Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[F] Bugy recover password
#1
This still needs to be confirmed by the way, I'm only telling what a user of my forums told me.

This is the situation:

A while ago, there was a maximum nick length of let's say 20 characters. So people could register with for example a 16 character nickname. But now, I changed the maximum characters to 15. A person who was in this situation, lost his password, and wanted to recover it, he got the e-mail and so on.

But when he wants to manual recover his account and fills in his nickname in the box, he gets an error message saying his nickname is too long.

Suggestion: when changing nickname length, people with a nickname, bigger than the allowed amount of characters should get a warning to change their nickname, otherwise they can't browse again through the forums.
[Image: destroyerjf8.jpg]

Give us your feedback about MyBB in this thread and become listed on the MyBB website.
#2
There is no username length validation when you enter your username whilst recovering a password - so he couldn't have received the message "Your username is too long"

The only validation that is performed is that the username is checked to see if it exists.

I've changed something which will hopefully correct this problem - due to case sensitivity with some MySQL servers. After we release 1.2.3, see if it happens again.

Chris
#3
When I enter my username & code I get an error like:

It seems like your account already has been activated.. otherwise, e-mail verification isn't required.
[Image: destroyerjf8.jpg]

Give us your feedback about MyBB in this thread and become listed on the MyBB website.
#4
well, has you account already been activated...
#5
Yeah, but that was the action for recovering a password, not activating an account.
[Image: destroyerjf8.jpg]

Give us your feedback about MyBB in this thread and become listed on the MyBB website.
#6
destroyer Wrote:When I enter my username & code I get an error like:

It seems like your account already has been activated.. otherwise, e-mail verification isn't required.

Can you state the exact procedure to reproduce this bug?
Dennis Tsang
Former MyBB Team Member
Web: http://dennistt.net
#7
Set the maximum username length to for example 17, register a username with 16 characters, and after that, change the limit to 15 characters.

Log out, and click the 'I lost my password' link. Follow the e-mail, and manual activate your account. Enter your username and the code, and then you get that error.

If you go to the first link with your browser, there is NO problem. SO it's only the manual activation part.

Tested it twice, and it's still the same, so I'm pretty sure this is a bug now. Smile

I hope it's clear enough.

Grtz!
[Image: destroyerjf8.jpg]

Give us your feedback about MyBB in this thread and become listed on the MyBB website.
#8
The error that I got was "It appears your account is already activated or does not require email verification." Is that the error you are getting?
Dennis Tsang
Former MyBB Team Member
Web: http://dennistt.net
#9
Yes it was that. Little mistake, sorry.
[Image: destroyerjf8.jpg]

Give us your feedback about MyBB in this thread and become listed on the MyBB website.
#10
Can you see if this fixes it:
Edit the member_resetpassword template, and somewhere it will say <input type="hidden" name="action" value="activate" />; can you change activate to resetpassword.
Dennis Tsang
Former MyBB Team Member
Web: http://dennistt.net


Forum Jump:


Users browsing this thread: 1 Guest(s)