Suggesting user names
Chris L. Mason
cmason at somanetworks.com
Fri Mar 28 13:18:20 UTC 2003
On Thu, Mar 27, 2003 at 09:39:36PM +0000, Gervase Markham wrote:
> David Miller wrote:
> >Just FYI, 2.17.1 and up already do this. :)
>
> That's not quite true; I think Chris's patch does more fuzzy matching
> than ours, which only matches an exact substring. Chris?
>
Yes, that's correct, although I'm not happy with the method I'm using
right now.
The patch is very short, so I've attached it. (Briefly, the
DBNameToIdAndCheck function will show the list of suggestions if the name
doesn't match, if the "suggest-users" parameter is on.)
As you can see, I'm just using "substr($name,2,4)" to match the login name
or $name to match the fullname. I don't really like this though. Maybe
some kind of regex would be better, although then I worry about the
performance.
Also, I didn't really follow the whole SQL standards thread, but it
*would* be a lot nicer to use something like:
SELECT DISTINCT
login_name, realname
FROM
profiles
WHERE
login_name LIKE :1 OR
realname LIKE :2
Then bind substr($name,2,4) for :1 and $name for :2 in the execution.
(Although, I realize mysql doesn't support :N, so I guess it would have to
be '?')
Is it permitted to use the DBI functions directly instead of using the
SendSQL stuff?
Chris
-------------- next part --------------
===== defparams.pl 1.1 vs edited =====
*** /tmp/defparams.pl-1.1-4134 Thu Feb 27 06:09:10 2003
--- edited/defparams.pl Thu Mar 27 07:47:52 2003
***************
*** 607,610 ****
--- 607,618 ----
"t" ,
'1000');
+ DefParam("suggest-users" ,
+ "This option will perform loose name matching in case a username
+ entered does not match, and will provide the user with a list so
+ that they might find the username they were looking for. This is
+ disabled by default for security and privacy reasons." ,
+ "b",
+ 0);
+
1;
===== globals.pl 1.2 vs edited =====
*** /tmp/globals.pl-1.2-4134 Mon Mar 10 08:51:14 2003
--- edited/globals.pl Fri Mar 28 05:07:03 2003
***************
*** 973,982 ****
return $result;
}
! $name = html_quote($name);
! ThrowUserError("The name <TT>$name</TT> is not a valid username.
Either you misspelled it, or the person has not
registered for a Bugzilla account.");
}
# Use trick_taint() when you know that there is no way that the data
--- 973,1009 ----
return $result;
}
! if (Param('suggest-users')) {
! SuggestUsers($name);
! PutFooter();
! exit(0);
! } else {
! $name = html_quote($name);
! ThrowUserError("The name <TT>$name</TT> is not a valid username.
Either you misspelled it, or the person has not
registered for a Bugzilla account.");
+ }
+ }
+
+ sub SuggestUsers(@) {
+ my ($name) = (@_);
+
+ PushGlobalSQLState();
+ SendSQL("SELECT DISTINCT login_name, realname FROM profiles WHERE " .
+ "login_name LIKE " . SqlQuote('%' . substr($name,2,4) . '%') .
+ " OR realname LIKE " . SqlQuote('%' . $name . '%'));
+
+ print "<p>The name you requested could not be found. Here are " .
+ "some possible alternatives:\n<p>\n" .
+ "<table border=1>\n";
+
+ while((my $login, my $full) = FetchSQLData()) {
+ print "<tr><td>$login</td><td>$full</td></tr>\n";
+ }
+
+ print "</table>\n<p>Please back up and try again.\n";
+
+ PopGlobalSQLState();
}
# Use trick_taint() when you know that there is no way that the data
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.bugzilla.org/pipermail/developers/attachments/20030328/be90287d/attachment.sig>
More information about the developers
mailing list