[PHPBB3-16167] phpbb_email_hash creates false duplicates

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 3.2.8
Fix Version/s: 3.3.0-b2
Component/s: None
Labels:
- phpbb_email_hash

Description

Several different new members are unable to register because they get the error message, "You already have an account with that email." However, they do not already have an account. Rather, a completely different person has an account with a completely different email address that happens to result in the same BIGINT hash from the phpbb_email_hash function.

Either the function has to be fixed to create unique numbers for all valid email addresses, or the phpbb software needs to be reconfigured so that it does not rely on the hash with absolute confidence.

A simple fix could be to have the software do a more intensive and complete search for an email match when there is a duplicate. The software should never assume with certainty that the hash match is reliable and means there is a real match.

Attachments

Activity

People

Assignee:: Marc

Reporter:: thescott

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 22/Sep/19 10:26 PM

Updated:: 23/May/20 1:19 PM

Resolved:: 21/Nov/19 1:56 PM