account/email php allows duplicate emails

[PurpleEdge]

In the account/signup php file there is code to check if a user's email address has already been used by another user, however there is no similar code in the account/email php file - so it is possible for a user to change their email to be the same as another user.

This will cause problems when the forgot php code is executed.

Is this intentional, or an oversight?

[Luisehahne]

Hi,

here can find the recoding roadmap

http://www.websitebaker2.org/forum/index.php/topic,17914.msg118930.html#msg118930

Dietmar

[PurpleEdge]

Thanks Dietmar,

Is the SVN version 2.8.2 ? and is it ready for general users to start experimenting with, to become familiar with some of the new features?

Regards,

Geoff B

[crnogorac081]

When you mentioned forgot.php , I suggest to improve security for password retrival.

At this point, if someone knows your email address he can easily reset your password, so unless you see an email you will not know about that.. Even than, if someone wants to bug you, he can keep resetting your password any time as much as he wants without any problems..

I suggest to add 2 fields in table USERS: "security_question" and "security_answer" , so that user himself can define his question and answer (on preferences page)..

So the procedure would be: on forgot.php page show email field -> for inputed email show security question (if field is not blank) -> if security answer matches, send data on email..

This is easy to code, and I think it would be usefull..... what do you think ??

cheers