Email exists in the database

Suppose I new user goes to register and the email he/she submits exists already in the database…

How I should handle such a scenario?What am I suppose to assume for this user…
that it is an existing user and should remind him of his/her password?

No, you would show a message saying that the Email address already exists on the system. You may also have a link to the “forgoten password” system. Of course you would only remind them of the password via an Email to the registered address, or some other more secure method. You would never show the password to someone who just knows the address, they must prove they own the address.

From the above I want to focus to 2 things:

  • a message saying…that the “email exists”
  • A forgotern password link.

I assume that if the user clicks the link then the next step is to reset his/her password.
Am I correct?

Some sites will simply send an Email to the address saying: This is your forgotten password…
Or you can do a password reset which will be a little more complex. You would not just click the link and go to a password reset, that way anyone who knows your Email address could reset your password and steal the account. You would have to send an Email to the address which includes a unique, secure URL to a password reset page for the account.

I would not feel comfortable doing that.
Say I had an email address that I wanted to keep “private”.
Would I appreciate it if a forum let it be known that it existed? No.

Maybe better to have something more like
“There was a problem. Please contact the Admin”

Ok I got your point…I have to implement now what I 've heard…some things that were mentioned require a separate topic on their own…I will start coding and if the need arises open a new topic.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.