[wp-trac] [WordPress Trac] #58311: Validate Username for not to be a email and strip everything after @
WordPress Trac
noreply at wordpress.org
Thu Jun 8 20:34:56 UTC 2023
#58311: Validate Username for not to be a email and strip everything after @
-------------------------------------------------+-------------------------
Reporter: oglekler | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: Login and Registration | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-testing needs-unit- | Focuses:
tests 2nd-opinion |
-------------------------------------------------+-------------------------
Comment (by knutsp):
My cents.
Since WordPress started to allow login by email, using a shared form and
input field, this is the situation:
Both usernames and user emails are unique. But one user account may have
the exact same username as an other account's email. So, which account are
you trying to log into, which password is to be checked and what user id
to be assigned when successful?
When a shared input field is used, allowing user names (user_login) not
always being distinguishable from an email, is a bug.
User names are also not allowed to change, by default. Users email may
change. Allowing email as user name invites users to create new accounts
when they change email, breaking author archives and order history for
ecommerce.
Creating new usernames that looks like emails, i.e. contains "@", should
not be allowed from next major. Existing user names should not be
affected. No BC break, just fixing a bug that allowed something that
should never have been allowed, at least not after login by email was
introduced.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58311#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list