1 fede Mar 14, 2018 00:35
In http://demo2.b2evolution.net I went to Registration & logins and marked the option Require specials characters. Then I edited the user larry, changed the password to larry in both fields, and the system accepted the change, which is a double fault:
- accepted the new password without special characters,
- accepted the login as password, which according to _user.funcs.php, line 1581, is not allowed ('The password must be different from your login.')
admin can do things that others can't. log in as larry when you try this.