Opened 14 years ago
Closed 13 years ago
#16633 closed enhancement (worksforme)
reauth loop if database contains duplicate values
Reported by: | danielpataki | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | minor | Version: | |
Component: | Database | Keywords: | reporter-feedback |
Focuses: | Cc: |
Description
Hi everyone, i found an interesting problem the other day, perhaps some sort of error message could be implemented here?
If there is a duplicate value on the user_login or user_nicename field in wp_users, Wordpress recognizes the login and password as correct, but does not log the user in, the user is directed to wp_login.php with reauth=1 in the url query.
If the user enters the correct user_login but the incorrect password, and error is given (incorrect password), but if he enters the correct password, no error is given, he is redirected back to the above mentioned location.
This could occur if a programmer decided to use his own registration script and doesn't check for duplicate values, so the blog owner might not be at fault here, and would have no idea what's going on.
If a user tries to log in and has the same user_login/user_nicename as someone else, perhaps an admin could be notified and an error message could be shown?
Change History (4)
#3
@
13 years ago
Hi there!
Sorry for the long delay in answering!
The duplicates were created by a faulty test script. I wanted to create 100 users very quickly, and due to an error, some had the same details. I used a raw SQL insert, so WordPress functions were not at fault.
I was using a development version at the time, I will get around to testing this on 3.2 as soon as I can,
How are you creating these duplicate logins? What is the use case?
I tried to recreate this on WP 3.2 and found the following results:
Can you please try with the latest version and post your results?