A user with that email already exists code 1079

Should a user registration form indicate if an email address is already in use?

It seems pretty typical to limit user accounts to unique email addresses. So on my user registration form, I am doing email validation and returning a message like

An account has already been registered for foo@bar.com

Then it occurred to me that an attacker could use this form to determine information about my users. Is there an alternative way to provide validation messages to my users without compromising security? It doesn’t seem to me there is any way around it.

7 Answers 7

Trending sort

Trending sort is based off of the default sorting method — by highest score — but it boosts votes that have happened recently, helping to surface more up-to-date answers.

It falls back to sorting by highest score if no posts are trending.

Switch to Trending sort

For most kinds of sites, I would expect that explicitly hiding this information would be a poor user experience trade-off. The better solution is to use CAPTCHA to help prevent war-dialing of email addresses.

The exception would be in cases where an attacker is seeking out information about a specific user (rather than just trying to find «some account»). As an example, if your site caters to people who have a strong interest in anonymity, and there are attackers who have a strong interest in finding out if a specific user is using the site, then the approach should be different. My approach would likely be to send an email to the address indicating the «already registered» error. The user experience annoyance would be outweighed by the user’s anonymity interest.

I can think of one way: you could ask for an email address and then send the link for a one-time registration form to that email address. You might need a captcha in there to stop spam. If the email is already in the system it could send a message saying that they already have an account.

I think this is unnecessary tho, unless your website is especially secret, like a support group for abuse victims.

Rob Napier’s answer is correct. You should decide whether your users actually need that anonymity at the cost of degraded UX (in most cases they wouldn’t care).

Here’s how some big names do it:

Which HTTP response code for «This email is already registered»?

I’m creating a RESTful API for creating users that enforces unique email addresses:

Successful POST /users : HTTP 201 Created

If I POST the same email address again, what should the response code be? Is 409 Conflict the appropriate response code?

7 Answers 7

Trending sort

Trending sort is based off of the default sorting method — by highest score — but it boosts votes that have happened recently, helping to surface more up-to-date answers.

It falls back to sorting by highest score if no posts are trending.

Switch to Trending sort

Yes, 409 is the most appropriate response code here. Even though you are most likely returning 201 on success, you’re still POSTing to a resource which is described as a collection, and POSTing a duplicate email is definitely a conflict with «the current state of the resource» as a collection. You should return a response body with a description of the problem, and hyperlinks to help resolve the problem, if possible.

Gmail (Google) returns a 200 OK and a JSON object containing a code which is indicating that the email is already registered.

Facebook is also returning a 200 OK but re-renders the content to a recovery page to give the user the option to recover his/her existing account.

Amazon is doing it the same way as Facebook. Returning a 200 OK and re-rendering the content to a notification page to inform the user that the account already exists and provide him/her possibilities to take further actions like login or password change.

So all these APIs returning always a 200 OK and presenting to the client/user either additional content to recover their account or an error message which is raised by the body content of the response.

checking user name or user email already exists

I am working in a simple registration page where the user can’t enter the same user name or email, I made a code that prevent the user from entering the username and it worked but when I tried to prevent the user from entring the same username or email it didn’t work.

and my question is, «How can I add another condition where the user can’t enter email that already exists?»

I tried to do it in this code, but it did’t work:

but i get this error:

There is already an open DataReader associated with this Command which must be closed first.

5 Answers 5

Trending sort

Trending sort is based off of the default sorting method — by highest score — but it boosts votes that have happened recently, helping to surface more up-to-date answers.

It falls back to sorting by highest score if no posts are trending.

Switch to Trending sort

First you should have Data Access Layer. This should be project in big solutions but in your case you can put it like new directory. In this directory you create SqlManager class here is the code:

After that you should have Business Object Layer. In bigger solution is project in your case directory. If you are in the page TaxesEdit.aspx, you should add Tax.cs class in the BO(business object).

Example of methods for the class, for your first button:

You fetch all the needed data in datasets. After that you make checks like taxesDst.Tables[0].Rows.Count > 0 (or == 0)

For Insert you can have method like this:

For this you need to have property TableName in the current BO class.

In this case this methods can be used everywhere and you need only one line of code to invoke them and no problems like yours will happen.

How to check «user email already exists» in firebase using Android Studio

Part of Google Cloud Collective

I’m trying to change my code. But, its failed. My output still the same. Which is, if the user put an email that is already exist or not already exist. The validation «This email has been registered.» still came out. Why? Can someone whats wrong with my coding?

Here are my method:-

While this half coding, I’m trying to call back the method isCheckEmail:-

4 Answers 4

Trending sort

Trending sort is based off of the default sorting method — by highest score — but it boosts votes that have happened recently, helping to surface more up-to-date answers.

It falls back to sorting by highest score if no posts are trending.

Switch to Trending sort

this method works to check either email existed or not

fetchProvidersForEmail is an async call so you have to make use of its return value with the callback.

return true on the main thread will not work.

Here is the solution :

First Create an interface with the method (success)

Your checkEmail Method should be like this:

Finally call your isCheckEmail like this :

Hope this helps you.

Firebase automatically tells you if an email that you want to create an account with already exists. When creating an account you should check if the task was succesfull and under

you currently have the code

( it is pretty much the last line in the code you provided) but you should replace it with:

So you do not need to check if an email exists yourself because Firebase will automatically throw an exception and then you can for example display a toast.

This email already exists validation

I am making a React application where i submit the username, password and email to the mongo database.

Now I am trying to figure out how I could check inside of React whether the user or email already exists. Meaning so I could show an error-box telling the user to choose something else as an username.

I do know how to do it when I use Node.js and Handlebars. I know how to check my database with the Find() method of mongoose. But I just don’t understand how to think now that I am using React. When I check if the user already exists in the back-end and it shows that it does exist, how could I inform my front-end (React) that it does?

When I use node.js and handlebars I use flash messages, and it works fine. I guess my question could be summarized to, how should I do to get my React front-end to cooperate with my Node/Express back-end to share info about a username inside of the database already existing?

I have no code to show, this is more of asking for advice on what tools or methods I should use. I just can’t figure it out.

Thank you in advance!

3 Answers 3

Trending sort

Trending sort is based off of the default sorting method — by highest score — but it boosts votes that have happened recently, helping to surface more up-to-date answers.

It falls back to sorting by highest score if no posts are trending.

Switch to Trending sort

You’ll need to have your back-end inform your front-end about whether or not an email has already been used since the front-end has no way of knowing without the back-end.

Basically, when a user tries to register, you should send your registration request from the front-end to the back-end without worrying about duplicate emails. The response from the server should indicate whether or not registration was successful, and if not, why not.

For example the registration component in your React code might look something like this:

Where sendRegisterRequest is some module that handles sending registration requests to the server.

Note that this front-end logic expects the server to respond with status 200 on successful registration and with something else (status 400) if there is an error. Also if there is an error, the server should respond with a payload body that looks like: <"error": "That email is already in use">.

You mention that you know how to check for existing email addresses on the server, so just check in that manner before creating a new account, and if the email address is already in use send the error payload with a status of 400.