I just noticed if a user tries to sign up for the site, and gives a valid UserID and PW, they are logged on while being informed the Username/Password/Email have already been taken.
While this might seem like a good idea, it's also a security hole... sure they could enter that PW/ID ... but they really should be told that the PW/ID/Email is already in use.
While this might seem like a good idea, it's also a security hole... sure they could enter that PW/ID ... but they really should be told that the PW/ID/Email is already in use.