If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

misleading error message when entering incorrect password on "account settings" page




User Interface
16 years ago
8 years ago


(Reporter: myk, Unassigned)


Bug Flags:
blocking2.22 -




16 years ago
As a result of the fix for bug 45918, if you are logged in with cookies enabled,
and you enter an incorrect password when making a change on the "account
settings" tab of userprefs.cgi, Bugzilla tells you that "the username or
password you entered is not valid," even though you never entered a username. 
Bugzilla should only tell you that your password is invalid.
Ooh, this is going to be a nasty one to fix.  If you just change the message
you're changing the error you get when you screw up the password on a real
login, too (because it's running the same code).  And we don't want the real
login message to be that generic because it'll give away the existence of an

Probably we need some sort of generic "authenticate" routine in globals.pl which
simply returns whether or not someone's password is correct or not, but also
sets the appropriate cookies and such if necessary so people don't get logged
out when changing their password.
Priority: -- → P4
Target Milestone: --- → Bugzilla 2.18
The User Interface component now belongs to Gerv.  Reassigning all UNCONFIRMED
and NEW (but not ASSIGNED) bugs currently owned by Myk (the previous component
owner) to Gerv.
Assignee: myk → gerv
Reassigning back to Myk.  That stuff about Gerv taking over the User Interface
component turned out to be short-lived.  Please pardon our confusion, and I'm
very sorry about the spam.
Assignee: gerv → myk

Comment 4

14 years ago
Unloved bugs targetted for 2.18 but untouched since 9-15-2003 are being
retargeted to 2.20
If you plan to act on one immediately, go ahead and pull it back to 2.18.
Target Milestone: Bugzilla 2.18 → Bugzilla 2.20

Comment 5

13 years ago
This bug has not been touched by its owner in over six months, even though it is
targeted to 2.20, for which the freeze is 10 days away. Unsetting the target
milestone, on the assumption that nobody is actually working on it or has any
plans to soon.

If you are the owner, and you plan to work on the bug, please give it a real
target milestone. If you are the owner, and you do *not* plan to work on it,
please reassign it to nobody@bugzilla.org or a .bugs component owner. If you are
*anybody*, and you get this comment, and *you* plan to work on the bug, please
reassign it to yourself if you have the ability.
Target Milestone: Bugzilla 2.20 → ---

Comment 6

12 years ago
*** Bug 321836 has been marked as a duplicate of this bug. ***

Comment 7

12 years ago
this is getting annoying. i'll buy someone lunch for fixing it.
Flags: blocking2.22?

Comment 8

12 years ago
Unfortunately, this is too trivial to be a blocker.
Flags: blocking2.22? → blocking2.22-


11 years ago
QA Contact: mattyt-bugzilla → default-qa


11 years ago
Assignee: myk → ui

Comment 9

8 years ago
I cannot reproduce this problem. The error message is now accurate.
Last Resolved: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.