View Issue Details

IDProjectCategoryView StatusLast Update
0008596mantisbtauthenticationpublic2012-10-27 09:21
Reporterlmeunier Assigned Toatrol  
PrioritynormalSeverityblockReproducibilityalways
Status closedResolutionduplicate 
PlatformOSLinuxOS VersionDebian Sarge
Product Version1.1.0rc2 
Target VersionFixed in Version 
Summary0008596: Unable to log in using username with more than 32 characters
Description

We are using LDAP authentication and usernames are based on email address. A cron job imports LDAP users into Mantis database. Some usernames contain more than 32 characters, so it's not possible to import them in database or log in Mantis.

Additional Information

The attached patch increase the limit on usernames to 64 characters.

TagsNo tags attached.

Relationships

duplicate of 0008017 closeddregad Increase the size of the username field 

Activities

2007-11-21 10:49

 

mantis_username_64.patch (4,472 bytes)
diff -rbup mantis-1.1.0rc2/admin/schema.php /var/www/mantis/admin/schema.php
--- mantis-1.1.0rc2/admin/schema.php	2007-10-14 00:34:56.000000000 +0200
+++ /var/www/mantis/admin/schema.php	2007-11-21 16:23:21.000000000 +0100
@@ -303,7 +303,7 @@ $upgrade[] = Array('CreateTableSQL',Arra
 ",Array('mysql' => 'TYPE=MyISAM', 'pgsql' => 'WITHOUT OIDS')));
 $upgrade[] = Array('CreateTableSQL',Array(config_get('mantis_user_table'),"
   id 			 I  UNSIGNED NOTNULL PRIMARY AUTOINCREMENT,
-  username 		C(32) NOTNULL DEFAULT \" '' \",
+  username 		C(64) NOTNULL DEFAULT \" '' \",
   realname 		C(64) NOTNULL DEFAULT \" '' \",
   email 		C(64) NOTNULL DEFAULT \" '' \",
   password 		C(32) NOTNULL DEFAULT \" '' \",
Only in /var/www/mantis/: config_inc.php
diff -rbup mantis-1.1.0rc2/core/authentication_api.php /var/www/mantis/core/authentication_api.php
--- mantis-1.1.0rc2/core/authentication_api.php	2007-10-19 08:54:58.000000000 +0200
+++ /var/www/mantis/core/authentication_api.php	2007-11-21 16:19:41.000000000 +0100
@@ -521,7 +521,7 @@
 
 <tr class="row-1">
 	<td class="category"><?php echo lang_get( 'username' ); ?></td>
-	<td><input type="text" disabled="disabled" size="32" maxlength="32" value="<?php echo $p_username; ?>" /></td>
+	<td><input type="text" disabled="disabled" size="32" maxlength="64" value="<?php echo $p_username; ?>" /></td>
 </tr>
 
 <tr class="row-2">
diff -rbup mantis-1.1.0rc2/core/user_api.php /var/www/mantis/core/user_api.php
--- mantis-1.1.0rc2/core/user_api.php	2007-10-15 00:35:34.000000000 +0200
+++ /var/www/mantis/core/user_api.php	2007-11-21 16:20:53.000000000 +0100
@@ -216,8 +216,8 @@
 	#  realname can match
 	# Return true if it is, false otherwise
 	function user_is_name_valid( $p_username ) {
-		# The DB field is only 32 characters
-		if ( strlen( $p_username ) > 32 ) {
+		# The DB field is only 64 characters
+		if ( strlen( $p_username ) > 64 ) {
 			return false;
 		}
 
diff -rbup mantis-1.1.0rc2/login_page.php /var/www/mantis/login_page.php
--- mantis-1.1.0rc2/login_page.php	2007-10-14 00:33:18.000000000 +0200
+++ /var/www/mantis/login_page.php	2007-11-21 16:21:09.000000000 +0100
@@ -98,7 +98,7 @@
 		<?php echo lang_get( 'username' ) ?>
 	</td>
 	<td width="75%">
-		<input type="text" name="username" size="32" maxlength="32" />
+		<input type="text" name="username" size="32" maxlength="64" />
 	</td>
 </tr>
 <tr class="row-2">
diff -rbup mantis-1.1.0rc2/lost_pwd_page.php /var/www/mantis/lost_pwd_page.php
--- mantis-1.1.0rc2/lost_pwd_page.php	2007-10-14 00:33:20.000000000 +0200
+++ /var/www/mantis/lost_pwd_page.php	2007-11-21 16:21:31.000000000 +0100
@@ -56,7 +56,7 @@
 		<?php echo lang_get( 'username' ) ?>
 	</td>
 	<td width="75%">
-		<input type="text" name="username" size="32" maxlength="32" />
+		<input type="text" name="username" size="32" maxlength="64" />
 	</td>
 </tr>
 <tr class="row-2">
diff -rbup mantis-1.1.0rc2/manage_user_create_page.php /var/www/mantis/manage_user_create_page.php
--- mantis-1.1.0rc2/manage_user_create_page.php	2007-10-14 00:33:52.000000000 +0200
+++ /var/www/mantis/manage_user_create_page.php	2007-11-21 16:21:49.000000000 +0100
@@ -46,7 +46,7 @@
 		<?php echo lang_get( 'username' ) ?>
 	</td>
 	<td width="75%">
-		<input type="text" name="username" size="32" maxlength="32" />
+		<input type="text" name="username" size="32" maxlength="64" />
 	</td>
 </tr>
 <tr <?php echo helper_alternate_class() ?>>
diff -rbup mantis-1.1.0rc2/manage_user_edit_page.php /var/www/mantis/manage_user_edit_page.php
--- mantis-1.1.0rc2/manage_user_edit_page.php	2007-10-14 00:33:54.000000000 +0200
+++ /var/www/mantis/manage_user_edit_page.php	2007-11-21 16:22:05.000000000 +0100
@@ -59,7 +59,7 @@
 		<?php echo lang_get( 'username' ) ?>:
 	</td>
 	<td width="70%">
-		<input type="text" size="16" maxlength="32" name="username" value="<?php echo $t_user['username'] ?>" />
+		<input type="text" size="16" maxlength="64" name="username" value="<?php echo $t_user['username'] ?>" />
 	</td>
 </tr>
 
diff -rbup mantis-1.1.0rc2/signup_page.php /var/www/mantis/signup_page.php
--- mantis-1.1.0rc2/signup_page.php	2007-10-14 00:34:30.000000000 +0200
+++ /var/www/mantis/signup_page.php	2007-11-21 16:22:16.000000000 +0100
@@ -48,7 +48,7 @@
 		<?php echo lang_get( 'username' ) ?>:
 	</td>
 	<td width="70%" colspan="2">
-		<input type="text" name="username" size="32" maxlength="32" />
+		<input type="text" name="username" size="32" maxlength="64" />
 	</td>
 </tr>
 <tr class="row-2">
mantis_username_64.patch (4,472 bytes)
vboctor

vboctor

2007-11-21 12:08

manager   ~0016257

Thanks lmeunier for your contribution.

The 64 limit sounds reasonable. However, since we possibly allow email addresses as user names, we might as well allow 250 characters.

Given that in some installations administrators may want to limit the max length of a user name to make sure it is compatible with another length in another application, we may want to consider a configurable max length that we retrieve via config_get_global(). If we do so, then the default max length should be 64.

garethrandall

garethrandall

2007-12-20 06:48

reporter   ~0016470

Commenting on the patch: This includes the hard-coded value of 64 in to 8 separate places in the PHP pages.

A global variable would be better, so that it only has to be changed in one place.

vboctor

vboctor

2007-12-20 12:17

manager   ~0016483

I agree about garethrandall's comment. We should use a constant everywhere, but not in the schema file. I worry that people will change the constant without understanding the effect on the schema.

Hence, I think the schema should allow a VARCHAR(250) and the constant or even a config option should control the max allowed user name which has to be <= 250.

vboctor

vboctor

2009-05-20 02:58

manager   ~0021855

This is no longer targeted for 1.2.x. Given the constants added by Paul, it should be very easy for someone to patch their installation. Eventually, we should add a db schema upgrade step that would increase the field width and change the constant accordingly.

Related Changesets

MantisBT: master 80bcdfc5

2008-11-30 13:05:12

Paul Richards

Details Diff
add constants for USER/PASS/REAL length ( partially raised in 0008596: Unable to log in using username with more than 32 characters ) Affected Issues
0008596
mod - core/constant_inc.php Diff File
mod - manage_user_create_page.php Diff File
mod - signup_page.php Diff File
mod - core/authentication_api.php Diff File
mod - login_page.php Diff File
mod - core/user_api.php Diff File
mod - lost_pwd_page.php Diff File
mod - manage_user_edit_page.php Diff File
mod - account_page.php Diff File

Issue History

Date Modified Username Field Change
2007-11-21 10:49 lmeunier New Issue
2007-11-21 10:49 lmeunier File Added: mantis_username_64.patch
2007-11-21 12:08 vboctor Note Added: 0016257
2007-11-21 12:08 vboctor Status new => acknowledged
2007-11-21 12:09 vboctor Target Version => 1.2.0
2007-12-20 06:48 garethrandall Note Added: 0016470
2007-12-20 12:17 vboctor Note Added: 0016483
2008-07-12 18:19 giallu Target Version => 1.2.0
2008-11-30 11:09 Changeset attached master 80bcdfc5 =>
2009-05-20 02:58 vboctor Note Added: 0021855
2009-05-20 02:58 vboctor Target Version 1.2.2 =>
2012-10-12 18:40 atrol Relationship added duplicate of 0008017
2012-10-12 18:40 atrol Status acknowledged => resolved
2012-10-12 18:40 atrol Resolution open => duplicate
2012-10-12 18:40 atrol Assigned To => atrol
2012-10-27 09:21 atrol Status resolved => closed