RE: [Rainbowportal-devel] a serious bug was found in the Register module

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi, this is correct.
I think there is no bug:
In the Register control, there are 2 buttons : 'register & sign-in'   and
'save'
The first one is visible ONLY if you are not logged, the second ONLY if you
are logged in:

1. not logged-in, so you are registering, the control get the information,
create a new user and sign-in
2. logged-in, your are admin, you are editing the profile of another user
from the user manage module, 'save' button will just update the profile of
this user
3. logged-in, you are a user editing his profile (or the admin editing his
profile), 'save' button will update your profile.

I see no bug, the login function is only called in case 1.
Voila!
Thierry
  -----Original Message-----
  From: rai...@li...
[mailto:rai...@li...]On Behalf Of William
Forney
  Sent: Saturday, 8 May 2004 2:50 AM
  To: ym...@ms...; rai...@li...
  Subject: RE: [Rainbowportal-devel] a serious bug was found in the Register
module

  This is how I think it "should" work.

  It should save the information in the edit form and simply log the user
out if they are editing their own information.  If they are the
administrator and editing someone else's information, it should simply save
the info and go back to the admin tab.  Make sense?

----------------------------------------------------------------------------
--

  From: rai...@li...
[mailto:rai...@li...] On Behalf Of yiming
  Sent: Thursday, May 06, 2004 11:48 PM
  To: ma...@du...; rai...@li...
  Subject: [Rainbowportal-devel] a serious bug was found in the Register
module

  HI, manu, and all

  I Found a bug in the Register module, I think this one is serious.

  I'm working on it , but there're something needs your advise.

  The problem is:

  1.       when user clicked on the "save changes" button, the original code
always sign on again with the user which edited currently

  2.       this is wrong, if user admin is editing "user1", it will make
admin login again with "user1" account.

  3.       and if the password field wasn't assigned, it will be failed.

  4.       and I found that there's no way to retrieve current user's
password, it's reasonable.

  But what should I do? Would you advise me and let me fix this?

                       private void SaveChangesBtn_Click(object sender,
System.EventArgs e)

                       {

                                  int returnID = SaveUserData();

                                  if (returnID > -1)

                                  {

                                             //Full signon

PortalSecurity.SignOn(EmailField.Text, PasswordField.Text,
false, RedirectPage);

                                  }

                       }