Modify

Opened 9 years ago

Closed 9 years ago

#1193 closed Bug/Fehler (wontfix)

ENTRY_EMAIL_ADDRESS_ERROR_EXISTS create_account.php

Reported by: Christian Koch <ckoch@…> Owned by: somebody
Priority: normal Milestone: modified-shop-2.0.3.0
Component: Shop Version: 2.0.2.2
Keywords: Cc:
Blocked By: Blocking:

Description

Hallo,

in der Daten create_account.php wird bei vorhanden Accounts die falsche Fehlermeldung ausgegeben.

Zeile 154:

} else {

$check_email_query = xtc_db_query("SELECT count(*) as total

FROM ".TABLE_CUSTOMERS."

WHERE customers_email_address = '".xtc_db_input($email_address)."'

AND account_type = '0'");

$check_email = xtc_db_fetch_array($check_email_query);
if ($check_emailtotal > 0) {

$error = true;
$messageStack->add('create_account', ENTRY_EMAIL_ADDRESS_CHECK_ERROR);

}

}

Die Fehlermeldung muss aber ENTRY_EMAIL_ADDRESS_ERROR_EXISTS sein.

Grüße
Christian

Attachments (0)

Change History (1)

comment:1 by Torsten Riemer, 9 years ago

Milestone: modified-shop-2.0.2.3
Resolution: wontfix
Status: newclosed

Nein das ist absichtlich so gemacht, damit ein möglicher Angreifer keine Rückschlüsse darauf ziehen kann, ob eine E-Mail Adresse bereits im Shop existiert und er dann nur noch das Passwort erraten müsste.

Modify Ticket

Action
as closed The owner will remain somebody.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment
E-mail address and name can be saved in the Preferences .
AttachmentsDescription
 
Note: See TracTickets for help on using tickets.