Affects Version/s: 3.0.2
Component/s: User management
Follow the steps to reproduce and make sure you reach the expected behaviour. Please note that the patched version will not normally let you register user with empty name (this is now covered with new Behat tests). You will probably want to set firstname or lastname to something like single space character directly via database.
- Follow the steps to reproduce and make sure you reach the expected behaviour.
- Please note that the patched version will not normally let you register user with empty name (this is now covered with new Behat tests). You will probably want to set firstname or lastname to something like single space character directly via database.
Fixed Branches:MOODLE_29_STABLE, MOODLE_30_STABLE
Pull from Repository:
Pull Master Branch:
Pull Master Diff URL:
We first experienced this on moodle.org a year ago when a user account was mysteriously deleted after couple of days. We were able to trace it down to the fact that the account had been registered with empty lastname and it was then deleted as incomplete. It was still unclear how such an account could have been created.
This happened now again with another user and luckily Helen Foster realized that there is a bug in the user registration form, allowing users to register with a space instead of first name and/or last name.
The problem is that MySQL does not consider trailing whitespace as significant when comparing CHAR and VARCHAR strings with = operator - https://dev.mysql.com/doc/refman/5.7/en/string-comparison-functions.html
So on MySQL, the SQL condition WHERE lastname = '' OR firstname = '' matches these accounts with space and they are deleted by delete_incomplete_users_task.
- You need MySQL site to reproduce this.
- Allow self-registration on the site.
- Register as a new user, use space (" ") instead of the first name and the last name.
- Confirm the account (either manually or via the email).
- Log in as the newly registered user (so that there is "Last access" set).
- Set $CFG->deleteincompleteusers = 1/3600; in the config.php file temporarily (this is a hacky trick allowing us not to wait).
- Execute the delete_incomplete_users_task $ sudo -u apache php admin/tool/task/cli/schedule_task.php --execute='\core\task\delete_incomplete_users_task'
- Moodle should not allow to register with empty first name or empty last name
- To prevent removal of existing accounts, the task should not delete accounts that were already created with whitespace instead of the proper value.
- Moodle allows to register with empty names.
- Such accounts are silently deleted if "Delete incomplete users after" (deleteincompleteusers) is defined, even if they are properly used as real user accounts.