I had a weird problem with Drupal the other day.

I'm using a module I wrote which uses the views_query_alter() hook to change a views' query from doing "node.title = blah" to "node.title like blah" for a super-simple search engine. Should be simple enough. Well, it turned out that people testing it were having erratic results depending on what they tried to search. At first it was thought that the search was not being case insensitive because searching for "silly" returned no results while searching for "Silly" worked fine, but the database tables were configured correctly (MySQL, table collation set to "utf8_general_ci"), so it had to be something else.

The original query WHERE statement was "node.title = '%s'", so I wrote a function that looked something like this:

function mymodule_views_query_alter(&$query, $view, $summary, $level) {
if ($view->name == 'mycustomsearch') {
$query->where[2] = "node.title like '%%%s%%'";
}
}

Normally this would be processed by the Views module and would turn the query WHERE statement into "node.title like '%silly%'", which is what we wanted. Except that in certain circumstances it wasn't happening like that.

After some digging, thanks to the Devel module, I discovered that the query was actually ending up as "node.title like 'nodeilly%'" if the word entered was "silly". You'll note, first off, that instead of the first percentage sign it says "node". You'll also note that the first "s" is missing. As soon as I saw this I realized what was going on - somewhere the Views module was ending up with the string "node.title like '%silly%'" and for some reason the "%s" part was getting replaced with the table name, i.e. "node". Go figure.

So then came the fix.

As I was in a slight time crunch I didn't feel I had the time to dig further unto the Views code to work out a fix, so for now I just searched for alternative SQL syntax. This seemed odd to me, though, as I was basically looking for another way in MySQL for doing an SQL "LIKE" statement. As it turns out, there is another way - regular expressions.

MySQL supports a set of commands for doing regular-expression-based comparisons using the command REGEXP or RLIKE (one is an alias for the other). The syntax ended up like the following:

$query->where[1] = "node.title rlike '.*%s.*'";

Before I could unleash that upon the world I wanted to filter the input a bit more to avoid potential for security problems. In a rather heavy-handed fashion I set the input string to be filtered as follows, which only allows numbers, letters and spaces through:

$query->where_args[4] = ereg_replace("[^A-Za-z0-9 ]", "", trim($query->where_args[$]));

Putting it all together I finally had a search engine that finally let people search for the word "silly". Go figure.

Note: I do intend delving into the code to work out a hopeful fix for the root problem rather than a workaround in my module, but I felt completing the project sooner was more important than having a 100% correct fix, which will come later.

I've personal never understood the point of having a username for web sites when 99% of them also require an email address that is unique to you - just use the email address! In the world of Rails development many developers use the excellent restful_authentication to provide the user login structure, but again out of the box it uses a username. Silly thing. So instead, here's how to make restful_authentication sit rather happy with just an email address.

The first issue is the create_users migration. By default a :login attribute is added which can be simply removed - yes, that's it. Next off is the User model. The first part of this is to remove all references to "login" from the validation statements, so e.g. instead of validates_presence_of :login, :email you have validates_presence_of :email

The second part is a little tricker: all methods that use :login have to be changed to use :email, e.g. the encrypt_password() method uses the login to make the security a little stronger, and, more importantly, the self.authentication() method is based off :login.

Once those changes have been done you can proceed to the next step. The next step is to update the views, both the users/new.rhtml and sessions/new.rhtml files need to tweaked. For users/new.rhtml just remove the paragraph that has the login field and you're done. For the sessions/new.rhtml file you need to replace all references of "login" to "email". The final part is to update the sessions controller, and once again just replace "login" with "email". That should do it. Now load up your app and enjoy simpler authentication!

Bonus Tip:

Now, make your user model even more useful and add first_name and last_name fields to the migration and app/views/user/new.rhtml file. One little thing to watch for - due to how restful_authentication works you'll want to also add those two fields to the attr_accessible line in your User.rb model file. Other than that, you'll make life much easier for both you and your users.