Webmail deficiencies

[Ebonweaver]

I've worked in IT for 20 years. Recently I obtained shared hosting that uses cpanel and by extension webmail for email. Based on experience of countless other systems, there are two significant deficiencies that are rather perplexing to the webmail login experience.

1. If there is any authentication failure, the page simply reloads. No error is given. No indication of issue is given. Zero feedback makes it appear there is a site failure. Expected (obvious) behavior: things like "name or password incorrect", and the apparently extremely important "use full email address when authenticating", which leads us to...

2. You need to type a full email address to log in. Why? This is unheard of in modern technology outside of this system. If I'm authenticating to https://mydomain.com:2096 it is blatantly obvious what the DNS suffix is, and therefore I should only have to type a username not a full address. I understand you could have multiple domains on a server, but then there are multiple domain login pages and each one should cleanly and simply handle its own users. At the very least if there is some reason the obvious functionality can't be in place the form should do basic syntax checking. That is, there is no reason when I tab to the password field and the email field does not contain @. syntax that it's not highlighting in red with error message if that's a requirement.

I've heard of cpanel for years but never used it. I'm dumbfounded how it can suffer from such fundamental issues. cpanel login does not have these issues yet webmail does. Also, webmail docs say to log in with username when seemingly they should say full email address, so the docs are deficient on top of the UI/platform issues. Baffling unless I'm totally missing something/ this is due to the hosting provider in some way?

 

[cPRex]

Hey there! For issue number 1, we do present a red banner that shows "The login is invalid" - it's temporary, and is only there for ten seconds, but it does show up to the end-user. We don't show anything else as that could be a security issue. For example, showing "Invalid password" would indicate the username is correct, and we don't want to tell people that if they shouldn't have access.

For number 2, this seems pretty standard to me. If I go to Gmail, I still have to type in [email protected] to sign in, even though it should "know" I'm logging in to Gmail. cPanel authentication works the same way - you can visit domain.com:port, or domain.com/webmail, or even hostname.com/webmail and get to the webmail login page, so the full address is required.

 

[Ebonweaver]

For issue 1, no you don't. Sorry, but as I said there is no error of any sort, not even for 10 seconds. If you expect otherwise, then there seems to be a bug.

For number 2, again no you don't. I have a gmail account, you don't need to type the full address, just the username. Regardless, the improvements I mention to the UI apply even if you think that syntax is standard.

 

[cPRex]

Here is a link to a short recording of the expected behavior I see on my end. Notice the red bar at the top that shows "The login is invalid" that shows up for a brief period: webmail login

Are you not seeing that?

As far as the full email address, we have no plans to change that requirement.

 

[Ebonweaver]

No, that does not appear.

 

[cPRex]

What version of cPanel are you using?

 

[Ebonweaver]

102.0.18

 

[cPRex]

That's odd - that behavior hasn't changed for quite a while. Have you tried another browser?

 

[Ebonweaver]

Yes, Firefox and Chrome.

 

[cPRex]

I'm afraid I don't have a good explanation for that, then. We haven't changed the login interface for several years, so I'm not sure why you wouldn't be seeing that.

If you'd like to create a ticket with our team we can check the server on our side for you.