Open EthanJStark opened 7 years ago
A user can currently register using an email that is already in the database.
I'd expect that user to be prompted with "User exists! Sign in? Or did you forget your password again?"
I'd rather just display an ambiguous error - it's bad form to tell a hacker that an email exists in the system
A user can currently register using an email that is already in the database.
I'd expect that user to be prompted with "User exists! Sign in? Or did you forget your password again?"