XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. Xoops Development / 
  3. Feature Request 
  4.  / Account re-activation required on Profile email changes
Register
1
tl
Account re-activation required on Profile email changes

  • 2002/6/25 19:51

  • tl

  • Friend of XOOPS

  • Posts: 999

  • Since: 2002/6/23


Currently, once a user had created an account, he could change his/her email address to anything without any verifications.

For security and spams-preventing reasons, it would be extremely useful of requiring account re-activation if a user had modified his/her email address.
2
goghs
Re: Account re-activation required on Profile email changes

  • 2002/7/4 15:48

  • goghs

  • Posts: 8

  • Since: 2001/12/13


Yes this makes sense.
Maybe we can add the logic like this:
when a user changes his email, his account will be disactivated, and then an email with activation code will be sent to his new email.
It can be an option.
3
MaxIT
Re: Account re-activation required on Profile email changes

  • 2002/7/4 16:34

  • MaxIT

  • Just popping in

  • Posts: 65

  • Since: 2002/11/8


Quote:
when a user changes his email, his account will be disactivated, and then an email with activation code will be sent to his new email.

Totally agree.
4
madraver
Re: Account re-activation required on Profile email changes

  • 2002/7/4 23:47

  • madraver

  • Just popping in

  • Posts: 9

  • Since: 2002/3/8 1


Quote:
For security and spams-preventing reasons, it would be extremely useful of requiring account re-activation if a user had modified his/her email address.


Hear, Hear!

That would a great addition to the already great CMS. Security is always a concern on this wide world of global communities.
5
MaxIT
Re: Account re-activation required on Profile email changes

  • 2002/7/5 15:18

  • MaxIT

  • Just popping in

  • Posts: 65

  • Since: 2002/11/8


Quote:
Currently, once a user had created an account, he could change his/her email address to anything without any verifications.

In the waiting for this useful fix, I've skipped this problem by removing the option to change the email by XOOPS users (RC2-only hack)

Just look at the edituser.php file at line 43:

<table cellpadding='8' border='0'><tr><td><form name='userinfo' action='edituser.php' method='post'><b>". _US_REALNAME ."</b> ". _US_OPTIONAL ."<br /><input class='textbox' type='text' name='name' value='". $xoopsUser->name("E")."' size='30' maxlength='60' /><br /><b>". _US_EMAIL ."</b> ". _US_REQUIRED ."<br />". _US_THISWILLBEPUBLIC ."<br /><input class='textbox' type='text' name='email' value='". $xoopsUser->email("E") ."' size='30' maxlength='60' /><br />". _US_OPTION ." <input type='checkbox' name='user_viewemail' value='1'";

and change it in this way:

<table cellpadding='8' border='0'><tr><td><form name='userinfo' action='edituser.php' method='post'><b>". _US_REALNAME ."</b> ". _US_OPTIONAL ."<br /><input class='textbox' type='text' name='name' value='". $xoopsUser->name("E")."' size='30' maxlength='60' /><br /><b>". _US_EMAIL ."</b> ". _US_REQUIRED ."<br />". _US_THISWILLBEPUBLIC ."<br />". $xoopsUser->email("E") ."<br />". _US_OPTION ." <input type='checkbox' name='user_viewemail' value='1'";

Rc3 is some different and I'm still working on it (but should be easier)

Why should use a temporary solution? well, as soon I've published on xoops.it about this issue, just 2 minutes after lots of trolls was subscribing with fantasious email addresses
6
MaxIT
Re: Account re-activation required on Profile email changes

  • 2002/7/8 14:17

  • MaxIT

  • Just popping in

  • Posts: 65

  • Since: 2002/11/8


Sorry, there is a bug in this hack:
you need to add this before line 123 to make it work properly:

$email = $xoopsUser->email("E");

Otherwise, $email value previously taken from text box will be empty ad an error will occour while you try saving user profile.
7
MaxIT
Re: Account re-activation required on Profile email changes

  • 2002/7/25 12:39

  • MaxIT

  • Just popping in

  • Posts: 65

  • Since: 2002/11/8


Quote:

goghs wrote:
Yes this makes sense.
Maybe we can add the logic like this:
when a user changes his email, his account will be disactivated, and then an email with activation code will be sent to his new email.
It can be an option.


A doubt came in my mind thinking about this logic: if you disable a user when he change email, waiting for a new activation click, what will happen if user has written a wrong email?

Whith this logic, his/her account will be disabled, and as long as he will not receive that new activation email sent to a wrong address, the user account will remain disabled!

possible solution:

- when user change the email address, the new activation code will be sent to both new & old email address.
8
schwim
Re: Account re-activation required on Profile email changes

  • 2002/8/2 4:41

  • schwim

  • Just popping in

  • Posts: 11

  • Since: 2002/7/25


Another solution is to give him 24 hours before it changes back to his origional e-mail

:)
Jason
9
netwize
Re: Account re-activation required on Profile email changes

  • 2002/8/6 19:13

  • netwize

  • Just popping in

  • Posts: 89

  • Since: 2002/1/20


email should not be touch by members, just like nickname.


any ideas on how to make email field on edit profile to "read only"?

10
MaxIT
Re: Account re-activation required on Profile email changes

  • 2002/8/6 19:29

  • MaxIT

  • Just popping in

  • Posts: 65

  • Since: 2002/11/8


Quote:
any ideas on how to make email field on edit profile to "read only"?

if you read the whole thread you'll see I published this hack

Quote:
In the waiting for this useful fix, I've skipped this problem by removing the option to change the email by XOOPS users (RC2-only hack)
etc.

(1) 2 »

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

115 user(s) are online (87 user(s) are browsing Support Forums)

Members: 0

Guests: 115

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Apr 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits