RE: [Rainbowportal-devel] a serious bug was found in the Register module
Brought to you by:
danijel_kecman,
manudea
From: Thierry \(Tiptopweb\) <th...@ti...> - 2004-05-08 01:26:13
|
Hi, this is correct. I think there is no bug: In the Register control, there are 2 buttons : 'register & sign-in' and 'save' The first one is visible ONLY if you are not logged, the second ONLY if you are logged in: 1. not logged-in, so you are registering, the control get the information, create a new user and sign-in 2. logged-in, your are admin, you are editing the profile of another user from the user manage module, 'save' button will just update the profile of this user 3. logged-in, you are a user editing his profile (or the admin editing his profile), 'save' button will update your profile. I see no bug, the login function is only called in case 1. Voila! Thierry -----Original Message----- From: rai...@li... [mailto:rai...@li...]On Behalf Of William Forney Sent: Saturday, 8 May 2004 2:50 AM To: ym...@ms...; rai...@li... Subject: RE: [Rainbowportal-devel] a serious bug was found in the Register module This is how I think it "should" work. It should save the information in the edit form and simply log the user out if they are editing their own information. If they are the administrator and editing someone else's information, it should simply save the info and go back to the admin tab. Make sense? ---------------------------------------------------------------------------- -- From: rai...@li... [mailto:rai...@li...] On Behalf Of yiming Sent: Thursday, May 06, 2004 11:48 PM To: ma...@du...; rai...@li... Subject: [Rainbowportal-devel] a serious bug was found in the Register module HI, manu, and all I Found a bug in the Register module, I think this one is serious. I'm working on it , but there're something needs your advise. The problem is: 1. when user clicked on the "save changes" button, the original code always sign on again with the user which edited currently 2. this is wrong, if user admin is editing "user1", it will make admin login again with "user1" account. 3. and if the password field wasn't assigned, it will be failed. 4. and I found that there's no way to retrieve current user's password, it's reasonable. But what should I do? Would you advise me and let me fix this? private void SaveChangesBtn_Click(object sender, System.EventArgs e) { int returnID = SaveUserData(); if (returnID > -1) { //Full signon PortalSecurity.SignOn(EmailField.Text, PasswordField.Text, false, RedirectPage); } } |