Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Password registration bug? #988

Closed
llanverygranger opened this Issue Aug 1, 2016 · 3 comments

Comments

Projects
None yet
2 participants
@llanverygranger
Copy link

commented Aug 1, 2016

I registered with the forum https://forum.culteducation.com which says it uses Phorum. I auto-generated a password when registering. Sadly this username and password didn't work when logging in, even though the registration process accepted the details.

This usually means one of these bugs:

  1. The password is truncated before being stored in the database (hopefully encrypted)
  2. Certain character types are removed before being stored in the database (hopefully encrypted)

The fix is to:
a) Tell the user any limitations to a password during registration, e.g. maximum 32 characters, must not use punctuation, must use at least one capital letter... etc.
b) Feedback to the user problems with the password until a valid password is used... then and only then, store this password (or rather an encrypted version of it) in the database.

This happens on about 1 in 30 websites.

@llanverygranger

This comment has been minimized.

Copy link
Author

commented Aug 1, 2016

Note, I also got this error when clicking the validation link:
"Sorry, there was an error verifying your account. Please make sure you used the entire URL included in the email you received." So probably related.

@oricgn

This comment has been minimized.

Copy link
Contributor

commented Aug 8, 2016

Hi Xandrani,

culteducation.com is using version 5.2.19. I checked the source code but I couldn't find any explication for this behavior. But me too I wasn't able to register in this forum. I opened a new thread in there "tech support forum": https://forum.culteducation.com/read.php?15,133974

Btw: Passwords are stored encrypted. No characters are removed from the password.

Regards
Oliver

@oricgn oricgn self-assigned this Aug 8, 2016

@oricgn

This comment has been minimized.

Copy link
Contributor

commented Aug 12, 2016

No answer from culteducation.com. I close this issue.

@oricgn oricgn closed this Aug 12, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.