Security Questions Not Accepting Correct Answer

[teh elgee]

Very rarely, my forum will reject an answer to one of the security questions at registration. It doesn't always do it, just occasionally and it's always the same question.

The answer to the question is the number 0, and the couple users that have reported it added that if you gave the answer as 00, it would accept it.

I did check the question and answer itself in the settings, and the answer it should accept is 0.

Is there any reason for it to be doing this? Any way to prevent it from happening again?

Forum version is 2.0.4, and while I do have mods installed, none of them have anything to do with registration or security.

[Kindred]

I think there may be a glitch...   however the easiest fix is just don't use "0" as an answer.

[alexandria777]

Just substitute '0' for '1' for example, or something else. It should help.

[Illori]

0 is not a valid answer for any of the verification questions, it should not have taken 0 in the admin panel so it would not take it from the users.

[Arantor]

Well, it's not exactly a glitch, it is actually by design that it does this - but some people disagree with the design.

The reason is that the test used is empty(), and empty() considers an empty string, the value false, the number 0 all to be empty. Even when you put a 0 in a form, that will trigger PHP's empty() as being true because of the way PHP juggles types of data.

[Kindred]

RIGHT!   I knew there was a reason (and it had been explained before) I just mis-remembered it as a "glitch" as opposed to "works as designed by code"

[Arantor]

Off hand, I believe it was changed in 2.1 but I haven't checked that part of 2.1's code yet (there is a lot of change from 2.0 to 2.1 and I have only studied parts of 2.1 thus far)