[wp-trac] [WordPress Trac] #16633: reauth loop if database contains duplicate values
WordPress Trac
wp-trac at lists.automattic.com
Thu Feb 24 11:42:49 UTC 2011
#16633: reauth loop if database contains duplicate values
--------------------------+-----------------------------
Reporter: danielpataki | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Database | Version:
Severity: minor | Keywords:
--------------------------+-----------------------------
Hi everyone, i found an interesting problem the other day, perhaps some
sort of error message could be implemented here?
If there is a duplicate value on the user_login or user_nicename field in
wp_users, Wordpress recognizes the login and password as correct, but does
not log the user in, the user is directed to wp_login.php with reauth=1 in
the url query.
If the user enters the correct user_login but the incorrect password, and
error is given (incorrect password), but if he enters the correct
password, no error is given, he is redirected back to the above mentioned
location.
This could occur if a programmer decided to use his own registration
script and doesn't check for duplicate values, so the blog owner might not
be at fault here, and would have no idea what's going on.
If a user tries to log in and has the same user_login/user_nicename as
someone else, perhaps an admin could be notified and an error message
could be shown?
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16633>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list