Because name is generated in hook_form_alter and then replaced in hook_user when user_register_submit is triggered on form submit the username is still the random value. This random value is passed to user_authenticate after hook_user is triggered. As a result the user can never be authenticated. Instead of generating the username in hook_user I would recommend adding a submit handler to the user_register form with array_unshift to have it happen before user_register_submit and setting $form_state['values']['name'] there. Then you won't have to use hook_user at all.

Comments

sp3boy’s picture

sp3boy commented

This looks like a serious issue, so I just tried replicating the situation, but could not generate a problem. I ended up with a user id of "lkoqumrzkj" for my user with name "john" and can log in and out with the email address. No confirmation email was used.

Can you suggest a step-by-step test to demonstrate what you think is wrong in practice please?

wwhurley’s picture

wwhurley commented
Status: Active » Closed (fixed)

Ahhh... I see what happened. Between installation of the module and writing this ticket another version was released and I wasn't paying close enough attention. 6.x-1.3 fixes the issue, as described in the notes. Sorry about that.