PW21 Installation "issue"

[Pete]

Okay, so it's not the end of the world or anything, but when I installed the latest version of v2.1 it complained when I tried to create a user account that had uppercase letters in it.

Any chance this could be made a little less strict - it let me type my name in v2

[ryan]

The reason for this is that users in PW 2.1 are actually pages, and page names are kept lowercase for URL consistency. Some servers are case sensitive and some are not, so the only way to guarantee cross-server compatibility is enforcing lowercase. I like the idea of having either case for usernames, but it may involve a lot of changes underneath. I'll keep an eye on future opportunities to have U&LC in the usernames.

[Pete]

No worries.

Although I realise 2.1 isn't "final" yet, a simple alteration to avoid confusion would be for the message to specify that you can't use uppercase letters as at first I thought I'd got a space or other random character in the username before trying lowercase letters.

[Adam Kiss]

I actually think there is no need for any message – I don't know about you, but I'm not expecting from software to have and/or allow differently cased users (e.g. Pete, pete, pEtE). I would just change it to lowercase and leave it as it is, i.e. create and continue, without any message.

[ryan]

This is something I just don't have much knowledge on. I've never maintained a user account on any site that was anything but lowercase, so the thought just never came up. What do other systems do in this regard? Are U&LC usernames common, or is lowercase fairly standard?

[Pete]

It gets trickier than that with other software - the majority of forum software allows some symbols as well and even character codes to create funky member names in some cases.

Certainly uppercase, lowercase and numbers are the norm from what I've used in the past.

[ryan]

Thanks, that's good to know. Currently, since user names are page names, they are bound by the same rules, so that means that user names can contain these characters:

a-z

0-9

dash "-"

period "."

underscore "_"

If it's a straightforward matter to add uppercase letters to that in the future too, we'll certainly do it. Also wanted to mention that the characters above are just for the login name itself. You can add other fields to the 'user' template to support any other data you want to store… In your case, I'm thinking you might want to add a 'display_name' field or something like that.  If you wanted to, you could even construct your site's front-end login to disregard PW's login name completely (though you'd still have to set it to something behind the scenes, perhaps to the user's ID number).

[Pete]

That's good to know.

Just another quick on on picking a username and password when installing - when I typed in the password it was a normal input field and not a password one (as in the password was displayed in plain text).

Not sure if this was in v2 or v2.1 as I've installed both in the last 24 hours, but it's worth double-checking that code just in case - the stupid autocomplete built into Firefox picked the field contents up right away and stored it so that's not good.

[ryan]

I didn't use a password field on the installer just because I wanted them to be sure they had typed it in correctly. After all, if you type it in wrong here you won't ever be able to login to your PW admin. So I wanted to make sure they could see what they were typing (at least, I like to). But perhaps a better solution would be to just make them type it twice (2 password fields).

[Adam Kiss]

I would leave it that way. After all, passwords are always (unless site is visited via https) sent as a plain text (first time). The only thing the 'password' input does is that it hides the password, so anyone looking over your shoulder can't see the password. And you would hardly install CMS on your server on a public computer.

[apeisa]

I think that double password fields would be little better, minor issue though (although password value stored to firefox autocomplete is a bit stressing..). If not, at least mention that it will be displayed (you might want to use some common password if you creating test installation and there might be coworkers or some other people watching over shoulder). Although same issue would be on db password and I think it is easier (and of course faster since only one input required) when you really see what you have typed.

About usernames: I agree with Adam here. I don't think that there is need for having more complicated usernames, since extending user profiles is super easy. So I would accept "aPeisa" and just convert it to "apeisa" everytime user logs in or creates new users.

[slkwrm]

+1 for double check password field. First impression is crucial and such an unusual behaviour can bring a little minus in PW's karma for some develpers.

[Pete]

Yup - it wasn't a major issue for me, just a little unexpected.