reauth loop if database contains duplicate values
|Reported by:||danielpataki||Owned by:|
Hi everyone, i found an interesting problem the other day, perhaps some sort of error message could be implemented here?
If there is a duplicate value on the user_login or user_nicename field in wp_users, Wordpress recognizes the login and password as correct, but does not log the user in, the user is directed to wp_login.php with reauth=1 in the url query.
If the user enters the correct user_login but the incorrect password, and error is given (incorrect password), but if he enters the correct password, no error is given, he is redirected back to the above mentioned location.
This could occur if a programmer decided to use his own registration script and doesn't check for duplicate values, so the blog owner might not be at fault here, and would have no idea what's going on.
If a user tries to log in and has the same user_login/user_nicename as someone else, perhaps an admin could be notified and an error message could be shown?