Latest wordpress confuses ID with user_login field

  • After installing WP 4.7.4, WordPress appears to be mixing up the ID and user_login fields. The site in question uses numeric values for the user_login field. However, if a person’s user_login happens to exist as another user’s ID, their login fails and when they go to recover the password it tells them they’re someone else (the person whose account exists at that ID).

    To illustrate what I mean, consider these 2 users:

    Sam:
    ID: 260
    user_login: 349

    Becky:
    ID: 349
    user_login: 422

    If Sam tries to log in with his user_login of 349, the login fails because it looks at Becky’s account and the password does not match. If he tries to recover the password, it sends the recovery email to Becky’s email.

    Is this a bug in the new version? Should we revert versions to fix it or is there a patch expected soon?

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Latest wordpress confuses ID with user_login field’ is closed to new replies.