Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 DEV-Group
 DEV Discussions (General)
 Discussion(3.4.05): E-mail change not allowed		  New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

kgrimsby
New Member

USA
72 Posts
Posted - 10 April 2006 :  02:11:18  Show Profile  Reply with Quote
In short, a member who does not respond successfully to (or fails to receive) the verification e-mail upon her first attempt to change her e-mail address is not allowed a second attempt. There's a more detailed discussion of the bug here:

http://forum.snitz.com/forum/topic.asp?TOPIC_ID=59077

Here's the fix (around line 1100 of pop_profile.asp):
strSql = "SELECT M_NEWEMAIL FROM " & strMemberTablePrefix & "MEMBERS "
strSql = strSql & " WHERE M_NEWEMAIL = '" & Trim(ChkString(Request.Form("Email"),"SQLString")) & "'"
strSql = strSQL & " AND M_NAME <> '" & ChkString(Request.Form("Name"), "SQLString") & "'"

The only change is the addition of the last assignment statement.

Ken<

richfed
Average Member

United States
999 Posts
Posted - 10 April 2006 :  13:17:10  Show Profile  Visit richfed's Homepage  Reply with Quote
I am wondering if this is a Snitz-endorsed change to make?<
Go to Top of Page

Shaggy
Support Moderator

Ireland
6780 Posts
Posted - 11 April 2006 :  05:59:24  Show Profile  Reply with Quote
Not as yet, Rich.

Personally, while I understand what you're saying, Ken, I don't see this as being a Snitz bug as it results from either e-mail providers bouncing the mail or the recipient simply ignoring the mail. Not knocking the fix, just putting the problem in the same category as the Norton referer issue.

<
Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.”
Go to Top of Page

kgrimsby
New Member

USA
72 Posts
Posted - 11 April 2006 :  13:19:30  Show Profile  Reply with Quote
Viewed from another perspective, though, this problem results from the Snitz code not allowing members to do something entirely reasonable: changing an e-mail address more than once. If, for whatever reason, the member fails to receive the verification e-mail, the Snitz code makes it impossible for the member to change her e-mail address. She is stuck with her old (probably no-longer-functioning) e-mail address. (Technically, the member could change her address next to a bogus address and then to the correct address, but why should the Snitz code require the member to do something so unintuitive?) Bug or not, it's poorly implemented functionality in the Snitz code and should be corrected.

Ken<
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 11 April 2006 :  18:14:50  Show Profile  Send ruirib a Yahoo! Message  Reply with Quote
I understand your point of view, Ken, even if you're not quite right about the possibility of changing the email address more than once. It could be changed, even if not to the one previously submitted and not validated. I agree with the code change, however. It makes perfect sense.<

Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts
Posted - 11 April 2006 :  18:50:00  Show Profile  Visit HuwR's Homepage  Reply with Quote
kgrimsby,

first off, lets get the story straight, Snitz DOES NOT prevent you from changing your email more than once, it only does so if the email you change it to is not verified, which correctly Snitz assumes is bogus therefore not allowing you to use the same bogus address again, this is the result of a security feature not a bug.<
Go to Top of Page

kgrimsby
New Member

USA
72 Posts
Posted - 11 April 2006 :  22:04:00  Show Profile  Reply with Quote
quote:
Originally posted by HuwR

first off, lets get the story straight, Snitz DOES NOT prevent you from changing your email more than once, it only does so if the email you change it to is not verified, which correctly Snitz assumes is bogus therefore not allowing you to use the same bogus address again

Wow! Did you even read my previous posts? If so, let's have another look!

Here I explicitly recognize that the member is allowed multiple changes of e-mail address:
quote:
Originally posted by kgrimsby

the member could change her address next to a bogus address and then to the correct address


Here I explicitly refer to multiple attempts to register the same e-mail address, not to multiple changes of e-mail address:
quote:
Originally posted by kgrimsby

a member who does not respond successfully to (or fails to receive) the verification e-mail upon her first attempt to change her e-mail address is not allowed a second attempt


Here, in my example scenario, I explicitly refer to multiple attempts to change an e-mail address to a single (valid) e-mail address:
quote:
Originally posted by kgrimsby

if the member does not respond successfully to the verification e-mail (perhaps she didn't receive it because her ISP's mail server was down), the member would reasonably attempt to change her e-mail address one more time. Indeed, her profile would still show her original address (read from the M_EMAIL field). However, when the member changes her e-mail address the second time, the change isn't allowed because the address is already in use. Indeed, the new address already appears in the M_NEWEMAIL field of the member's very own record!


So please don't insult me by claiming that I have not gotten my "story straight" (your words). I've been consistent all along.

Let's continue now with your claims:
quote:
Originally posted by HuwR

this is the result of a security feature not a bug


What nonsense! If the e-mail address is invalid the first time, the verification e-mail will not be received by the member the second time, the third time, or the one-thousandth time! However, if the e-mail address is valid, what's the harm in letting the member register it a second time, a third time, or a one-thousandth time? If she has failed to receive the verification e-mail, for whatever reason, or has simply lost it, shouldn't she be allowed a second attempt?

This situation comes up quite frequently.

The code in question is hardly a "security feature." Rather, it is a bug that prevents members from making more than one attempt to change an e-mail address (which is no longer valid) to a new valid e-mail address.

Ken
<
Go to Top of Page

HuwR
Forum Admin

United Kingdom
20584 Posts
Posted - 12 April 2006 :  04:47:35  Show Profile  Visit HuwR's Homepage  Reply with Quote
your initial post states
"In short, a member who does not respond successfully to (or fails to receive) the verification e-mail upon her first attempt to change her e-mail address is not allowed a second attempt. "

and in your next post said
"Viewed from another perspective, though, this problem results from the Snitz code not allowing members to do something entirely reasonable: changing an e-mail address more than once. If, for whatever reason, the member fails to receive the verification e-mail, the Snitz code makes it impossible for the member to change her e-mail address. "

which is total crap.Oh and no mention of it referring to the same address either.

This is not a bug. end of story it is designed that way therefore can not be a bug, if you require a feature change than request one but don't label something a bug when it isn't.<
Edited by - HuwR on 12 April 2006 06:06:56
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.09 seconds. Powered By: Snitz Forums 2000 Version 3.4.07