View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0008596mantisbtauthenticationpublic2007-11-21 10:492012-10-27 09:21
Reporterlmeunier Assigned Toatrol  
PrioritynormalSeverityblockReproducibilityalways
Status closedResolutionduplicate 
OSLinuxOS VersionDebian Sarge 
Product Version1.1.0rc2 
Summary0008596: Unable to log in using username with more than 32 characters
Description

We are using LDAP authentication and usernames are based on email address. A cron job imports LDAP users into Mantis database. Some usernames contain more than 32 characters, so it's not possible to import them in database or log in Mantis.

Additional Information

The attached patch increase the limit on usernames to 64 characters.

TagsNo tags attached.
Attached Files
mantis_username_64.patch (4,472 bytes)    
diff -rbup mantis-1.1.0rc2/admin/schema.php /var/www/mantis/admin/schema.php
--- mantis-1.1.0rc2/admin/schema.php	2007-10-14 00:34:56.000000000 +0200
+++ /var/www/mantis/admin/schema.php	2007-11-21 16:23:21.000000000 +0100
@@ -303,7 +303,7 @@ $upgrade[] = Array('CreateTableSQL',Arra
 ",Array('mysql' => 'TYPE=MyISAM', 'pgsql' => 'WITHOUT OIDS')));
 $upgrade[] = Array('CreateTableSQL',Array(config_get('mantis_user_table'),"
   id 			 I  UNSIGNED NOTNULL PRIMARY AUTOINCREMENT,
-  username 		C(32) NOTNULL DEFAULT \" '' \",
+  username 		C(64) NOTNULL DEFAULT \" '' \",
   realname 		C(64) NOTNULL DEFAULT \" '' \",
   email 		C(64) NOTNULL DEFAULT \" '' \",
   password 		C(32) NOTNULL DEFAULT \" '' \",
Only in /var/www/mantis/: config_inc.php
diff -rbup mantis-1.1.0rc2/core/authentication_api.php /var/www/mantis/core/authentication_api.php
--- mantis-1.1.0rc2/core/authentication_api.php	2007-10-19 08:54:58.000000000 +0200
+++ /var/www/mantis/core/authentication_api.php	2007-11-21 16:19:41.000000000 +0100
@@ -521,7 +521,7 @@
 
 <tr class="row-1">
 	<td class="category"><?php echo lang_get( 'username' ); ?></td>
-	<td><input type="text" disabled="disabled" size="32" maxlength="32" value="<?php echo $p_username; ?>" /></td>
+	<td><input type="text" disabled="disabled" size="32" maxlength="64" value="<?php echo $p_username; ?>" /></td>
 </tr>
 
 <tr class="row-2">
diff -rbup mantis-1.1.0rc2/core/user_api.php /var/www/mantis/core/user_api.php
--- mantis-1.1.0rc2/core/user_api.php	2007-10-15 00:35:34.000000000 +0200
+++ /var/www/mantis/core/user_api.php	2007-11-21 16:20:53.000000000 +0100
@@ -216,8 +216,8 @@
 	#  realname can match
 	# Return true if it is, false otherwise
 	function user_is_name_valid( $p_username ) {
-		# The DB field is only 32 characters
-		if ( strlen( $p_username ) > 32 ) {
+		# The DB field is only 64 characters
+		if ( strlen( $p_username ) > 64 ) {
 			return false;
 		}
 
diff -rbup mantis-1.1.0rc2/login_page.php /var/www/mantis/login_page.php
--- mantis-1.1.0rc2/login_page.php	2007-10-14 00:33:18.000000000 +0200
+++ /var/www/mantis/login_page.php	2007-11-21 16:21:09.000000000 +0100
@@ -98,7 +98,7 @@
 		<?php echo lang_get( 'username' ) ?>
 	</td>
 	<td width="75%">
-		<input type="text" name="username" size="32" maxlength="32" />
+		<input type="text" name="username" size="32" maxlength="64" />
 	</td>
 </tr>
 <tr class="row-2">
diff -rbup mantis-1.1.0rc2/lost_pwd_page.php /var/www/mantis/lost_pwd_page.php
--- mantis-1.1.0rc2/lost_pwd_page.php	2007-10-14 00:33:20.000000000 +0200
+++ /var/www/mantis/lost_pwd_page.php	2007-11-21 16:21:31.000000000 +0100
@@ -56,7 +56,7 @@
 		<?php echo lang_get( 'username' ) ?>
 	</td>
 	<td width="75%">
-		<input type="text" name="username" size="32" maxlength="32" />
+		<input type="text" name="username" size="32" maxlength="64" />
 	</td>
 </tr>
 <tr class="row-2">
diff -rbup mantis-1.1.0rc2/manage_user_create_page.php /var/www/mantis/manage_user_create_page.php
--- mantis-1.1.0rc2/manage_user_create_page.php	2007-10-14 00:33:52.000000000 +0200
+++ /var/www/mantis/manage_user_create_page.php	2007-11-21 16:21:49.000000000 +0100
@@ -46,7 +46,7 @@
 		<?php echo lang_get( 'username' ) ?>
 	</td>
 	<td width="75%">
-		<input type="text" name="username" size="32" maxlength="32" />
+		<input type="text" name="username" size="32" maxlength="64" />
 	</td>
 </tr>
 <tr <?php echo helper_alternate_class() ?>>
diff -rbup mantis-1.1.0rc2/manage_user_edit_page.php /var/www/mantis/manage_user_edit_page.php
--- mantis-1.1.0rc2/manage_user_edit_page.php	2007-10-14 00:33:54.000000000 +0200
+++ /var/www/mantis/manage_user_edit_page.php	2007-11-21 16:22:05.000000000 +0100
@@ -59,7 +59,7 @@
 		<?php echo lang_get( 'username' ) ?>:
 	</td>
 	<td width="70%">
-		<input type="text" size="16" maxlength="32" name="username" value="<?php echo $t_user['username'] ?>" />
+		<input type="text" size="16" maxlength="64" name="username" value="<?php echo $t_user['username'] ?>" />
 	</td>
 </tr>
 
diff -rbup mantis-1.1.0rc2/signup_page.php /var/www/mantis/signup_page.php
--- mantis-1.1.0rc2/signup_page.php	2007-10-14 00:34:30.000000000 +0200
+++ /var/www/mantis/signup_page.php	2007-11-21 16:22:16.000000000 +0100
@@ -48,7 +48,7 @@
 		<?php echo lang_get( 'username' ) ?>:
 	</td>
 	<td width="70%" colspan="2">
-		<input type="text" name="username" size="32" maxlength="32" />
+		<input type="text" name="username" size="32" maxlength="64" />
 	</td>
 </tr>
 <tr class="row-2">
mantis_username_64.patch (4,472 bytes)   

Relationships

Relationship GraphDependency Graph
duplicate of 0008017 closeddregad Increase the size of the username field 

Activities

vboctor

vboctor

2007-11-21 12:08

manager   ~0016257

Thanks lmeunier for your contribution.

The 64 limit sounds reasonable. However, since we possibly allow email addresses as user names, we might as well allow 250 characters.

Given that in some installations administrators may want to limit the max length of a user name to make sure it is compatible with another length in another application, we may want to consider a configurable max length that we retrieve via config_get_global(). If we do so, then the default max length should be 64.
garethrandall

garethrandall

2007-12-20 06:48

reporter   ~0016470

Commenting on the patch: This includes the hard-coded value of 64 in to 8 separate places in the PHP pages.

A global variable would be better, so that it only has to be changed in one place.
vboctor

vboctor

2007-12-20 12:17

manager   ~0016483

I agree about garethrandall's comment. We should use a constant everywhere, but not in the schema file. I worry that people will change the constant without understanding the effect on the schema.

Hence, I think the schema should allow a VARCHAR(250) and the constant or even a config option should control the max allowed user name which has to be <= 250.
vboctor

vboctor

2009-05-20 02:58

manager   ~0021855

This is no longer targeted for 1.2.x. Given the constants added by Paul, it should be very easy for someone to patch their installation. Eventually, we should add a db schema upgrade step that would increase the field width and change the constant accordingly.

Related Changesets

MantisBT: master 80bcdfc5

2008-11-30 08:05

Paul Richards


Details Diff		 add constants for USER/PASS/REAL length ( partially raised in 0008596: Unable to log in using username with more than 32 characters ) Affected Issues
0008596
mod - core/constant_inc.php Diff File
mod - manage_user_create_page.php Diff File
mod - signup_page.php Diff File
mod - core/authentication_api.php Diff File
mod - login_page.php Diff File
mod - core/user_api.php Diff File
mod - lost_pwd_page.php Diff File
mod - manage_user_edit_page.php Diff File
mod - account_page.php Diff File