xoops forums

tl

Friend of XOOPS
Posted on: 2002/6/25 19:51
tl
tl (Show more)
Friend of XOOPS
Posts: 999
Since: 2002/6/23
#1

Account re-activation required on Profile email changes

Currently, once a user had created an account, he could change his/her email address to anything without any verifications.

For security and spams-preventing reasons, it would be extremely useful of requiring account re-activation if a user had modified his/her email address.
Posted on: 2002/7/4 15:48
goghs
goghs (Show more)
Posts: 8
Since: 2001/12/13
#2

Re: Account re-activation required on Profile email changes

Yes this makes sense.
Maybe we can add the logic like this:
when a user changes his email, his account will be disactivated, and then an email with activation code will be sent to his new email.
It can be an option.

MaxIT

Just popping in
Posted on: 2002/7/4 16:34
MaxIT
MaxIT (Show more)
Just popping in
Posts: 65
Since: 2002/11/8
#3

Re: Account re-activation required on Profile email changes

Quote:
when a user changes his email, his account will be disactivated, and then an email with activation code will be sent to his new email.

Totally agree.

madraver

Just popping in
Posted on: 2002/7/4 23:47
madraver
madraver (Show more)
Just popping in
Posts: 9
Since: 2002/3/8 1
#4

Re: Account re-activation required on Profile email changes

Quote:
For security and spams-preventing reasons, it would be extremely useful of requiring account re-activation if a user had modified his/her email address.


Hear, Hear!

That would a great addition to the already great CMS. Security is always a concern on this wide world of global communities.

MaxIT

Just popping in
Posted on: 2002/7/5 15:18
MaxIT
MaxIT (Show more)
Just popping in
Posts: 65
Since: 2002/11/8
#5

Re: Account re-activation required on Profile email changes

Quote:
Currently, once a user had created an account, he could change his/her email address to anything without any verifications.

In the waiting for this useful fix, I've skipped this problem by removing the option to change the email by XOOPS users (RC2-only hack)

Just look at the edituser.php file at line 43:

<table cellpadding='8' border='0'><tr><td><form name='userinfo' action='edituser.php' method='post'><b>". _US_REALNAME ."</b> ". _US_OPTIONAL ."<br /><input class='textbox' type='text' name='name' value='". $xoopsUser->name("E")."' size='30' maxlength='60' /><br /><b>". _US_EMAIL ."</b> ". _US_REQUIRED ."<br />". _US_THISWILLBEPUBLIC ."<br /><input class='textbox' type='text' name='email' value='". $xoopsUser->email("E") ."' size='30' maxlength='60' /><br />". _US_OPTION ." <input type='checkbox' name='user_viewemail' value='1'";

and change it in this way:

<table cellpadding='8' border='0'><tr><td><form name='userinfo' action='edituser.php' method='post'><b>". _US_REALNAME ."</b> ". _US_OPTIONAL ."<br /><input class='textbox' type='text' name='name' value='". $xoopsUser->name("E")."' size='30' maxlength='60' /><br /><b>". _US_EMAIL ."</b> ". _US_REQUIRED ."<br />". _US_THISWILLBEPUBLIC ."<br />". $xoopsUser->email("E") ."<br />". _US_OPTION ." <input type='checkbox' name='user_viewemail' value='1'";

Rc3 is some different and I'm still working on it (but should be easier)

Why should use a temporary solution? well, as soon I've published on xoops.it about this issue, just 2 minutes after lots of trolls was subscribing with fantasious email addresses

MaxIT

Just popping in
Posted on: 2002/7/8 14:17
MaxIT
MaxIT (Show more)
Just popping in
Posts: 65
Since: 2002/11/8
#6

Re: Account re-activation required on Profile email changes

Sorry, there is a bug in this hack:
you need to add this before line 123 to make it work properly:

$email = $xoopsUser->email("E");

Otherwise, $email value previously taken from text box will be empty ad an error will occour while you try saving user profile.

MaxIT

Just popping in
Posted on: 2002/7/25 12:39
MaxIT
MaxIT (Show more)
Just popping in
Posts: 65
Since: 2002/11/8
#7

Re: Account re-activation required on Profile email changes

Quote:

goghs wrote:
Yes this makes sense.
Maybe we can add the logic like this:
when a user changes his email, his account will be disactivated, and then an email with activation code will be sent to his new email.
It can be an option.


A doubt came in my mind thinking about this logic: if you disable a user when he change email, waiting for a new activation click, what will happen if user has written a wrong email?

Whith this logic, his/her account will be disabled, and as long as he will not receive that new activation email sent to a wrong address, the user account will remain disabled!

possible solution:

- when user change the email address, the new activation code will be sent to both new & old email address.

schwim

Just popping in
Posted on: 2002/8/2 4:41
schwim
schwim (Show more)
Just popping in
Posts: 11
Since: 2002/7/25
#8

Re: Account re-activation required on Profile email changes

Another solution is to give him 24 hours before it changes back to his origional e-mail

:)
Jason

netwize

Just popping in
Posted on: 2002/8/6 19:13
netwize
netwize (Show more)
Just popping in
Posts: 89
Since: 2002/1/20
#9

Re: Account re-activation required on Profile email changes

email should not be touch by members, just like nickname.


any ideas on how to make email field on edit profile to "read only"?

MaxIT

Just popping in
Posted on: 2002/8/6 19:29
MaxIT
MaxIT (Show more)
Just popping in
Posts: 65
Since: 2002/11/8
#10

Re: Account re-activation required on Profile email changes

Quote:
any ideas on how to make email field on edit profile to "read only"?

if you read the whole thread you'll see I published this hack

Quote:
In the waiting for this useful fix, I've skipped this problem by removing the option to change the email by XOOPS users (RC2-only hack)
etc.