[Rejected] Accessing lostpw and login page while signed in
#1
Hello.

I have found this kind of issue a while before, and today there is still nobody has fixed it yet.
In short, login to MyBB forum ( even here on community.mybb.com ), once you have logged in, locate the address bar of your web-browser and navigate to "./member.php?action=login" orĀ "/member.php?action=lostpw".
It is just no-sense; Why able to access these pages when logged/signed in already?
(Just abort the request if already logged/signed in or navigate to the previous page I guess)
Reply
#2
(2014-10-11, 09:12 PM)OmegaExtern Wrote: /member.php?action=login

It allows you to log in as another user (hence the current username is displayed above the form). So there is nothing wrong...

(2014-10-11, 09:12 PM)OmegaExtern Wrote: /member.php?action=lostpw

If you're logged in, it doesn't mean you remember your password... Why? Tip: cookies. Also, you may want to send the recovery mail for someone else.

There are no problems caused by entering these links as a logged-in user, thus I'm rejecting this.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)