loading

Registration and password update accepts a password that cannot be used on the site for logging in later


According to "How to Submit Bug Reports" here come the details: (A)

Registration and password update accepts a password
that cannot be used on the site for logging in later


1. Acer laptop, T4400 Dual-core CPU, 4GB RAM
with Win7 (6.1.7601) Home Premium x64 Service Pack 1 running

2. Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0

3. Instructables dot com Signup

4. Screen shots attached

5. Steps to reproduce:
go to Signup, enter a valid e-mail address You remember and
enter a random password e.g. 34 characters long, containing A-Z, a-z, 0-9,
and some special characters, e.g. #%'(*.:?@
(I can send You the exact passwords used upon request)

You can repeat this as many times You wish with the useful feature called Forgot Username/Password -> You will get the code, You can enter another password like the above and still cannot login. Another strangeness was to me that the 'restored' account had a totally different username from that I originally entered when signing up. Interesting 'phenomenon'. This does not happen with other types of passwords (weaker passwords)

Suggestions & ideas:
while I did not check page source, input field checking might need improvement.
(Bobby Tables: A guide)



Another thing (B) is that SSL on the site 'has its limits'

B.1, B.2 Same specs apply

B.3 Instructables dot com Signup via HTTPS

B.4 I trust Your imagination, maybe there is no need for a screen shot

B.5 NET::ERR_CERT_COMMON_NAME_INVALID
*.a.ssl.fastly.net
certification provided by DigiCert (High Assurance CA-3)

Steps to reproduce:
- reset or check out certificates in test browser
- just open the site via https://

Suggestions & ideas:
the website could use StartSSL Free or StartSSL Verified Certificates


An issue connected to this one is that the SSL Signup page is useless anyway, since captcha cannot be seen and/or entered the via the HTTPS version... (screen shot attached)

Suggestions & ideas:
make the captcha work on the https page and redirect signups and logins there by default (and then redirect back to http if the original login request came that way)


Best Regards,
pc-fan

Picture of Registration and password update accepts a password that cannot be used on the site for logging in later
instructables-captcha-bug-screenshot.png