| T O P I C R E V I E W |
| kgrimsby |
Posted - 10 April 2006 : 02:11:18
In short, a member who does not respond successfully to (or fails to receive) the verification e-mail upon her first attempt to change her e-mail address is not allowed a second attempt. There's a more detailed discussion of the bug here:
http://forum.snitz.com/forum/topic.asp?TOPIC_ID=59077
Here's the fix (around line 1100 of pop_profile.asp):
strSql = "SELECT M_NEWEMAIL FROM " & strMemberTablePrefix & "MEMBERS "
strSql = strSql & " WHERE M_NEWEMAIL = '" & Trim(ChkString(Request.Form("Email"),"SQLString")) & "'"
strSql = strSQL & " AND M_NAME <> '" & ChkString(Request.Form("Name"), "SQLString") & "'"
The only change is the addition of the last assignment statement.
Ken< |
| 7 L A T E S T R E P L I E S (Newest First) |
| HuwR |
Posted - 12 April 2006 : 04:47:35
your initial post states
"In short, a member who does not respond successfully to (or fails to receive) the verification e-mail upon her first attempt to change her e-mail address is not allowed a second attempt. "
and in your next post said
"Viewed from another perspective, though, this problem results from the Snitz code not allowing members to do something entirely reasonable: changing an e-mail address more than once. If, for whatever reason, the member fails to receive the verification e-mail, the Snitz code makes it impossible for the member to change her e-mail address. "
which is total crap.Oh and no mention of it referring to the same address either.
This is not a bug. end of story it is designed that way therefore can not be a bug, if you require a feature change than request one but don't label something a bug when it isn't.< |
| kgrimsby |
Posted - 11 April 2006 : 22:04:00
quote:
Originally posted by HuwR
first off, lets get the story straight, Snitz DOES NOT prevent you from changing your email more than once, it only does so if the email you change it to is not verified, which correctly Snitz assumes is bogus therefore not allowing you to use the same bogus address again
Wow! Did you even read my previous posts? If so, let's have another look!
Here I explicitly recognize that the member is allowed multiple changes of e-mail address:
quote:
Originally posted by kgrimsby
the member could change her address next to a bogus address and then to the correct address
Here I explicitly refer to multiple attempts to register the same e-mail address, not to multiple changes of e-mail address:
quote:
Originally posted by kgrimsby
a member who does not respond successfully to (or fails to receive) the verification e-mail upon her first attempt to change her e-mail address is not allowed a second attempt
Here, in my example scenario, I explicitly refer to multiple attempts to change an e-mail address to a single (valid) e-mail address:
quote:
Originally posted by kgrimsby
if the member does not respond successfully to the verification e-mail (perhaps she didn't receive it because her ISP's mail server was down), the member would reasonably attempt to change her e-mail address one more time. Indeed, her profile would still show her original address (read from the M_EMAIL field). However, when the member changes her e-mail address the second time, the change isn't allowed because the address is already in use. Indeed, the new address already appears in the M_NEWEMAIL field of the member's very own record!
So please don't insult me by claiming that I have not gotten my "story straight" (your words). I've been consistent all along.
Let's continue now with your claims:
quote:
Originally posted by HuwR
this is the result of a security feature not a bug
What nonsense! If the e-mail address is invalid the first time, the verification e-mail will not be received by the member the second time, the third time, or the one-thousandth time! However, if the e-mail address is valid, what's the harm in letting the member register it a second time, a third time, or a one-thousandth time? If she has failed to receive the verification e-mail, for whatever reason, or has simply lost it, shouldn't she be allowed a second attempt?
This situation comes up quite frequently.
The code in question is hardly a "security feature." Rather, it is a bug that prevents members from making more than one attempt to change an e-mail address (which is no longer valid) to a new valid e-mail address.
Ken
< |
| HuwR |
Posted - 11 April 2006 : 18:50:00
kgrimsby,
first off, lets get the story straight, Snitz DOES NOT prevent you from changing your email more than once, it only does so if the email you change it to is not verified, which correctly Snitz assumes is bogus therefore not allowing you to use the same bogus address again, this is the result of a security feature not a bug.< |
| ruirib |
Posted - 11 April 2006 : 18:14:50
I understand your point of view, Ken, even if you're not quite right about the possibility of changing the email address more than once. It could be changed, even if not to the one previously submitted and not validated. I agree with the code change, however. It makes perfect sense.< |
| kgrimsby |
Posted - 11 April 2006 : 13:19:30
Viewed from another perspective, though, this problem results from the Snitz code not allowing members to do something entirely reasonable: changing an e-mail address more than once. If, for whatever reason, the member fails to receive the verification e-mail, the Snitz code makes it impossible for the member to change her e-mail address. She is stuck with her old (probably no-longer-functioning) e-mail address. (Technically, the member could change her address next to a bogus address and then to the correct address, but why should the Snitz code require the member to do something so unintuitive?) Bug or not, it's poorly implemented functionality in the Snitz code and should be corrected.
Ken< |
| Shaggy |
Posted - 11 April 2006 : 05:59:24
Not as yet, Rich.
Personally, while I understand what you're saying, Ken, I don't see this as being a Snitz bug as it results from either e-mail providers bouncing the mail or the recipient simply ignoring the mail. Not knocking the fix, just putting the problem in the same category as the Norton referer issue. 
< |
| richfed |
Posted - 10 April 2006 : 13:17:10
I am wondering if this is a Snitz-endorsed change to make?< |
|
|
