Creating a new user should always check if handle already exists - Make handle unique?!

[q2apro]

I used a plugin that generates userhandles and inserts them. It happened, that users simultaneously signed up and the plugin checked if the userhandle does not exist, which was true for both, then used function qa_db_user_create() to create the new user. Hence, the user handle was assigned twice and even the email was there twice!

Starting questions:

1. Why in qa_users the column handle is not unique?
2. Why in qa_users the column email is not unique?

Code question:

3. Should we change the function qa_db_user_create() so it does something like:

    INSERT INTO `^users` 
    (created, loggedin, createip, email, passhash, level, handle, loginip) 
    SELECT NOW(), NOW(), UNHEX($), $, $, #, $, UNHEX($)
    FROM DUAL 
    WHERE NOT EXISTS (
        SELECT 1 
        FROM `qa_users` 
        WHERE email = $
        OR handle = $
    )

// is "0" IF NO ENTRY WAS CREATED
$userid_new = qa_db_last_insert_id();

4. Should we make handle and email unique and then catch somehow the error that is casted by MySQL with INSERT INTO.

[q2apro]

This is not only a plugin issue. If two users register the same time with question2answer, having the same email or/and the same username, two user accounts would be created.

I have set handle and email to unique:

In general, it is irresponsible to allow two userhandles because they can be used for a login - and user A could access the data of user B.

[arjunsuresh]

I think this makes sense. Thank you for raising this issue.