Tuesday 02 December 2008 7:28:30 am
I am working on a fresh install of 4.0.1 with ezFlow. On the ezFlow demo page i can login, then there is a link "My Profile". If i click on that link, it brings me to /user/edit/$user_id. So how can this be deprecated, its the standard profile page of ezPublish? I didnt hack anything on kernel!
Maybe you misunderstood something about the e-mail-validation. You are right, if i type in mymail.domain.com, there comes a warning that the e-mail-address is not valid. But what happens when my address is mymail@domain.com and i type in ymmail@domain.com? Its valid for ezPublish but a mistake in writing by the user, and believe me, those things happens very often. There are so much people writing to me that hey got no registration E-Mail. When i compare the addresses i know why... So i am always looking for a solution where every user and webmaster is safe. At the moment i run my project on a cms written by myself. On that project, when a user changes the e-mail address he gets an validation link sendet to his mail-account. Only after klicking on that link, the new mail-address is active. This makes also sense, when you want to restrict users to registrate more than 1 account with the same e-mail address. At the moment i can registrate as many users as i want with the same e-mail address on all ezPublish sites (tryed it). Just registrate, change the e-mail address on profile page to one thats maybe not mine, registrate new account with same address as the first user etc.....
At the end, i can have as many useraccounts i want, with the same e-mail-address. But i want to restrict that. (RequireUniqueEmail=true)
Not realy a security issue, but not nice! But like i said, i will hack this for myself.
|