user_nicename should be unique

[claudem]

When registering new users, WP should check that the sanitized version of the username (user_nicename) is unique in the DB. If this check is not made, we can end up with two different users sharing the same user_nicename.

This is a problem if the permalinks are built with author names (/%author%/...). There is potential for ambiguity in this situation if two username result in the same niice name.

Example: "user-1" and "user 1" both get the same nice name: "user-1".

I recommend to make the user_nicename column unique, like user_login.

[claudem]

Of course, there is an issue for ugrades: if there are already duplicate nicenames in wp-users, the script that adds the unique constraint will fail. Therefore, this request may be a documented issue that administrator can enforce by adding a constraint to the users table.

[markjaquith]

That would mean that nicknames have to be unique (well, more than unique). You can't have someone with a nickname of "User" and someone with a nickname of "user" or someone with a nickname of "This User" and somone with a nickname of "this-user"

Maybe it should just work that when you update your profile, it won't let you choose an existing sanitized nickname. Place that already have it will have problems, and they'll be able to fix them the next time they edit their profiles.

[markjaquith]

we also might consider that having the permalink be based on something that can be changed on a whim isn't really such a good idea. These links are far from "perma." Using a sanitized login would be better.

[claudem]

Just to be sure we are understanding each other, I was in fact talking about "nice" name. Not "nick" name. The nicename is not editable and it is the sanitized version of the username.

Thus, this field could be used as a permalink since it cannot change over time. We only have to be sure it is unique.

[charleshooper]

I've added a patch for 2.1 to fix this. The patch adds a nicename_exists() function, which relies on another function I just added: get_userdatabynicename(). This function works the exact same way as get_userdatabylogin() however it checks user_nicename, which is always derived from sanitize_title ( user_login ) .

get_userdatabynicename() does not currently use any caching. I could change that, but I think that is better suited for 2.2 where caching has been fixed up a bit.

[foolswisdom]

Don't update the version, that is the version where it was first reported against. Not that it often matters.

[charleshooper]

Whoops, my bad.

Should the database schema also be modified to create a UNIQUE index on wp_users.user_nicename?

[charleshooper]

Adds user_nicename checks to WP

[charleshooper]

Adds user_nicename checks to WP, with caching

[charleshooper]

For whatever reason my new patch wasn't getting posted (or maybe it was just cached) whenever I tried to upload it with the same filename, so I posted the one labeled wp_check_nicename2.diff, ignore the first one please, I made an error.

[johnbillion]

#3965 has been marked a duplicate of this bug.

[westi]

Current patch does not apply cleanly - removing has-patch

If we are to do the validation of user_nicename it should be done in wp_insert_user I think we a check against the cache/db in there.

[pishmishy]

I think we could use the pre_user_nicename filter to check for uniqueness.

[pishmishy]

We don't use the pre_user_nicename filter, just modify username_exists() to make sure another user doesn't have the same nicename. Adds a function to retrieve user data based on nicename.

I'm not entirely sure how this would effect upgrades to an installation where nice-names are already conflicting, so tagged as needs-testing and dev-feedback.

[pishmishy]

Modifies username_exists() and adds get_user_by_nicename()

[pishmishy]

I'm almost tempted to close this one. A solution has been offered up but there doesn't appear to be too many people calling for it.

[johanee]

wp_cache_add($nicename, 0, 'useremail') should probably be 'usernicename' (if this patch is ever merged...).

[superann]

Replying to pishmishy:

I'm almost tempted to close this one. A solution has been offered up but there doesn't appear to be too many people calling for it.

I'm calling for it! I just ran into this problem, which I wrote about on ​the support forums. Would love to see this fixed as the duplicates prevent access to some author pages via the permalink url for users who registered via the normal process, which I would think should classify as a bug.

[Denis-de-Bernardy]

see also: #9563

[Denis-de-Bernardy]

See also: #9564

[Denis-de-Bernardy]

new patch processes the user nicename in much the same way as post names, to ensure they're unique.

one advantage over previous patches is that this'll continue to work with old installs: the non-unique nicenames will coexist harmlessly, until one of the users with a dup nicename is updated.

[Denis-de-Bernardy]

See also: #4710

[Denis-de-Bernardy]

err, woops, that was #4170

[ryan]

(In [10997]) Make user_nicenames unique. Props Denis-de-Bernardy. fixes #1626