit, t('Search')); + $this->assertRaw($name, t('Email search does not return results without appropriate permission')); + } +} + class UserAdminTestCase extends DrupalWebTestCase { function getInfo() { return array(