Tags:
create new tag
, view all tags

Bug: TWikiRegistration allows multiple registration for same user

TWikiRegistration allows a known user to register under different user name. The user will be inserted into TWikiUsers in alphabetical order, and will use the same login.

I guess bin/register should check whether a user is already known (i.e., whether a user with the same login has already registered) and create an oops page in that case. It is very confusing to find more than one TWikiUser with the same login.

Test case

Just try.

Environment

TWiki version: TWikiRelease01Feb2003
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: Linux, Solaris
Web server: Apache 1.3
Perl version: 5
Client OS: Win2K
Web Browser: IE

-- ThomasWeigert - 23 Apr 2004

Follow up

This is more than just confusing. It allows a potential denial of service attack in some configurations.

-- ClaussStrauch - 20 Jul 2004

Am on RegisterCgiScriptRewrite... Is it that the same login name should not be registered again? How about the same email address?

-- MartinCleaver - 04 Oct 2004

This is still a bug on DevelopBranch!

-- CrawfordCurrie - 14 Apr 2005

Crawford - UsersDotPm#_lookupLoginName - I think I'd need to call during RegisterDotPm#_validateRegistration - any reason why I can't put lookupLoginName into the public interface of Users.pm?

-- MartinCleaver - 14 Apr 2005

No, no problem at all.

BTW, I didn't say I wanted you to implement it - I said I was waiting for your knowledgeable analysis of the problem, which could have resulted in a rejection, or a workaround, on your judgement. I just don't like things hanging around in "consensus reached" state and assigned to Dakar but with no visible activity.

-- CrawfordCurrie - 22 Apr 2005

Ok. Done. DevelopReleaseVersion#4078

-- MartinCleaver - 22 Apr 2005

Fix record

Edit | Attach | Watch | Print version | History: r12 < r11 < r10 < r9 < r8 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r12 - 2005-04-22 - MartinCleaver
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.