Closed llanverygranger closed 8 years ago
llanverygranger
commented
8 years ago Note, I also got this error when clicking the validation link: "Sorry, there was an error verifying your account. Please make sure you used the entire URL included in the email you received." So probably related.
oricgn
commented
8 years ago Hi Xandrani,
culteducation.com is using version 5.2.19. I checked the source code but I couldn't find any explication for this behavior. But me too I wasn't able to register in this forum. I opened a new thread in there "tech support forum": https://forum.culteducation.com/read.php?15,133974
Btw: Passwords are stored encrypted. No characters are removed from the password.
Regards Oliver
oricgn
commented
8 years ago No answer from culteducation.com. I close this issue.
I registered with the forum https://forum.culteducation.com which says it uses Phorum. I auto-generated a password when registering. Sadly this username and password didn't work when logging in, even though the registration process accepted the details.
This usually means one of these bugs: 1) The password is truncated before being stored in the database (hopefully encrypted) 2) Certain character types are removed before being stored in the database (hopefully encrypted)
The fix is to: a) Tell the user any limitations to a password during registration, e.g. maximum 32 characters, must not use punctuation, must use at least one capital letter... etc. b) Feedback to the user problems with the password until a valid password is used... then and only then, store this password (or rather an encrypted version of it) in the database.
This happens on about 1 in 30 websites.