Reply New Topic
2010/12/21 16:21:18
#1
Offline
Home away from home

ERROR: Invalid Username - Is it?

I put in:

Display Name: tester
Login Name: terster

(the extra r is meant to be there)

And get:

ERROR: Invalid Username

So what does this mean, is the display name or is the login name invalid, because the end user sees is the username is but non of those those two options on the form are called username. Confusing to the end user, its not consistent.

Also what is an invalid, is the name taken, is it not longer enough, to long or is it a reserved name or a banned name? Perhaps the system could suggest an alternative as well?

It really doesn't tell the end user anything at all so how would they know how to proceed?


2010/12/21 16:40:13
#2
Offline
Home away from home

Re: ERROR: Invalid Username - Is it?

i think it means login name can't be the same as display name. haven't looked at the code tho. but i think that's why.

_________________
Live as if you were to die tomorrow, Learn as if you were to live forever

The beauty of a living thing is not the atoms that go into it, but the way those atoms are put together!

2010/12/22 4:35:29
#3
Offline
Home away from home

Re: ERROR: Invalid Username - Is it?

I've used the same login/username on some local installs without a problem, must be something else.


2011/1/8 17:59:19
#4
Offline
Home away from home

Re: ERROR: Invalid Username - Is it?

Ha ha, I just rediscovered this, Vaughan had issues registering at a website last week because of this exact same issue.

Vaughan do to care to share your experience and opinion on this? lol


2011/1/8 20:40:11
#5
Offline
Home away from home

Re: ERROR: Invalid Username - Is it?

The text 'ERROR: Invalid Username' is the text for _US_INVALIDNICKNAME, which is used in 3 places in the core

1 - kernel/user.php, line 826
2 - kernel/user.php, line 835
3 - edituser.php, line 96

In #1, the uname field is checked against the stopspammer list
In #2, the login_name is tested to see if it is empty, or if the config setting for username filtering is met by login_name
In #3, uname is checked to be sure it isn't blank

_________________

Steve Twitter: @skenow Facebook: Steve Kenow


2011/1/9 5:33:57
#6
Offline
Home away from home

Re: ERROR: Invalid Username - Is it?

my experience on Tim's site when i tried registering was that it wasn't clearly defined as to what the problem exactly was.

i couldn't register, and didn't know why. but the term invalid username just doesn't give enough detail, that and it is very confusing because we DON't have a username on any registration form.

we have Display Name & Login Name. but the error says invalid Username! so which of those was invalid? psychic head on.

it turned out it was the display name that was invalid & not the login name.

now i know that can easily be sorted by changed the Language definition, shouldn't be a problem then.

then there's the issue of external scripts, i couldn't login to a site, because the site was using uname, which is actually displayname, so i had to login using displayname and not login name. very confusing.

now onto my opinions regarding this matter, and some may disagree with what i'm about to say.

I think having Login Name & Display name is completely unneccessary, i was against it then, and i'm afraid, it hasn't changed my opinion since. i honestly can't see where the extra benefits of having them are in terms of security.

Brute force??? hmmm yeah, an unknown login name prevents it. but as far as i can tell, that is the ONLY reason for it.

silently locking the account after 3 or 5 failed attempts (either with a timer that can be set in admin, or via email asking the owner to confirm via clicking a link in the email to unlock is FAR Superior method at stopping brute force.)

my proposal to this argument.

1. ICMS users can actually log in to the system using their email address!!! <do people know this???>

2. get rid of the login name completely, just have display name for display purposes!

3. users would then use their email address/open id to login to their sites with, this can already be done anyway, so no coding changes are required on that part!.

4. create a function where after x failed attempts, the account is locked (either silently or with a notice) for either x amount of time or via an email sent to the users account which they have to confirm to unlock the account, or via admin unlocking it for them)

5. Problem Solved!

_________________
Live as if you were to die tomorrow, Learn as if you were to live forever

The beauty of a living thing is not the atoms that go into it, but the way those atoms are put together!

2011/1/9 6:27:32
#7
Offline
Home away from home

Re: ERROR: Invalid Username - Is it?

I would like to be able to login with email address


2011/1/9 6:41:36
#8
Offline
Home away from home

Re: ERROR: Invalid Username - Is it?

that's the point david. since icms 1.1 you CAN login with your email address instead of login name. i added email address login to icms 1.1 though i think it required a bugfix which i think i did in 1.1.1 or 1.1.2. but the feature is already there.

EDIT: yep it's still functioning, i just logged out of this site, and logged back in using my email address.

_________________
Live as if you were to die tomorrow, Learn as if you were to live forever

The beauty of a living thing is not the atoms that go into it, but the way those atoms are put together!

Reply New Topic extras
 Previous Topic   Next Topic
You can view topic.
You can start a new topic.
You can reply to posts.
You cannot edit your posts.
You cannot delete your posts.
You cannot add new polls.
You cannot vote in polls.
You cannot attach files to posts.
You can post without approval.