Main menu
You are here
TMError.txt
Description:
- The TMError.txt page feeds the messages located at the top of many pages.
- The TMError.txt page is referenced as F_HTML_PAGE_MESSAGE.
Location:
htdocs/1/WebPagesEN
Caveat changing some error messages
 |
You may change any error message that you wish to suit the needs of your venue. However, a few pertain to the sign-in process and may indicate that an email address cannot be used which you may not want to change.
During our Oct 2016 PCI audit, we were required to them generic because it is against PCI rules to divulge information or conditions that could make it easier for a hacker to gain access to a patrons account. Visa/Master Card's reasoning is simple: If you say the email exists, then a hacker would likely cross reference that with other information stolen or bought on the internet. Since people tend to use the same passwords across web sites, they would cross reference and might gain access. For your safety and the safety of your patrons, we ensure Theatre Manager passes the PCI Audit- to give you less to worry about. The PCI council places 100% web site security over empathy to make any commerce web site easier for patrons to use. |
| Message # | Purpose of error message that could occur during login process | Message before being genericized for PCI Audit |
|---|---|---|
| 10012 | error message if email address could not be found in the database during the login process. | Error - Please enter a valid email address and password combination. |
| 10013 | error message if email does exist in the database, but password is incorrect during login. Should be same message as 10012 to limit ability to delineate this condition | Error - invalid email address and password combination{br}(note: password is case sensitive). |
| 10032 | the response if email address found and message sent to patron. it is now generc to say that if the email address was found, then an email would be sent, which does not give away the fact that the email adddress does exist | A password reset has been sent to your email address at {email}.{br}Please look for the email and follow the instructions on it. |
| 10034 | response for email address not in the database. The message is set to be same as 10032 for PCI/OWASP compliance so that no information is conveyed back to the user as to success or failure of the request - it helps prevent finding information in the system for brute force attacks. | We're sorry, there are no accounts associated with the email address {email}. Please verify it. |
| 10255 | response indicating email address appears invalid because we are unable to lookup the mail exchange server for that email address. Again, according to PCI/OWASP, it is more secure to simply say the email address is invalid (and we suggest to contact the box office) | {contents} appears invalid. Unable to lookup the mail exchange server for that email address. |
| 10256 | response indicating email address appears invalid because we are unable to lookup the DNS server for that email address. Again, according to PCI/OWASP, it is more secure to simply say the email address is invalid (and we suggest to contact the box office) so this message is set to the same as 10255. | {contents} appears invalid. Unable to lookup the DNS server for that email address. |
| 10257 | response indicating email address is already on file and to use 'forgot password' instead. Again, according to PCI/OWASP, it is more secure to simply say the email address is invalid (and we suggest to contact the box office) so this message is set to the same as 10255. | {contents} is currently in use and cannot be used for the creation of a new account.{br}If this is your email address, please request your password instead. |
Able to Call Page(s):
- Not Applicable
Called By Page(s):
- palmCheckin.html
- palmCheckout.html
- palmTime.html
- TMattendance.html
- TMcart.html
- TMcheckout.html
- TMcheckoutCardError.html
- TMcheckoutNoItems.html
- TMcheckoutNoPayment.html
- TMcheckoutProcessing.html
- TMcoupon.html
- TMdonation.html
- TMdonationmonthly.html
- TMfutureTickets.html
- TMfutureTicketsPrint.html
- TMhome.html
- TMlogin.html
- TMloginSelectPatron.html
- TMlogoff.html
- TMlogoffOpenCart.html
- TMmaillist.html
- TMmaillistDisallow.html
- TMmaillistQuickAdd.html
- TMmaillistVerify.html
- TMoldCartDetails.html
- TMoldCartDetailsPrint.html
- TMoldCartDetailsPrint.html
- TMoldCartHeaders.html
- tmPackageDefault.html
- TMpass.html
- TMpassAskAmount.html
- TMpasswordChange.html
- TMpasswordForgot.html
- TMpasswordResetChange.html
- TMpatronLimitedProfile.html
- TMpatronNew.html
- TMpatronUpdate.html
- TMsubscriptionMapDefault.html
- TMsubscriptionMapDefaultf.html
- TMsubscriptionPriceMapDefault.html
- TMsubscriptions.html
- TMsubscriptionsMapDefaultf.html
- TMsubscriptionsPriceMapDefault.html
- TMsubscriptionsRenew.html
- TMsys404.html
- TMsysBackupInProgress.html
- TMsysCookiesDisabled.html
- TMsysInvalidCall.html
- TMsysInvalidCallDirect.html
- TMsysInvalidCallNoAccess.html
- TMsysInvalidFunction.html
- TMsysWebSalesDisabled.html
- TMtickets.html
- TMticketscalendar.html
- TMticketsMaxPurchased.html
- TMticketsPrice_MapDefault.html
- TMticketsSection_MapDefault.html
- TMticketsSection_MapDefaultc.html
- TMticketsSection_MapDefaultf.html
- TMticketsSoldOut.html
- TMvolcalendar.html
- TMvolunteer.html
Page(s) Referenced:
- Not Applicable