• Rob Swindell's avatar
    Use a more-liberal username matching algorithm · 00c56b2a
    Rob Swindell authored
    - Ignore all non-trailing non-alphanumeric characters when comparing a string against a user's name. Previously, spaces and dots and underscores were mostly-treated as equivalent and white-space was sometimes compressed for comparison purposes (if the user name contained both spaces and dots). This updated algo helps to insure that deliberate or accidental name collisions cannot be created but also aids usability (e.g. users can make some minor cosmetic adjustments to their user name and still be considered the "same user" for most comparison purposes).
    - Terminate the comparison string at an '@' (ignore everything after). This resolves the FAQ of why users can't login with "username@domain" and aides some other username/address matching algorithms (e.g. in the mailserver). '@'s are illegal characters for usernames already.
    Expose the new algorithm via new function matchusername().
    Use the algorithm in matchuser() and lookup_user().
    Unrelated: don't lower-case the 'localuser' part of email addresses in  usermailaddr() - cosmetic only.
userdat.c 98.4 KB