This project is read-only.
1
Vote

Unique E-mail not properly checked

description

In XmlMembershipProvider.cs, the CreateUser function does not properly check for a unique e-mail address. Here's a snippet from the CreateUser function:
 
            if (this.RequiresUniqueEmail && !ValidateEmail(password, Guid.Empty)) {
                status = MembershipCreateStatus.DuplicateEmail;
                return null;
            }
 
It's a simple fix: change the ValidateEmail function call to have the user's e-mail in the argument, not the password.
 
This small problem became very significant when my website went live. One user didn't realize they had an account, and so created another. When they tried to activate their account, the UpdateUser function was called, which does properly check the e-mail uniqueness. This caused an exception trying to validate one of the accounts, leaving the user to think they needed to create a new account since the others didn't work. This continued until the user had 6 accounts with the same e-mail address before I found out the problem.

comments