Duplicate E-mail Addresses
Posted: Mon Jan 30, 2012 8:02 pm
Greetings,
I just stumbled across a little loophole that I want to bring to your attention.
I do not allow duplicate email addresses on my site and have that system setting set to "no" on my server. However, I just noticed that players could use Account/Change Info, to successfully enter an email address already in use. Of course I could set the Allow Account Changes option to "no", but then players would not be able to change anything inside of PM.
Also, players can enter a duplicate email if the Allow Password Recovery option is turned on. They can select the new email pip, and successfully enter an email address already in the system.
I just updated my test server to 2.92 and found these apply to that version as well.
BTW: your new rake utility is pretty cool!
I just stumbled across a little loophole that I want to bring to your attention.
I do not allow duplicate email addresses on my site and have that system setting set to "no" on my server. However, I just noticed that players could use Account/Change Info, to successfully enter an email address already in use. Of course I could set the Allow Account Changes option to "no", but then players would not be able to change anything inside of PM.
Also, players can enter a duplicate email if the Allow Password Recovery option is turned on. They can select the new email pip, and successfully enter an email address already in the system.
I just updated my test server to 2.92 and found these apply to that version as well.
BTW: your new rake utility is pretty cool!