close ad
WARNING: Do Not Install the DREAMWEAVER CC 2017 or 2018 Update »
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

poss bug in the create security pages wizard

Thread began 5/06/2015 8:27 am by Paul | Last modified 5/11/2015 6:49 pm by Ray Borduin | 553 views | 4 replies |

PaulBeta Tester

poss bug in the create security pages wizard

Scenario - registration pages created using default settings in DataBridge's (v1.22) wizard.
Selecting SH1 for password encryption.

If when requesting a password reset in forgotpassword.php, the email is sent to the requester.
The requestor clicks on link in email which opens the password reset page.

If the user enters a different email address, such as one that already exists in the DB (not theirs) , on submitting to reset password, the typed email address overwrites the email address in the record being edited in the DB.

Firstly, do you concur?

Can you update the wizard to prevent a different email address from being entered by the requester during the password reset process - whether malicious or not?

Thanks, Paul.

Sign in to reply to this post

Ray BorduinWebAssist

Please attach the page in question to a reply and I'll take a look.

Sign in to reply to this post

PaulBeta Tester

Thanks Ray.
.txt attached.

Sign in to reply to this post

Ray BorduinWebAssist

It appears that is an issue... thanks for bringing it to our attention.

The solutions are to either;
1) Don't update the email field value by editing the Update Record server behavior and removing the email
2) Adding unique column value validation to the email field so that the same email can't be entered if it is already used. The unique id of the users table will be accessible from: <?php echo($_GET['fp_id']); ?>, so you could use that in the unique column validation setting.

We will have to update the wizard to correct for this problem. I'm leaning toward removing the email field entirely in the update process since really this is for updating your password and not your email in the first place.

Sign in to reply to this post

PaulBeta Tester

I share your preference around the email address. I'll remove from the update server behaviour in my instance.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...