symfony framework forum

[myuser]

I tried registering a couple accounts with this plugin and found something strange.

Created account 1 with username: myuser
Created account 2 with username: Myuser

And sfGuard had no problem with this. I have found most sites with user accounts do not have case sensitive usernames.
Has anyone else tried this and found this to be a problem?

[glow]Thanks![/glow]

[myuser]

I replied again because I changed the subject of this post to make it more clear.

Is anyone else experiencing this case sensitive problem?

[maastermedia]

Yes, you are correct. Usernames should definitely be case insensitive. Obviously sfDoctrineGuardPlugin manages usernames case sensitively by default. Nevertheless you can always overwrite setUsername and checkPassword methods according to your needs. Check:
http://trac.symfony-project.org/browser ... .class.php

You have an option to create your own callable when checking password and setUsername method of model can be overwritten in your project model - sfGuardUser.

[myuser]

Thanks for the reply and all the good tips. I will definitely follow your recommendation.

Are you sure this is right? If you are correct this seems to be a massive failure for sfGuard. Registration is case-sensitive, but the login is not case-sensitive.

Here is an example.
1. I register the user "Myuser"
2. Immedately after, I login successfully with the username: myuser

Holy crap this is the same for emails as well.. according to sfguard a@b.com is not the same email as A@b.com which is definitely wrong. I have no idea how this has slipped through the cracks until now?!

[myuser]

This may be a sfApply issue actually. You confirmed what I am saying is true so either way I think this needs more attention. I am going to post this on the list.

[maastermedia]

Sorry obviously I was mistaken! Now I've checked in my installation and registration is case sensitive. Login is case insensitive. This is all good. Check how to retrieve user from database based on username:
http://trac.symfony-project.org/browser ... ss.php#L21

Sorry for confusion.

[myuser]

No problem at all, but how is this "all good" they need to match! If registration is case sensitive then login needs to be case sensitive as well.

Don't you agree having these match needs to be the case or else data will become unnormalized?

There can be 1,2,3, 50 different combinations of myuser and only one can login. How is that ok...

[maastermedia]

Well it all depends on your requirements, however in most cases of web application publicly available there must be user friendlyness present. User cannot be bothered by entering exact username at login. This kind of behavior is added value for usability.

Maybe I was not clear with registration. Registration validation does check for username in case insensitive way, so you will never have two equal usernames (myUser and Myuser) in database.

[myuser]

Oh ok, So the fact that I can register Myuser then myuser is a problem on my end then. The registration is done by sfDoctrineApply so I take it you have that module installed and can confirm that you cannot register a user called "myuser" and then register another user called "Myuser" right after with success?

Sorry for being this dead horse into the ground. I went bonkers when I was able to register the exact same username and emails just by changing the character case.

[maastermedia]

I didn't check for sfDoctrineApplyPlugin, however I think it should be taken care of, yes.

[myuser]

I apologize for the runaround maastermedia the problem appears to be none other than my own. Believe it or not my schema did not have unique requirements on these fields. oops! I hope there is some way I can help you out in the future.