Image board engine, Danbooru-style.
3e1aaebf89
Until now, AuthService used to check for empty e-mail in order to tell whether an account is activated. This was wrong for following scenario: 1. User doesn't enter any e-mail. 2. Because he is about to become the first user to register, he will become an administrator. 3. Administrators don't need to confirm their e-mail address. Activation e-mail is not sent, code for e-mail activation is run instead. 4. The user succeeds to create an e-mail-less administrator account. 5. The user fails to login due to unconfirmed e-mail. 6. The code that activates an e-mail just moves unconfirmed e-mail to primary e-mail. That was the bug, there's no e-mail to confirm. Things got (hopefully) simpler now, since I added separate column for indicating whether account is activated. |
||
---|---|---|
data | ||
public_html | ||
src | ||
tests | ||
.gitignore | ||
composer.json | ||
gruntfile.js | ||
LICENSE | ||
package.json | ||
phpcheckstyle.cfg | ||
upgrade.php |