Ugly error message upon duplicate user registration
| Project: | Drupal |
| Version: | 5.10 |
| Component: | user system |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | postponed (maintainer needs more info) |
Jump to:
Hi,
when a user registers with a user name that already exists, here is the ugly error message returned in the watchdog:
Duplicate entry 'robert' for key 2 query: INSERT INTO users (name, mail, pass, init, status, uid, created) VALUES ('robert', 'founder@asite.com', '5d69c10fbaa1f2b15d6a672d46abba23', 'founder@asite.com', 1, 893, 1180696049) in /big/dom/xasite/www/includes/database.mysql.inc on line 172.
It is particularly annoying when spam robots try to registers several times a day flooding the watchdog with error messages.
And here is what message the user gets: "Thank you for applying for an account. Your account is currently pending approval by the site administrator.
In the meantime, your password and further instructions have been sent to your e-mail address."
It says to the user it is pending admin approval even if the site is set to approve user without admin approval.
I haven't tested, but it is possible it happens also if email is duplicate.
Cordially,
Brakkar
(drupal 5.1, mysql 4.1.22, php 4.4.4)
#1
I'm having the same problem, same version of Drupal. The user gets the above message when trying to register with a duplicate user name - and on the face of it everything appears to go well - until you check the logs.
If I try to add the user from the administration side of the site, I get an error message saying that the username is already taken - my question is, WHY doesn't the user trying to register get this message? and why do the site moderators get an email saying "Subject: Account details for forum_test at XXXX (pending admin approval)
forum_test has applied for an account.
http://XXXX.com/user//edit"
And of course, when they go to approve the user - there isn't one there to be approved & no-one is the wiser about what is happening until complaints start coming in.
Cheers,
Lorna
#2
>WHY doesn't the user trying to register get this message?
That's a very good question. The same code is used to check ("validate") the username (and email address) whether it's someone trying to register or an admin creating a new account http://api.drupal.org/api/function/_user_edit_validate/5. In your case it looks like the check is not being performed, hence the user account is apparently created normally and email is sent etc.
I can't reproduce this problem on either 5.7 or 5.1. Do you have any additional modules that could be modifiying the registration process? Do you get the same problem if you try to register with a duplicate email address?
#3
I just ran into this problem in Drupal 5.10. The specific conditions in my case:
I created two PHP blocks. The first:
<?phpprint drupal_get_form('user_login');
?>
The second:
<?phpprint drupal_get_form('user_register');
?>
Then, using the Panels module, I put these blocks into a two-column layout in an attempt to consolidate the login & register forms onto a single page. When I submit the 'new user' form from my custom block, I get the MySQL error and "pending admin approval" message as described above.
When I use the standard registration form at
user/register, it behaves as expected and fails with the "The name Foo is already taken." error message & highlighted field.Something to do with the path, perhaps? I'll keep digging & post anything I find here.
#4
Ok,
The code determining whether or not the username field gets validated is on lines 1379-1390 of user.module:
<?php// Validate the username:
if (user_access('change own username') || user_access('administer users') || arg(1) == 'register') {
if ($error = user_validate_name($edit['name'])) {
form_set_error('name', $error);
}
else if (db_num_rows(db_query("SELECT uid FROM {users} WHERE uid != %d AND LOWER(name) = LOWER('%s')", $uid, $edit['name'])) > 0) {
form_set_error('name', t('The name %name is already taken.', array('%name' => $edit['name'])));
}
else if (drupal_is_denied('user', $edit['name'])) {
form_set_error('name', t('The name %name has been denied access.', array('%name' => $edit['name'])));
}
}
?>
Note the last condition for the if() test; unless the
user_registerform action is a path whose arg(1) happens to be 'register', validation gets skipped. I changed my panel's path fromapp/usertoapp/registerand the user_register_validate() function started catching duplicate name entries.#5
(Bumping Version up to Drupal 5.10 since the issue is still relevant - perhaps it should be marked 'by design'?)
#6
How did you change the path?
#7
Not sure how you mean - I changed my Panel's path to match the arg(1) == 'register' requirement, rather than hacking the User module.