[Bb-trac] [bbPress] #920: Allow login with email/password
bbPress
bb-trac at lists.bbpress.org
Thu Aug 7 20:13:45 GMT 2008
#920: Allow login with email/password
----------------------------+-----------------------------------------------
Reporter: mdawaffe | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 1.0
Component: Administration | Version: 1.0-alpha (trunk)
Severity: normal | Keywords:
----------------------------+-----------------------------------------------
Part of a global: make it easier to recover username and password
movement.
bbPress should let you log in via username or email address.
Problems:
1. Email addresses are not unique in braches/0.9 and so may not be unique
in any bbPress install.
Suggestion: bail if multiple addresses match: require log in via username
for those users.
2. Our error messages say: "username doesn't exist" or "password invalid"
depending on the case. This is does not leak information, since usernames
are easily found by other means (profile.php, for instance). If we have
similar errors for logging in via email, though, we leak what email
addresses are registered.
Suggestion: show non-leaking errors when a user logs in with an email
address.
--
Ticket URL: <http://trac.bbpress.org/ticket/920>
bbPress <http://bbpress.org/>
Innovative forum development
More information about the Bb-trac
mailing list