theSpoke rant

GLiNTCH: Lazy code in change my profile page leads to huge bug

Added: 8:58 AM on 3/27/2006

So since emailing 'comment@thespoke.net' does not work even though forgot email says: 'please reply ASAP to inform an administrator. ' obviously it is not the case, so there ya go with a post.

“I have been trying to gain access back my blog for some time like 6 months. Please let me know what went wrong: http://thespoke.net/blogs/glintch/default.aspx

I FIGURED IT OUT, I had a profile that I changed an email on, now – I had to change it back to another email and hit request password and got my original accounts login info. Phew!

BUG NOTE: - One can change his profile’s email address to another members’ email and therefore lock them out of their account. I’ve accidentally locked my self out of my own blog for 6months now.

All this because there is no validation of duplicate email in the system when member changes his/hers email address. And honestly what kind of a website does not even have a proper feedback form and a easy to find email address to email the admins...

Nikita Polyakov
Microsoft Student Ambassador
MSDN AA Program Administrator
University of South Florida

 

Print | posted on Monday, March 27, 2006 6:17 AM

Comments on this post

No comments posted yet.

Your comment:

 (will show your gravatar)