Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By Shai on
I have found the the 40/50-somethings-spend-all-day-on-a-computer-but-don't-know-much-about-computers who populate my first Drupal project site are baffled by the fact that Drupal seems to ask for and allow spaces in usernames.
Your full name or your preferred username;
That's confusing. It should just say, "Username (spaces allowed)". Also, it would be nice if there was a distinction between a "username" -- to log in with (no spaces allowed), and a "nickname" which would be attached to all the content you create.
Shai
Comments
What 'hallowed convention'?
What 'hallowed convention'? A space is a perfectly valid ASCII character. If you wish to change the text the user sees, you can use the locale module. Instructions here
Also, you can try to make a rule to deny spaces in user accounts in admin >> access control >> rules.
-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide -|- Black Mountain
-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide
I think he just means that
I think he just means that most sites will not allow you to have a space in your username.
I didn't even realise Drupal did until I read this post, it's just something that's so strongly ingrained in me that usernames can't have spaces.
Ahh... thus demonstrating
Ahh... thus demonstrating that other solutions limit themselves needlessly. :)
There are quite a few Drupal user names that have spaces in them.
-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide -|- Black Mountain
-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide
Don't get angry Steven this is just a demonstration
The that spaces are not used are because they cause confusion and can be abused.
No one is going to know that this is the real Steven Peck or an alias because the visual indicators are not there. This does not mean that spaces are the cause. But that allowing them makes it easier.
I honestly thought for a bit
I honestly thought for a bit he was replying to himself in some werid split personality thing.
Made your point very well.
So, you registered a name
So, you registered a name with a dash at the end? Was it good for you? Yes, I was aware of this. You want us to prevent it with rules? We can if you want us to.
I note you took the time and effort to forge a near likeness of my name in an email address to. Good for you.
-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide -|- Black Mountain
-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide
Who needs spaces?
There's far more convincing ways to masquerade as another user that don't require spaces...
-Not Steven Peck
---------
Charmap, always remember the charmap.
Homographs
Yes,
And they are very hard to defend against. This was a big issue with eg paypal-like domainnames. See http://www.shmoo.com/idn/homograph.txt
--
Tips for posting to the forums.
When your problem is solved, please post a follow-up to the thread you started.
GPG Signed Comments
Well, everyone could GPG sign their comments. (Or maybe a simpler /. approach of display UID in parens next to the username will suffice.)
spaces in comments
BTW, the last time I checked, Drupal didn't trim nicknames in comment forms. So one could type "[space] sepeck" to masquerade as sepeck. Annoying. Has somebody fixed this already? (can't check this myself at the moment, sorry) Should I file a bug?
not a bug
You can make an access rule to prevent this with username creation.
-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide -|- Black Mountain
-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide
Spaces
Actually, this is one website where I don't have a space in my name. I'm registered at over a dozen vbulletin powered websites with the username of Brian Puccio and I have no problems at all.
What would happen if you
What would happen if you register at a forum and accidentaly made two spaces bars between the first and last name rather than one? You will have registered but then you would not be able to login. Depending on the type face used a space cannot really seen.
I am logging out because emulating some one is not funny at all.
Don't Know
Time to go generate some more email addresses and find some website to join at and see how many ways I can try to break vbul by registering with a bunch of spaces all over. (I know they don't let you start a name with a space, but don't know of any other constraints off hand.)
Nope, especially as you took
Nope, especially as you took the time to create a gmail account with my name. Not funny at all. Quite creepy in a stalker sort of way. I was taking the time to answer a question and provide feedback on how to limit and someone decided to be a jerk about it rather then replying with a discussion.
-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide -|- Black Mountain
-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide
Sorry about that I will email the info
Sorry, That was me. I had a bunch of invites laying in my in box. I will email you the logins so that you can own the gmail account. You probably don't need it but atleast no one else is going to get it now.
I was just out to show how spammers work. The allowing of space characters causes so many problems. Especailly when you users are teenagers, bilingual and bored. We enforce alpha numeric usernames to keep students from becoming teachers and other faculty.
another approach
Another approach to consider is the one that AIM (AOL Instant Messenger) takes, which not many people are aware of. It allows spaces in logins, but "folds" them, so an AIM login of "JimBob32" is equivalent to "Jim Bob 32" is equivalent to "J i m B o b 3 2". Thats just another option to consider.... but then you must be careful to apply the canonicalization uniformly, obviously.
That's rather smart
You could extend it beyond spaces to all punctuation. So you are allowed to have all the punctuation you want, but each new user is checked against the existing user list using only the basic alpha-numeric characters. So the first person registers as [Jim Bob] this now excludes [JimBob], [Jim_Bob], [Jim Bob] (double space), [Jim@Bob], [Jim Bob -], and so on, from being used for new users (and spammers/fraudsters) while allowing such variations as [Jim T Bob] and [Jim Bob2].
To me, this better matches human behaviour, which ignores or atleast gives lower importance to punctuation marks for identification purposes. Taking it one step further, as the reduced user id is unique, this can go as the key to the table, but then have a 'display name', as Shai suggested at the start, for display (sorry painfully obvious statement there, language skills sadly lacking today). Gets round the problem of the user slightly mistyping their name at login. Two spaces instead of one, not a problem, user forgot they were able to use spaces on your site and sign on using underscores, not a problem.
Clearly would need a chunk of coding to get it working and it really should be internationally aware, alpha is much more than the english a-z.
Scott
That's easy
It's very easy to prevent spaces actually:
Go to administer » access control, tabs account rules » add rules (admin/access/rules/add) and add the rules
(The last line has an ASCII 255 character)
Similar rules for dashes are also easy to come by.
--
Tips for posting to the forums.
When your problem is solved, please post a follow-up to the thread you started.
Heine, for being able to do
Heine, for being able to do this Cool! It should be added to the Handbook if it has not been.
For how it is done thumbs down. Regular expressions? How unfriendly :(
Very useful tip and typical
Very useful tip and typical of how we overlook drupal's inbuilt abilities very often.
:) My first post suggested
:) My first post suggested this. I did not have time to generate an example though :)
-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide -|- Black Mountain
-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide
Does this affact users already signed up
How does this rule apply to folk who have already created user names with spaces.
content2zero.com
Per the help text Set up
Per the help text
It looks like it won't log them out, but will prevent them from logging back in.
-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide -|- Black Mountain
-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide
Are you sure it's working ?
I am on Drupal 6.
Those to rules simply not work and let users create logins containing spaces.
HELP!
Also on Drupal 6 but they
Also on Drupal 6 but they work fine.
Thanks and LoginTobaggan
Thanks for the great conversation, even if the experimentation was a bit over the top.
Though I haven't done this myself yet, it appears that the module LoginTobaggan (love that name) may provide the best of everything. Because it allows people to log-in using their e-mail address OR their user name, in a way the e-mail could become the reliable, no spaces or punctuation string that I desire, and the username can function as the nickname which can be more flexible.
Here is the location for LoginTobaggan: http://drupal.org/node/34309
Shai
content2zero.com
spaces and migration
old thread, but my 2 cents on the non-alpha. They can be hard if you want to migrate the customers or share common login with another app that does not allow them.
Let's make it 4 cents
I'm almost finished fixing a number of problems a more experienced person would have avoided. We have a mail server and ftp on our site, with drupal holding the user info.
All the users with spaces (and those with capital letters in their names) had to be notified and their logins changed, because ftp can't handle spaces.
The dovecot mail server, which looks at the users table to compare the login and the password, is case-sensitive. No big deal you think but MySQL doesn't distinguish case when you run a select so a search for 'Bill' will grab 'bill'.
Again no big deal except that dovecot would create a 'Bill' directory (ignoring the 'bill' directory) if the imap user logged in with 'Bill' instead of 'bill'.
So it's cool that drupal has a bunch of functionality that goes beyond your typical community plumbing, but wow it can bite you in the arse if you want to integrate with industry standard tools.
Well thanks for listening. I'm off to try to force all login names to be lower case on creation. Thanks for the % % tip.
Troy Vitullo
I know I come late to this
I know I come late to this thread but I think the user_validate_name function in the user module is fundamentally flawed because it is based on a blacklist (which is far from complete) instead of being based on a whitelist. Which is why I had someone rewrite that part of the user module and I know that only a-z|A-Z|0-9 and hyphens are going into usernames. The current system, despite the blacklist blocks on unicode characters isn't complete and I've signed up to drupal accounts with a whole raft of odd looking characters.
Did you submit a patch?
or maybe contribute a module that overrides the default functionality of the user_valicate_name function?
Do tell...
Shai
content2zero.com
content2zero.com
No, I was repeatedly told
No, I was repeatedly told "it's core....leave it alone" (as some drupalers have a tendency to do) so I just paid for some developer to simplify the code. It now achieves twice as much in half the code.
Hmm...
Part of what I like about the Drupal community in general is that it is so much more open to change than typical work environments. Though maybe not always so. I certainly don't promote banging one's head against the wall...
But I think it is worth a try. If your suggestion did make it into core in some fashion it would have been a huge contribution. If it doesn't, just a minor annoyance and a few minutes wasted.
I think the project page to submit the suggested feature would be: http://drupal.org/project/issues/3060
All the best,
Shai
content2zero.com
content2zero.com
Interoperability
As Troy and others have mentioned, not having username restrictions by default creates problems with interoperability with other services the site may be providing. Restrictions should be on by default, and a way to customize them should be easily accessible and consistent across versions. I was like the many posters above that did not realize spaces were allowed until I did some testing. I'm providing subdomains with my service (as in userid.example.com), and "John Doe ♬" just isn't allowed in a URL. Also, there are some documents created upon user registration that use the username as a context, so it's not just about interoperability, but actually compatibility with an available feature of Drupal. Usernames should not be allowed if they can't be used literally in a URL. It adds problems the the list of 10,001 issues developers and admins have to deal with when setting up a site. Thanks for listening.