Core Registration Bug with mismatched passwords!

I believe I found a core bug with elgg registration...

if the user trying to register provides mismatched passwords, they receive an error message however, they become an active user without any notification, leaving their email address and username useless for further registration!

serious problem? Definitely. Can anyone address this?

  • Just added it to trac http://trac.elgg.org/ticket/2454

    and I think a small change is there Dhrup,

            if (((trim($password) != "") && (strcmp($password, $password2) == 0)) && ($guid)) 
            {
                $guid = register_user($username, $password, $name, $email, false, $friend_guid, $invitecode);

    The guide for user is created only after register_user() function runs. But our first line is asking for a guid, Si I think it should be like


            if (((trim($password) != "") && (strcmp($password, $password2) == 0))) 
            {
                $guid = register_user($username, $password, $name, $email, false, $friend_guid, $invitecode);

  • true.. i'm going blind lolz ;-)

     

  • Alright, It's working well!  Users get error message, redirected back to reg page and there's no new active users under the User Administration panel!! : )

    1 issue still though: the username becomes unavailable after an error is made on the registration page. Any idea what is capturing the username?

  • @Webgalli & Dhrup

    Nice catch, everything is working perfect now after webgalli's last change!

  • Works fine for me too! Thanks guys!!!

  • triout, is this still an issue?:

    1 issue still though: the username becomes unavailable after an error is made on the registration page.

  • @Yakiv

    No, this is no longer an issue, with the inclusion of Webgalli's latest addition to the code, removing the && ($guid)):

    and I think a small change is there Dhrup,

            if (((trim($password) != "") && (strcmp($password, $password2) == 0)) && ($guid)) 
            {
                $guid = register_user($username, $password, $name, $email, false, $friend_guid, $invitecode);

    The guide for user is created only after register_user() function runs. But our first line is asking for a guid, Si I think it should be like


            if (((trim($password) != "") && (strcmp($password, $password2) == 0))) 
            {
                $guid = register_user($username, $password, $name, $email, false, $friend_guid, $invitecode);

     

    cheers : )

  • @Tri - I already caught the code typo lolz and I think so did yew ;-) but as you said "perfect.."  good to see that you got it working - because this really was a serious buggy since some versions back that nobody ever noticed until you spoke up and i read over the code lolz ;-P

  • @Dhrup - just making sure the community caught the fix that we saw mentioned by webgalli above : )