Posted by Summit on May 25, 2009 at 1:08pm
Jump to:
| Project: | Drupal core |
| Version: | 8.x-dev |
| Component: | comment.module |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
| Issue tags: | Needs tests |
Issue Summary
Hi,
I am trying to get 2.3 to work, but I am stuck on "The name belongs to a registered user.".
I set "access secured pages" permission for securesite also to anonymous users.
How to get this message away and securesite working?
I got a blank field for guest user, and am not able to type something in it, but it has a red border around it.
Thanks for going into this.
Greetings, Martijn
Comments
#1
This means that one of your users has created an account with the same name you are using for the guest user. You must change either the user name or the guest name.
#2
Hi,
You where right! Somehow I got a user with Anonymous user as name in my useradmin. I deleted this user, and now it works.
Thanks for your quick reply!
greetings,
Martijn
#3
this is real trouble on large loaded sites
cause
if Your site was for anonymous users but during its growing process Your users became registered with the same names - trouble is global
F.E. content manager wants to edit old message - but always got this error. Changing names - is not good - sometimes it can be non-legal (copyright)
If this bug (Yes, this is bug! cause superadmin may edit everything!) woudn`t be fixed try this small fix in comment.module
$taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = '%s'", $edit['name']));
/*
if ($taken != 0) {
form_set_error('name', t('The name you used belongs to a registered user.'));
}
*/
}
But remember!!!! - with commenting this code users can change their usernames in comments into Registered usernames (possible)
ps. sorry for my english
#4
moving this to core comment.module queue
we need to handle such situation in right way
#5
just checked this in 7.x-dev - all the same
#6
#3 describes a situation where a comment administrator can end up not being able to edit an existing comment.
Also for people who have registered and try to post a comment when they are not logged in - they may get this message, but it's really no help to them so they give up. I've worked round this using string overrides so that they also get a link to the login page, but a better answer would be for them to be shown a password box on the error screen so that they can log in and post the comment all at once. Otherwise they have to type their comment in again once they've logged in, which is pretty cruel!
Also updating title to be more meaningful.
#7
This is really a bug. It's a real pain with common names like "Michael" and "George". Will love to see this check removed from the comment module. I think the "name" field in "comments" table should not have anything to do with the user as the "uid" field is already there to track the user.
#8
Echoing #7. This is definitely a bug and bad UX. Let's say there's a "steve" username (or "Steve", or "STEVE" - case doesn't matter). If Steve isn't logged in, or another Steve in the world wanted to comment, they're presented with "The name you used belongs to a registered user". Steve's choices are to either type in his full name, intentionally misspell his name, or leave a fake/random name.
As far as I can tell, uid can remain 0 and name can be anything, so what's the point of this validation? And should this be a new ticket?
#9
So here's the quick steps on how to reproduce this:
1. while logged out, add a comment to a node, giving your name as, say, 'Bob'.
2. as uid 1, create a user called 'Bob'
3. as uid 1, try to edit the comment and save it.
> Also for people who have registered and try to post a comment when they are not logged in
I think this is a separate matter -- feature request to have login fields within the comment form perhaps? Though I bet there's a contrib module for that already ;)
So sticking to the main issue, the problem is not what code to write, but how to handle this situation. There's a principle of Drupal of protecting people's identities -- that is why we don't allow duplicate usernames.
Some ideas:
a) When an account is created, check ALL comment names and reject the new account name if an anonymous comment already bears that name. -- this is patently absurb, so let's move on ;)
b) When editing the anonymous comment, run a check on the name field, and warn the admin of the situation. This allows the admin to do something about it before getting the submit warning -- like changing the name field. For bonus points, the form could show the warning AND change the name field to 'Bob (visitor)', or 'Bob (Anonymous)'.
Other than that, I'm not sure... any more ideas?
#10
subscribe
#11
I modified the code like this:
$taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = '%s'", $edit['name']));if ($taken != 0) {
$email = db_result(db_query("SELECT mail FROM {users} WHERE LOWER(name) = '%s'", $edit['name']));
if ($email != $edit['mail']) form_set_error('name', t('The name you used belongs to a registered user.'));
}
So, if the username is already taken, it also considers the email. If the username/email pair exists in the database, the comment is allowed, otherwise the standard "name taken" error is displayed.
#12
The issue exists in Drupal's comment core module for websites where only anonymous users post comments.
This should definitely be changed to check email instead, as email is site-wide unique identifier of site visitor, not name. Anonymous users don't need site account just to post a comment or reply and this is totally confusing the way it works at the moment.
#13
Here's the patch with proposed change (against version 6.x). This patch will work the old way but will skip username check if Anonymous users may post comments.
Let me know if this is good enough and I will post the patch file.
--- Base (BASE)
+++ Locally Modified (Based On LOCAL)
@@ -1201,7 +1201,7 @@
if (!$user->uid || isset($edit['is_anonymous'])) {
$node = node_load($edit['nid']);
if (variable_get('comment_anonymous_'. $node->type, COMMENT_ANONYMOUS_MAYNOT_CONTACT) > COMMENT_ANONYMOUS_MAYNOT_CONTACT) {
- if ($edit['name']) {
+ if ($edit['name'] && !user_access('access comments')) {
$taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE name = '%s'", $edit['name']));
if ($taken != 0) {
#14
Please don't change the version number -- this needs to be fixed on 7 first.
Also, can you upload rather than paste your patch please?
#15
A patch for this issue needs to contain a test to reproduce the bug, following the steps in #9. This patch should not contain a fix, just the test to prove that this bug still exists and can be cleanly reproduced.
#16
#17
Also related #1121876: If a user changes their e-mail address, then we need to also update {comment}.mail