[wp-trac] [WordPress Trac] #16633: reauth loop if database contains duplicate values

WordPress Trac wp-trac at lists.automattic.com
Thu Feb 24 11:42:49 UTC 2011


#16633: reauth loop if database contains duplicate values
--------------------------+-----------------------------
 Reporter:  danielpataki  |      Owner:
     Type:  enhancement   |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Database      |    Version:
 Severity:  minor         |   Keywords:
--------------------------+-----------------------------
 Hi everyone, i found an interesting problem the other day, perhaps some
 sort of error message could be implemented here?

 If there is a duplicate value on the user_login or user_nicename field in
 wp_users, Wordpress recognizes the login and password as correct, but does
 not log the user in, the user is directed to wp_login.php with reauth=1 in
 the url query.

 If the user enters the correct user_login but the incorrect password, and
 error is given (incorrect password), but if he enters the correct
 password, no error is given, he is redirected back to the above mentioned
 location.

 This could occur if a programmer decided to use his own registration
 script and doesn't check for duplicate values, so the blog owner might not
 be at fault here, and would have no idea what's going on.

 If a user tries to log in and has the same user_login/user_nicename as
 someone else, perhaps an admin could be notified and an error message
 could be shown?

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/16633>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list