Subj : emailval.js accepts incomplete email addresses
To   : Codefenix
From : echicken
Date : Sun Sep 01 2024 11:55 pm

 Re: emailval.js accepts incomplete email addresses
 By: Codefenix to echicken on Sun Sep 01 2024 09:51:25

Co> someone entered an incomplete one on my system (user@gmail), and it broke
Co> the script because the script (incorrectly) treated the entry as though it
Co> were a QWKmail address. This let the user skip validation and proceed to
Co> main, when it should have screened them out instead.

It sounds like this script is not doing what I assume an email validation module would do: execute on logon, nag the user to enter a code, tell them where it sent the code, and let them request a re-send (optionally to a new address) - or exit quietly if validation is complete. Maybe on first run it lets them enter a target email address which may be different from what they supplied on the newuser form.

Beyond that it shouldn't matter if the user can get to the main menu, because their unvalidated account wouldn't have permission to do much.

echicken
electronic chicken bbs - bbs.electronicchicken.com
---
� Synchronet � electronic chicken bbs - bbs.electronicchicken.com

You are viewing proxied material from bbs.kd3.us. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.