provided by Star2Billing S.L.

I registered two times with the same email address.

When logging in the webinterface with email and password and put a voucher number in, the other account is credited.

Same with IAX settings: Looking them up in the customerinterface of userII (same email) results in 'no peers' message.

How can the system accept 2 times the same email when the email is used as login in the customers interface?!

Regards
Dirk

Use cardalias/uipass to login rather than email/uipass perhaps?

Unfortunately its the same. Same problem when you log in with the 'card number'.
So it seems the system makes a connection toaccounting thru the email address rather than the card number

By the way: IE problem solved: Accept cookies

I'm not using A2B 1.3 yet, but I modified 1.2.3 to login using email but discriminates on the password. In other words, the same routine (et al) that randomly generates the alias and pin was modified to make the password also unique in the database even when changed by the user. This allows the same email to be used multiple times.
The main A2B processes still use the alias. Email is used just for an alternate userid, not for updates etc.

If a user attempted to set a password that existed in the database, no action is taken. If while generating a
set of unique values for alias, pin and password fails, processing returns. Not sure if this is a good method but it's working.

dwiesemann, I know this does not help you right now, but I just throwing out an idea.

This is a serious bug and should be addressed. The primary key of the cc_card table is the only thing that should be used to discriminate one user from another, not a username or a password.

A2b currently uses the alias/userid to discriminate one user from another during login not the cc_card table key. I believe at one point the key/pin was used but found not to be safe. The alias was created instead and the cc_card key is now only used internally based on the alias.

As you know, the argument is that the alias is too long. So now in my previous post we have pin->alias->password all unique pointing to each other. so email can be used for userid but will match only one time based on password.

The version I'm using was not built to allow login via email. Hence, another problem is posed when the email is used more than once. The quick and dirty way to allow safe email login was to not let anyone have the same password.

The alternative was to create a shorter userid which would still have to be unique which defeated the purpose of allowing email login.

As for A2B 1.3, it sure sounds like a serious bug if email is used in the way suggested.

Well, now that I am aware of that, Our a2b installation will never allow that.

The only password discrimination that we are planing to have will use something like the asterisk DISA feature. It will allow more than 1 account to be used on the same caller ID. So in a household with many roommates sharing the same phone, each roommate will be able to use a2b in callback mode or in direct dial mode without using his roommates' minutes.

Other than that, I don't really see how and why different passwords should be used to select different accounts having the same username (email in that case).