MyBB Community Forums

This still needs to be confirmed by the way, I'm only telling what a user of my forums told me.

This is the situation:

A while ago, there was a maximum nick length of let's say 20 characters. So people could register with for example a 16 character nickname. But now, I changed the maximum characters to 15. A person who was in this situation, lost his password, and wanted to recover it, he got the e-mail and so on.

But when he wants to manual recover his account and fills in his nickname in the box, he gets an error message saying his nickname is too long.

Suggestion: when changing nickname length, people with a nickname, bigger than the allowed amount of characters should get a warning to change their nickname, otherwise they can't browse again through the forums.

There is no username length validation when you enter your username whilst recovering a password - so he couldn't have received the message "Your username is too long"

The only validation that is performed is that the username is checked to see if it exists.

I've changed something which will hopefully correct this problem - due to case sensitivity with some MySQL servers. After we release 1.2.3, see if it happens again.

Chris

When I enter my username & code I get an error like:

It seems like your account already has been activated.. otherwise, e-mail verification isn't required.

well, has you account already been activated...

Yeah, but that was the action for recovering a password, not activating an account.

destroyer Wrote:When I enter my username & code I get an error like:

It seems like your account already has been activated.. otherwise, e-mail verification isn't required.

Can you state the exact procedure to reproduce this bug?

Set the maximum username length to for example 17, register a username with 16 characters, and after that, change the limit to 15 characters.

Log out, and click the 'I lost my password' link. Follow the e-mail, and manual activate your account. Enter your username and the code, and then you get that error.

If you go to the first link with your browser, there is NO problem. SO it's only the manual activation part.

Tested it twice, and it's still the same, so I'm pretty sure this is a bug now.

I hope it's clear enough.

Grtz!

The error that I got was "It appears your account is already activated or does not require email verification." Is that the error you are getting?

Yes it was that. Little mistake, sorry.

Can you see if this fixes it:
Edit the member_resetpassword template, and somewhere it will say <input type="hidden" name="action" value="activate" />; can you change activate to resetpassword.