[ic] Blank usernames and new_account

[Chris Jesseman]

Hi

I just had a situation on a IC 4.6.4 (based on construct) cart where the 
username.counter file was set to an earlier number (by a version control 
mishap) and IC was being asked to create a userid that already existed. When 
customers ordered, IC created an empty username in the mysql database, which 
was reused for subsequent orders where a userid was not supplied by the user. 
The reuse caused a leak of some data, as described in earlier 'blank username' 
incidents reported on the list. No errors are logged when the create fails. 

Should there be some failsafe in new_account (or somewhere) to prevent '' from 
ever being used as a username?

-- 
Chris Jesseman