Patrons can't use an email address

Why can't a patron use an email address?

If a person cannot create an account with a specific email address within Theatre Manager web sales, it is for one of 3 reasons:

  • The email address is already in the system for one patron and the only course of action is to request a forgotten password
  • The email address is in the system but attached two TWO OR MORE patrons in different households. TM allows sharing of an email within a household, but not across households. So, TM denys use of that email address until the box office sorts out who really owns it using the find duplicate email address function. It could be that people need merged from two separate data imports, or one person should not have it.
  • we cannot find the domain name or there is no MailBox (MX) server for the email address. Perhaps they've specified something like ImBad@rotten.org - which really doesn't exist, so we can't create it.
Unless you have changed messages in tmError.txt to the contrary, use the above checklist to check email address rejection.

The forgot my password web page shows this generic message.

Why can't the messages be more specific?

Can Theatre Manager actually distinguish amongst the types of errors above? yes it can - there are actually separate error messages in the tmError.txt for all these situations. However, they just happen to say the same thing 'Email address can't be used'

Why is that? The PCI council (Visa and Mastercard) make all the rules as to what kinds of applications are compliant. Theatre Manager is audited and approved by the PCI council to make sure we follow the rules of safe storage of their credit card data and safe online web sales following their prescribed audit cycles.

One of the rules concerns privacy. A web site should NOT give back any information about accounts and login credentials. The thinking is that if there is an easy way for a bad buy to find out which email addresses are in a system, they are half way there to logging in. Thats because people tend to use the same id's and passwords at many sites. So, if they've cracked another site, then its easier to infiltrate venues that give out this kind of knowledge.