Furry stuff, oekaki stuff, and other stuff.
You are not logged in.
It works now. I'll e-mail the two people who are unable to retrieve their password to login to change their password incase they lost it. (:
The problem is with lostpass.php, because it has not been patched to the correct version. Find these lines:
<form name="form1" method="post" action="functions.php?action=pretrieve"> <input type="submit" name="register" value="Submit" class="submit" />
change them to:
<form name="form1" method="post" action="functions.php"> <input type="submit" name="pretrieve" value="Submit" class="submit" />
Bear in mind that a lot of things have changed in 5.5.6. Some of your files are probably still out of date, so make sure that you've properly updated them *all*. One important change is that many includes (such as dbconn.php and config.php) have been moved to globals.php. Make sure they are not being included twice.
Such is the problem with mods.
I sent you the chngpass.php and function.php files to investigate. After you sent those files and that I implement them and test the lost password function, I'll notify my members that the lost password function is working and that they can retrieve their lost password now.
I found out what was wrong with your index file. You may send me these files if you like.
I checked the chngpass.php file and there are no other references to the word "register". Yet, I'm *still* getting that "member already exists" error message. Something has got to be wrong in either the chngpass.php file or the functions.php file and it's not supposed to do that.
Also typing in the wrong username causes a new username to be created with no e-mail adress being displayed.
Yes, because the registration code is being called, not the password retrieval code. Are you sure there's no other references to the word "register" in chngpass.php?
What happened in 5.5.6 is this:
Origianally, OekakiPoteto used an HTTP illegal method for passing data between scripts. It set up a FORM tag, but used the GET method, a common mistake among web developers:
<form method="post" action="functions.php?action=pchange">
I changed this so a hidden POST tag is used, instead. However, I didn't realize that the submit button was named "register". Before, "action=pchange" was set before "register=Submit", and that caused the code to ignore "register". After I changed it, "register" was set first, and that caused functions.php to run the wrong code.
The fix is to get rid of all references to "register", so "pchange" is the only POST name that is set. Make sure the main form looks like this (get rid of any CGI data on the action):
<form name="form1" method="post" action="functions.php">
This should already be the case, though. I changed "register" to "disabled" and the recovery feature works fine for me, now.
I tried that and I still get that message:
http://ppgrainbow.oekakiart.com/error.p … dy+exists!
Something has gone wrong here.
Also typing in the wrong username causes a new username to be created with no e-mail adress being displayed.
How can I prevent this from happening?
It seems that I've been running through all of the trouble since I first installed WaxPoteto.
Oh, lovely. Another legacy bug.
Open up chgpass.php and find this line:
<input type="submit" name="register" value="Submit" class="submit" />
change it to anything other than "register", such as:
<input type="submit" name="disabled" value="Submit" class="submit" />
This prevents the registration code from being called before the password change code.
Yes. The password recovery does return errors that a member name already existed.
Member name already exists!
The only place where that error is returned is if they are trying to re-register, not if they are trying to recover a password.
Does password recovery return errors?