Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
 All Forums
 Snitz Forums 2000 DEV-Group
 DEV Discussions (General)
 Discussion(3.4.05): E-mail change not allowed

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!
Before posting, make sure you have read this topic!

Screensize:
UserName:
Password:
Format Mode:
Format: BoldItalicizedUnderlineStrikethrough Align LeftCenteredAlign Right Horizontal Rule Insert HyperlinkInsert EmailInsert Image Insert CodeInsert QuoteInsert List
   
Message:

* HTML is OFF
* Forum Code is ON
Smilies
Smile [:)] Big Smile [:D] Cool [8D] Blush [:I]
Tongue [:P] Evil [):] Wink [;)] Clown [:o)]
Black Eye [B)] Eight Ball [8] Frown [:(] Shy [8)]
Shocked [:0] Angry [:(!] Dead [xx(] Sleepy [|)]
Kisses [:X] Approve [^] Disapprove [V] Question [?]

 
   

T O P I C    R E V I E W
kgrimsby Posted - 10 April 2006 : 02:11:18
In short, a member who does not respond successfully to (or fails to receive) the verification e-mail upon her first attempt to change her e-mail address is not allowed a second attempt. There's a more detailed discussion of the bug here:

http://forum.snitz.com/forum/topic.asp?TOPIC_ID=59077

Here's the fix (around line 1100 of pop_profile.asp):
strSql = "SELECT M_NEWEMAIL FROM " & strMemberTablePrefix & "MEMBERS "
strSql = strSql & " WHERE M_NEWEMAIL = '" & Trim(ChkString(Request.Form("Email"),"SQLString")) & "'"
strSql = strSQL & " AND M_NAME <> '" & ChkString(Request.Form("Name"), "SQLString") & "'"

The only change is the addition of the last assignment statement.

Ken<
7   L A T E S T    R E P L I E S    (Newest First)
HuwR Posted - 12 April 2006 : 04:47:35
your initial post states
"In short, a member who does not respond successfully to (or fails to receive) the verification e-mail upon her first attempt to change her e-mail address is not allowed a second attempt. "

and in your next post said
"Viewed from another perspective, though, this problem results from the Snitz code not allowing members to do something entirely reasonable: changing an e-mail address more than once. If, for whatever reason, the member fails to receive the verification e-mail, the Snitz code makes it impossible for the member to change her e-mail address. "

which is total crap.Oh and no mention of it referring to the same address either.

This is not a bug. end of story it is designed that way therefore can not be a bug, if you require a feature change than request one but don't label something a bug when it isn't.<
kgrimsby Posted - 11 April 2006 : 22:04:00
quote:
Originally posted by HuwR

first off, lets get the story straight, Snitz DOES NOT prevent you from changing your email more than once, it only does so if the email you change it to is not verified, which correctly Snitz assumes is bogus therefore not allowing you to use the same bogus address again

Wow! Did you even read my previous posts? If so, let's have another look!

Here I explicitly recognize that the member is allowed multiple changes of e-mail address:
quote:
Originally posted by kgrimsby

the member could change her address next to a bogus address and then to the correct address


Here I explicitly refer to multiple attempts to register the same e-mail address, not to multiple changes of e-mail address:
quote:
Originally posted by kgrimsby

a member who does not respond successfully to (or fails to receive) the verification e-mail upon her first attempt to change her e-mail address is not allowed a second attempt


Here, in my example scenario, I explicitly refer to multiple attempts to change an e-mail address to a single (valid) e-mail address:
quote:
Originally posted by kgrimsby

if the member does not respond successfully to the verification e-mail (perhaps she didn't receive it because her ISP's mail server was down), the member would reasonably attempt to change her e-mail address one more time. Indeed, her profile would still show her original address (read from the M_EMAIL field). However, when the member changes her e-mail address the second time, the change isn't allowed because the address is already in use. Indeed, the new address already appears in the M_NEWEMAIL field of the member's very own record!


So please don't insult me by claiming that I have not gotten my "story straight" (your words). I've been consistent all along.

Let's continue now with your claims:
quote:
Originally posted by HuwR

this is the result of a security feature not a bug


What nonsense! If the e-mail address is invalid the first time, the verification e-mail will not be received by the member the second time, the third time, or the one-thousandth time! However, if the e-mail address is valid, what's the harm in letting the member register it a second time, a third time, or a one-thousandth time? If she has failed to receive the verification e-mail, for whatever reason, or has simply lost it, shouldn't she be allowed a second attempt?

This situation comes up quite frequently.

The code in question is hardly a "security feature." Rather, it is a bug that prevents members from making more than one attempt to change an e-mail address (which is no longer valid) to a new valid e-mail address.

Ken
<
HuwR Posted - 11 April 2006 : 18:50:00
kgrimsby,

first off, lets get the story straight, Snitz DOES NOT prevent you from changing your email more than once, it only does so if the email you change it to is not verified, which correctly Snitz assumes is bogus therefore not allowing you to use the same bogus address again, this is the result of a security feature not a bug.<
ruirib Posted - 11 April 2006 : 18:14:50
I understand your point of view, Ken, even if you're not quite right about the possibility of changing the email address more than once. It could be changed, even if not to the one previously submitted and not validated. I agree with the code change, however. It makes perfect sense.<
kgrimsby Posted - 11 April 2006 : 13:19:30
Viewed from another perspective, though, this problem results from the Snitz code not allowing members to do something entirely reasonable: changing an e-mail address more than once. If, for whatever reason, the member fails to receive the verification e-mail, the Snitz code makes it impossible for the member to change her e-mail address. She is stuck with her old (probably no-longer-functioning) e-mail address. (Technically, the member could change her address next to a bogus address and then to the correct address, but why should the Snitz code require the member to do something so unintuitive?) Bug or not, it's poorly implemented functionality in the Snitz code and should be corrected.

Ken<
Shaggy Posted - 11 April 2006 : 05:59:24
Not as yet, Rich.

Personally, while I understand what you're saying, Ken, I don't see this as being a Snitz bug as it results from either e-mail providers bouncing the mail or the recipient simply ignoring the mail. Not knocking the fix, just putting the problem in the same category as the Norton referer issue.

<
richfed Posted - 10 April 2006 : 13:17:10
I am wondering if this is a Snitz-endorsed change to make?<

Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.09 seconds. Powered By: Snitz Forums 2000 Version 3.4.07