Went to admin/user and added a new user. Mis-typed the passwords so they did not match. Submitted form, recieved "password mismatch" error message. New user was created.
Problem: I had *no* idea that the user was created (there may have been a success message, however I did not see it because of the error messages. Also I *assumed* that the user had not been created (because in my experience that is how every other user system works).
This is not a trivial problem since it would be common for an end-user to make a mistake such as this - if the registration were part of a larger process - like an e-commerce transaction this could essentially produce a non-recoverable error (a user being created in an inconsistent state and requiring admin intervention).
Suggested fix: put everything inside a single DB transaction - if it fails it fails, if it succeeds it is logically consistent.
Comments
Comment #1
kkaefer CreditAttribution: kkaefer commentedThis doesn't have anything to do with transactions. The query to create the user is atomic.
Comment #2
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedI can't reproduce this on D5. If I have non-matching passwords, the user does not get created.
Comment #3
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedmarking fixed.
Comment #4
douggreen CreditAttribution: douggreen commentedI was able to reproduce some sort of problem on Drupal 5:
1. Go to admin/user/user/create a try to create a user with password fields that don't match. You'll get an error and the user isn't created.
2. Check the "List" page and the user isn't there
3. Go back to "Add user" and create the user with password fields that do match.
The user is created by the second "add", but the error message from the first add remains.
Comment #5
(not verified) CreditAttribution: commented