View Issue Details

IDProjectCategoryView StatusLast Update
0021709mantisbtbugtrackerpublic2016-11-27 00:45
ReportercproensaAssigned Tocproensa 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version1.3.1 
Target Version1.3.4Fixed in Version1.3.4 
Summary0021709: on error after verification page, user still can browse the site
Description

If invalid data is submitted from the new verification page, the user is presented a standard logged-in page, with error message, but still a navigation menu.
Then the user can proceed to use the site as his user is logged in, but didn't change his password.
This happens because the data is submitted to the standard "account_update.php"

A proposal is to create a separated verify-update page that deals with this submission. And remove the verification logic from account_update page.

TagsNo tags attached.

Related Changesets

MantisBT: master-1.3.x 12192f19

2016-11-18 17:35:16

cproensa


Committer: dregad Details Diff
Force logout after verification error

Force the clearing of authentication cookies when the verification data
submitted to account_update page produces an error.
This way, the user cant browse the site as the logged user, if he hasn't
completed yet the verification process.

Fixes 0021709
mod - account_update.php Diff File

Issue History

Date Modified Username Field Change
2016-09-22 04:55 cproensa New Issue
2016-11-18 17:42 cproensa Assigned To => cproensa
2016-11-18 17:42 cproensa Status new => assigned
2016-11-18 17:42 cproensa Note Added: 0054543
2016-11-21 07:07 dregad Changeset attached => MantisBT master-1.3.x 12192f19
2016-11-21 07:07 dregad Assigned To cproensa => dregad
2016-11-21 07:07 dregad Status assigned => resolved
2016-11-21 07:07 dregad Resolution open => fixed
2016-11-21 07:07 dregad Fixed in Version => 1.3.4
2016-11-21 07:08 dregad Assigned To dregad => cproensa
2016-11-21 07:08 dregad Target Version => 1.3.4
2016-11-27 00:45 vboctor Status resolved => closed