Index: modules/system/system.install =================================================================== RCS file: /cvs/drupal/drupal/modules/system/system.install,v retrieving revision 1.263 diff -u -p -r1.263 system.install --- modules/system/system.install 6 Sep 2008 08:36:21 -0000 1.263 +++ modules/system/system.install 7 Sep 2008 13:16:18 -0000 @@ -366,12 +366,12 @@ function system_install() { // uid 2 which is not what we want. So we insert the first user here, the // anonymous user. uid is 1 here for now, but very soon it will be changed // to 0. - db_query("INSERT INTO {users} (name, mail) VALUES('%s', '%s')", '', ''); + db_query("INSERT INTO {users} (name, username, mail) VALUES('%s', '%s', '%s')", '', '', ''); // We need some placeholders here as name and mail are uniques and data is // presumed to be a serialized array. Install will change uid 1 immediately // anyways. So we insert the superuser here, the uid is 2 here for now, but // very soon it will be changed to 1. - db_query("INSERT INTO {users} (name, mail, created, data) VALUES('%s', '%s', %d, '%s')", 'placeholder-for-uid-1', 'placeholder-for-uid-1', $_SERVER['REQUEST_TIME'], serialize(array())); + db_query("INSERT INTO {users} (name, username, mail, created, data) VALUES('%s', '%s', '%s', %d, '%s')", 'placeholder-for-uid-1', 'placeholder-for-uid-1', 'placeholder-for-uid-1', $_SERVER['REQUEST_TIME'], serialize(array())); // This sets the above two users uid 0 (anonymous). We avoid an explicit 0 // otherwise MySQL might insert the next auto_increment value. db_query("UPDATE {users} SET uid = uid - uid WHERE name = '%s'", ''); Index: modules/user/user.install =================================================================== RCS file: /cvs/drupal/drupal/modules/user/user.install,v retrieving revision 1.12 diff -u -p -r1.12 user.install --- modules/user/user.install 7 May 2008 19:34:24 -0000 1.12 +++ modules/user/user.install 7 Sep 2008 13:16:18 -0000 @@ -103,6 +103,13 @@ function user_schema() { 'default' => '', 'description' => t('Unique user name.'), ), + 'username' => array( + 'type' => 'varchar', + 'length' => 60, + 'not null' => TRUE, + 'default' => '', + 'description' => t('LOWER() version of {users}.name for login, search performance.'), + ), 'pass' => array( 'type' => 'varchar', 'length' => 128, @@ -198,6 +205,7 @@ function user_schema() { ), 'unique keys' => array( 'name' => array('name'), + 'username' => array('username'), ), 'primary key' => array('uid'), ); @@ -292,6 +300,18 @@ function user_update_7001() { } /** + * Add username column and populate it with lowercased versions of existing names. + */ +function user_update_7002() { + $ret = array(); + db_add_field($ret, 'users', 'username', array('type' => 'varchar', 'length' => 60, 'not null' => TRUE, 'default' => '')); + $ret[] = update_sql("UPDATE {users} SET username = LOWER(name)"); + db_add_unique_key($ret, 'users', 'username', array('username')); + + return $ret; +} + +/** * @} End of "defgroup user-updates-6.x-to-7.x" * The next series of updates should start at 8000. */ Index: modules/user/user.module =================================================================== RCS file: /cvs/drupal/drupal/modules/user/user.module,v retrieving revision 1.918 diff -u -p -r1.918 user.module --- modules/user/user.module 6 Sep 2008 08:36:22 -0000 1.918 +++ modules/user/user.module 7 Sep 2008 13:16:18 -0000 @@ -166,6 +166,10 @@ function user_load($array = array()) { $query[] = "pass = '%s'"; $params[] = $value; } + else if ($key == 'username') { + $query[] = "username = LOWER('%s')"; + $params[] = $value; + } else { $query[]= "LOWER($key) = LOWER('%s')"; $params[] = $value; @@ -234,6 +238,11 @@ function user_save($account, $edit = arr unset($edit['pass']); } + // If username isn't set, populate it with name. + if (empty($edit['username'])) { + $edit['username'] = $edit['name']; + } + if (is_object($account) && $account->uid) { user_module_invoke('update', $edit, $account, $category); $data = unserialize(db_result(db_query('SELECT data FROM {users} WHERE uid = %d', $account->uid))); @@ -264,6 +273,15 @@ function user_save($account, $edit = arr return FALSE; } + // Ensure $user->username is lowercase if it's the same as $user->name. + // We use the database to do the lowercasing to ensure correct searches + // in case of any discrepencies in character handling between the + // database and PHP. + // LOWER() is also slightly faster than mb_strtolower() for this task. + if ($edit['username'] == $edit['name']) { + db_query("UPDATE {users} SET username = LOWER(username) WHERE uid = %d", $account->uid); + } + // Reload user roles if provided. if (isset($edit['roles']) && is_array($edit['roles'])) { db_query('DELETE FROM {users_roles} WHERE uid = %d', $account->uid); @@ -317,6 +335,14 @@ function user_save($account, $edit = arr return FALSE; } + // Ensure $user->username is lowercase if it's the same as $user->name. + // We use the database to do the lowercasing to ensure that there are + // no discrepencies in collation handling between the database and PHP. + // LOWER() is also slightly faster than mb_strtolower() for this task. + if ($edit['username'] == $edit['name']) { + db_query("UPDATE {users} SET username = LOWER(username) WHERE uid = %d", $edit['uid']); + } + // Build the initial user object. $user = user_load(array('uid' => $edit['uid'])); @@ -560,8 +586,8 @@ function user_access($string, $account = * * @return boolean TRUE for blocked users, FALSE for active. */ -function user_is_blocked($name) { - $deny = db_fetch_object(db_query("SELECT name FROM {users} WHERE status = 0 AND name = LOWER('%s')", $name)); +function user_is_blocked($username) { + $deny = db_fetch_object(db_query("SELECT name FROM {users} WHERE status = 0 AND username = LOWER('%s')", $username)); return $deny; } @@ -606,13 +632,13 @@ function user_search($op = 'search', $ke $keys = preg_replace('!\*+!', '%', $keys); if (user_access('administer users')) { // Administrators can also search in the otherwise private email field. - $result = pager_query("SELECT name, uid, mail FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%') OR LOWER(mail) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys, $keys); + $result = pager_query("SELECT name, uid, mail FROM {users} WHERE username LIKE LOWER('%%%s%%') OR LOWER(mail) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys, $keys); while ($account = db_fetch_object($result)) { $find[] = array('title' => $account->name . ' (' . $account->mail . ')', 'link' => url('user/' . $account->uid, array('absolute' => TRUE))); } } else { - $result = pager_query("SELECT name, uid FROM {users} WHERE LOWER(name) LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys); + $result = pager_query("SELECT name, uid FROM {users} WHERE username LIKE LOWER('%%%s%%')", 15, 0, NULL, $keys); while ($account = db_fetch_object($result)) { $find[] = array('title' => $account->name, 'link' => url('user/' . $account->uid, array('absolute' => TRUE))); } @@ -1519,7 +1545,7 @@ function _user_edit_validate($uid, &$edi if ($error = user_validate_name($edit['name'])) { form_set_error('name', $error); } - else if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND LOWER(name) = LOWER('%s')", $uid, $edit['name'])) > 0) { + else if (db_result(db_query("SELECT COUNT(*) FROM {users} WHERE uid != %d AND username = LOWER('%s')", $uid, $edit['name'])) > 0) { form_set_error('name', t('The name %name is already taken.', array('%name' => $edit['name']))); } } Index: modules/user/user.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/user/user.pages.inc,v retrieving revision 1.16 diff -u -p -r1.16 user.pages.inc --- modules/user/user.pages.inc 6 Sep 2008 08:36:22 -0000 1.16 +++ modules/user/user.pages.inc 7 Sep 2008 13:16:18 -0000 @@ -12,7 +12,7 @@ function user_autocomplete($string = '') { $matches = array(); if ($string) { - $result = db_query_range("SELECT name FROM {users} WHERE LOWER(name) LIKE LOWER(:name)", array(':name' => $string .'%'), 0, 10); + $result = db_query_range("SELECT name FROM {users} WHERE username LIKE LOWER(:name)", array(':name' => $string .'%'), 0, 10); while ($user = db_fetch_object($result)) { $matches[$user->name] = check_plain($user->name); } Index: modules/user/user.test =================================================================== RCS file: /cvs/drupal/drupal/modules/user/user.test,v retrieving revision 1.12 diff -u -p -r1.12 user.test --- modules/user/user.test 6 Sep 2008 08:36:22 -0000 1.12 +++ modules/user/user.test 7 Sep 2008 13:16:19 -0000 @@ -39,7 +39,10 @@ class UserRegistrationTestCase extends D $this->assertTrue($user->uid > 0, t('User has valid user id.')); // Check user fields. - $this->assertEqual($user->name, $name, t('Username matches.')); + $this->assertEqual($user->name, $name, t('User name matches.')); + $name = db_result(db_query("SELECT LOWER(name) FROM {users} WHERE uid = %d", $user->uid)); + $username = db_result(db_query("SELECT username FROM {users} WHERE uid = %d", $user->uid)); + $this->assertEqual($name, $username, t('Username matches.')); $this->assertEqual($user->mail, $mail, t('E-mail address matches.')); $this->assertEqual($user->theme, '', t('Correct theme field.')); $this->assertEqual($user->signature, '', t('Correct signature field.')); @@ -50,6 +53,10 @@ class UserRegistrationTestCase extends D $this->assertEqual($user->picture, '', t('Correct picture field.')); $this->assertEqual($user->init, $mail, t('Correct init field.')); + // Attempt to register with a duplicate username. + $this->drupalPost('user/register', $edit, t('Create new account')); + $this->assertRaw(t('The name %name is already taken.', array('%name' => $edit['name'])), t('Duplicate username registration prevented.')); + // Attempt to login with incorrect password. $edit = array(); $edit['name'] = $name; @@ -464,6 +471,68 @@ class UserPermissionsTestCase extends Dr } +class UserSearchTestCase extends DrupalWebTestCase { + /** + * Implementation of getInfo(). + */ + function getInfo() { + return array( + 'name' => t('User search'), + 'description' => t('Tests user integration with the search module.'), + 'group' => t('User') + ); + } + + /** + * Implementation of setUp(). + */ + function setUp() { + parent::setUp('search'); + // Create users. + $this->normal_user = $this->drupalCreateUser(array('access user profiles', 'search content')); + $this->admin_user = $this->drupalCreateUser(array('administer users', 'search content')); + } + + function testUserSearch() { + // Register a new user for searching. + $edit = array(); + $edit['name'] = $name = $this->randomName(); + $edit['mail'] = $mail = $edit['name'] . '@example.com'; + $this->drupalPost('user/register', $edit, t('Create new account')); + $this->assertText(t('Your password and further instructions have been sent to your e-mail address.'), t('User registered successfully.')); + $this->drupalLogin($this->admin_user); + $this->drupalGet('search/user'); + $this->assertResponse(200, t('User search page exists.')); + + // Search for a username with 'administer users' permission. + $edit = array(); + $edit['keys'] = $name; + $this->drupalPost(NULL, $edit, t('Search')); + $this->assertRaw($name, t('Username search successful.')); + // Email address search. + $this->drupalGet('search/user'); + $edit = array(); + $edit['keys'] = $mail; + $this->drupalPost(NULL, $edit, t('Search')); + $this->assertRaw($name, t('Email search successful.')); + $this->drupalLogout(); + + // Search for a username with 'access user profiles' permission. + $this->drupalLogin($this->normal_user); + $this->drupalGet('search/user'); + $this->assertResponse(200, t('User search page exists.')); + $edit = array(); + $edit['keys'] = $name; + $this->drupalPost(NULL, $edit, t('Search')); + $this->assertRaw($name, t('Username search successful')); + // E-mail address search. + $edit = array(); + $edit['keys'] = $mail; + $this->drupalPost(NULL, $edit, t('Search')); + $this->assertRaw($name, t('Email search does not return results without appropriate permission')); + } +} + class UserAdminTestCase extends DrupalWebTestCase { /** * Implementation of getInfo().