So I'm setting up a signin form and I've noticed that if the user puts in an email address that is already in the database with conflicting name, address, phone, etc the database is updated with this new information. This even impacts users who have setup a password but no password is ever asked confirm authorization to go ahead with the changes.
More puzzling is that the changes don't appear in the activity stream of the page so the administrator wouldn't see that it's happening.
So all I would need to do mischief on the database is a bunch of email addresses which, in the case of this site (and probably lots of other), are publicly available.
Am I doing something wrong here or is this a known issue?
Notplanned
Official response from Dana NguyenWe are aware of this and are taking concerns into consideration, but do not currently have plans to change this behavior.
At this time, if you are concerned about forms changing personal information, you can make forms only available to members, requiring someone to log in before submitting any form. You can also customize public forms to remove fields with information you do not wish to update in your nation without authorization and leave changes to a member-only page.
Showing 10 reactions
Sign in with
Seems like this can cause data corruption, whether or not the intent is malicious.
I have emailed my point person about this and the main workaround that was suggested is to wrap all signup fields except for email and name with the conditional sorta_logged_in. That would allow/force users to “sorta” log in before updating any additional information on an existing record. This helps keep existing data from being overwritten – if only empty fields are shown on the signup form – but garbage data could still be entered in the empty fields.
The best solution, in my opinion, is what Ethan suggested, “if you enter an email already in the database, you are challenged to log in”.
But an alternate solution, I think, would be to implement the logic used in Imports – put a checkbox on the Signup Settings page that allows Control Panel users to choose whether or not a signup page will Overwrite existing data if it finds a match in the database.
Campaign Gears
Certified Architect
Campaign Gears
Certified Architect
At least the form should be set that the user is not logged in and submits an email address that is already in the database, any empty fields are ignored so the database isn’t updated to empty values.
A better response would be that if you enter an email already in the database, you are challenged to log in, and if the address hasn’t been authenticated, to do so BEFORE you can make changes to the users record.
I look forward to your response soon. We’re using this form on a system where we know quite a bit about individuals but they haven’t generally setup profiles on the NationBuilder system.
Campaign Gears
Certified Architect