Add a note warning users that usernames are case sensitive now

Adding tag.

Are you trying with the right uppercase/lowercase letters?

I had the same issue until I typed the correct case on my username. This was not necessary under 5.x.

Added this note to the front page post at http://drupal.org/node/376454 and consider this closed. This is how Drupal 6 works.

+1 for this suggestion. Took me some time to finally read to the bottom of this issue to realize how insensitve my case was. I think I will place my case in time out for being so rude.

@Archnemysis :

:)

I agree a note in the login block "password is case sensitive" or "Username and password case sensitive" under the corresponding fields is a good idea.

A note can be added to the user profile as well in the description for password under the password field. It may not hurt to add a line for this to the email generated by drupal upon account creation or activation as well.

I hope the password was always case sensitive.. I guess it is only the user name what has been changed between D5 and D6..

+1

Actually, for D6 core login, usernames are not case sensitive. Is d.o. using some additional login utilities that are causing this?

Making usernames case sensitive means that people can effectively masquerade as other users by creating an account with one different capitalization change.

From user_load (which is called by user_authenticate).

  foreach ($array as $key => $value) {
    if ($key == 'uid' || $key == 'status') {
      $query[] = "$key = %d";
      $params[] = $value;
    }
    else if ($key == 'pass') {
      $query[] = "pass = '%s'";
      $params[] = md5($value);
    }
    else {
      $query[]= "LOWER($key) = LOWER('%s')";
      $params[] = $value;
    }
  }

drupal.org is using Pressflow and perhaps a special collation in the database. I'm not sure why this is the case.

Adding a "drupal_set_message" on login is fine and should be relatively easy to add.

bakery might also explain this behavior...

If I correctly recall, the collation used for the table containing the user data has been changed to allow not ASCII characters, as the ones used in some languages; as the result, the adopted collation is now case sensitive.

Bakery has some issues with the collation used on Drupal.org (if they are not already fixed), as it doesn't consider different usernames as KiamLaLuno, and kiamlaluno. I verified that issue while synchronizing accounts, and noticed that a d.o account ThisIsNotTheRealName was not synchronized with its g.d.o account just because Bakery found the account thisisnottherealname on g.d.o.

The warning should be given in two different places: The registration form, and the login form.

I added a note about the username being case sensitive on the text of some emails sent when an account is created, or when a password reset is required. At least this would help users who register a new account on Drupal.org, or users who require a password reset because use a wrong username, and think they forgot the password.

>The warning should be given in two different places: The registration form, and the login form.
+1

I am changing the status back to active, as the login form has not been changed.
As the configurable messages Drupal shows to the user have been already changed, should this report be moved to the Drupal.org customizations queue?

>should this report be moved to the Drupal.org customizations queue?
If that's where this would be handled then yes I guess so..!

Also, "Sorry, unrecognized username or password. Have you forgotten your password?" should be changed since 99.99% of users will never go to the login page.

How about "Sorry, unrecognized username or password. Both usernames and passwords are case-sensitive on drupal.org. Or have you forgotten your password?" ?

I'm assuming that d.o doesn't implement String overrides, nor string overrides via settings.php?

This is no longer a change and I assume, no longer a concern.

This is still a problem. Ultimike just ran into it with a user name ricke which conflicted with the existing RickE.

I don't understand what comment #21 means, so reopening the issue.

New duplicated accounts were reduced by the D7 upgrade. However, we did have the possibility of new duplicates being created on subsites, #2299919: Ensure accounts created on subsites can not have duplicate usernames. We can monitor the duplicates at #1034852: Clean up accounts with case-insensitive duplicate names to be sure they no longer go up. That is a massive cleanup task, which is not done.