-
Bug
-
Resolution: Fixed
-
Major
-
3.2.8
-
None
Several different new members are unable to register because they get the error message, "You already have an account with that email." However, they do not already have an account. Rather, a completely different person has an account with a completely different email address that happens to result in the same BIGINT hash from the phpbb_email_hash function.
Either the function has to be fixed to create unique numbers for all valid email addresses, or the phpbb software needs to be reconfigured so that it does not rely on the hash with absolute confidence.
A simple fix could be to have the software do a more intensive and complete search for an email match when there is a duplicate. The software should never assume with certainty that the hash match is reliable and means there is a real match.