[Usability] Reducement of confirmation pages / Allow undo

General discussion of development ideas and the approaches taken in the 3.x branch of phpBB. The next feature release of phpBB 3 will be 3.3/Proteus.
Forum rules
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.1. If you need support for phpBB 3.1 please visit the 3.1.x Support Forum on phpbb.com.

If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
User avatar
ameeck
Registered User
Posts: 86
Joined: Sun Nov 13, 2005 6:43 pm
Location: Prague, Czech Republic
Contact:

[Usability] Reducement of confirmation pages / Allow undo

Post by ameeck » Sun Dec 20, 2009 5:49 pm

Current situation

One of phpBB2/3's annoyances is constant reloading of pages and the confirmation of every possible action. This includes topic moderation, user management, board management and many other features.

It is understandable that there should be a step before deleting a post or a message. Displaying this message when moving a topic is an example of excessive use.

Proposed implementation
  • Reduce confirmation messages, leave them for system-based actions such as database procedures and mass pruning
  • Implement "undo feature" for deletion of data
  • Let users move and edit data without warnings - when the effect is reversible, e.g. moving a topic shouldn't have to be confirmed
  • In system or complex features, explain risks in the interface, do not use alerts or confirmation
  • For simple features, rely on the user's common sense
Please think before you post.

User avatar
jwxie
Registered User
Posts: 57
Joined: Mon Jan 23, 2006 3:38 am

Re: [Usability] Reducement of confirmation pages / Allow undo

Post by jwxie » Sun Dec 20, 2009 6:33 pm

ameeck wrote:Current situation

One of phpBB2/3's annoyances is constant reloading of pages and the confirmation of every possible action. This includes topic moderation, user management, board management and many other features.

It is understandable that there should be a step before deleting a post or a message. Displaying this message when moving a topic is an example of excessive use.

Proposed implementation
  • Reduce confirmation messages, leave them for system-based actions such as database procedures and mass pruning
  • Implement "undo feature" for deletion of data
  • Let users move and edit data without warnings - when the effect is reversible, e.g. moving a topic shouldn't have to be confirmed
  • In system or complex features, explain risks in the interface, do not use alerts or confirmation
  • For simple features, rely on the user's common sense
Yes I agree on the revision part, like those on wiki and wordpress. Although it generates a lot of unwanted data but we can set an expiration.
Edit and move with confirmation is definitely a pain, agree to remove them - those should be the common sense.
For the third point - I would like to see the risk statement in this style
User JohnWong - Stack Overflow.png
(3.79 KiB) Downloaded 180 times
This should also be how PM works - and any moderation actions.

User avatar
Eelke
Registered User
Posts: 606
Joined: Thu Dec 20, 2001 8:00 am
Location: Bussum, NL
Contact:

Re: [Usability] Reducement of confirmation pages / Allow undo

Post by Eelke » Sun Dec 20, 2009 7:39 pm

I agree with a lot and I actually just posted something similar in an unrelated thread. When you say, "When something is undoable, do not ask for confirmation", I agree, but I also think that undoing the action should be extremely easy. Just compare with, for example, GMail. It will display something like this, in a message area (so no separate confirmation page):
The conversation has been deleted. Undo?
"Undo?" is a link that will revert the action immediately.

The same should be true for e.g. moving a thread in phpBB. There should be a link to immediately undo the taken action (e.g., although the user could theoretically move the message back by again clicking "Move" and then selecting the forum where they just moved the conversation from, that doesn't "count" as undo to me).
ameeck wrote:Let users move and edit data without warnings - when the effect is reversible, e.g. moving a topic shouldn't have to be confirmed
I'd like to take this one step further, actually, just like Google is doing. Don't ask confirmation for anything, just do it. And make it rediculously simple to undo the action (as outlined above). In other words, anything should be undoable, at least immediately after taking the action. This is actually what usability experts are now saying; it is becoming far too natural for users to just click "Yes" when they are asked "Are you sure?", up to a point that you might as well not ask it at all. They are almost as likely as regretting their action when they asked for confirmation, as when they aren't. So, don't bother them with a question they will most likely answer "yes" to anyway, but instead allow them to roll back when they change their mind.

User avatar
ameeck
Registered User
Posts: 86
Joined: Sun Nov 13, 2005 6:43 pm
Location: Prague, Czech Republic
Contact:

Re: [Usability] Reducement of confirmation pages / Allow undo

Post by ameeck » Sun Dec 20, 2009 8:02 pm

Sure, that's also a possibility. Take deletion actions as a bare minimum which should have Undo links, other actions would be nice, but not necessary.

The undo functionality is a key feature when removing mostly useless confirmation messages, no doubt about that.
Please think before you post.

Desdenova
Registered User
Posts: 13
Joined: Wed Jul 22, 2009 6:45 pm

Re: [Usability] Reducement of confirmation pages / Allow undo

Post by Desdenova » Mon Dec 21, 2009 12:37 am

The largest issue is that of designing an implementing an "undo" for certain things. If you were to delete a topic, it should use a confirmation and not an undo as otherwise you have to temporarily store that data somewhere while you make it possible to undo the action -- which means most likely that SQL would need to be stored. And that, itself, would be a headache with security.

For things like moving posts, I can see that being a good option, but not for something like deleting a post or a topic.

User avatar
ToonArmy
Registered User
Posts: 335
Joined: Fri Mar 26, 2004 7:31 pm
Location: Bristol, UK
Contact:

Re: [Usability] Reducement of confirmation pages / Allow undo

Post by ToonArmy » Mon Dec 21, 2009 12:56 am

ameeck wrote:Reduce confirmation messages, leave them for system-based actions such as database procedures and mass pruning
Doing anything in phpBB is a database procedure and confirmation boxes are for sanity checks and CSRF protection. But I agree from a user stand point currently they are very excessive, we need to strike a balance. Undo functionality will certainly help adjusting the balance to be more user friendly.
Chris SmithBlogXMOOhlohArea51WikiNo support via PM/IM
Image

code reader
Registered User
Posts: 653
Joined: Wed Sep 21, 2005 3:01 pm

Re: [Usability] Reducement of confirmation pages / Allow undo

Post by code reader » Mon Dec 21, 2009 12:57 am

Desdenova wrote:The largest issue is that of designing an implementing an "undo" for certain things. If you were to delete a topic, it should use a confirmation and not an undo as otherwise you have to temporarily store that data somewhere while you make it possible to undo the action -- which means most likely that SQL would need to be stored. And that, itself, would be a headache with security.

For things like moving posts, I can see that being a good option, but not for something like deleting a post or a topic.
basically what you say is that for some operation, implementing "undo" is more difficult than others.
i think it is hard to argue against this - it is almost "self evident".
however, if the following route is taken:
-- try to come up with some "undo" mechanism, and try to make it as generic as possible.
-- begin implementing individual "undo" for more and more specific actions, using the generic infrastructure whenever possible
-- while doing so, whenever difficulties are encountered, always prefer to teach the generic mechanism to handle "yet another type of action" over solving one individual case.
-- every operation that gains an "undo" immediately loses the "are you sure".

hopefully, eventually we will get to a state where the "are you sure"s will be so rare that the operator *will* pay attention when she sees one.

specifically, i do not think that "delete" is an especially hard one to teach undo.

of course, there are *some* operations where "undo" just does not make sense: e.g., when you prune posts in order to reduce DB size, enabling "undo" will negate the objective of the action.
in those cases, maybe instead of "are you sure" a more specific "did you backup" (or whatever fits the case) should be used.
taken to the extreme, the undoable action can just be refused unless a recent enough backup was performed.


peace.

User avatar
EXreaction
Registered User
Posts: 1555
Joined: Sat Sep 10, 2005 2:15 am

Re: [Usability] Reducement of confirmation pages / Allow undo

Post by EXreaction » Mon Dec 21, 2009 2:24 am

ToonArmy wrote:
ameeck wrote:Reduce confirmation messages, leave them for system-based actions such as database procedures and mass pruning
Doing anything in phpBB is a database procedure and confirmation boxes are for sanity checks and CSRF protection. But I agree from a user stand point currently they are very excessive, we need to strike a balance. Undo functionality will certainly help adjusting the balance to be more user friendly.
Protection against CSRF doesn't require confirmation boxes in many places (only few I can think of are deleting/reporting a post), most of the areas are protected by form keys. I think that much of the things where we have confirmation boxes on, such as permanently deleting things, should stay, but, if the user has Javascript enabled, we can use the Javascript confirmation boxes which are much nicer (otherwise use something like we have).

Desdenova
Registered User
Posts: 13
Joined: Wed Jul 22, 2009 6:45 pm

Re: [Usability] Reducement of confirmation pages / Allow undo

Post by Desdenova » Mon Dec 21, 2009 2:30 am

code reader wrote:specifically, i do not think that "delete" is an especially hard one to teach undo.
When you use a DELETE FROM table WHERE some_id = 1, you would basically have to recreate that entry. It isn't easily reversed. All the more reason for something like a "soft delete".
code reader wrote:taken to the extreme, the undoable action can just be refused unless a recent enough backup was performed.
That's not exactly user friendly...if your software is refusing to do something even when you are a full blown administrator, it tends to be a very motivating reason to change software platforms. When I use a computer (and have full control of it) I expect it to do what I want when I want.
EXreaction wrote:Protection against CSRF doesn't require confirmation boxes in many places (only few I can think of are deleting/reporting a post), most of the areas are protected by form keys. I think that much of the things where we have confirmation boxes on, such as permanently deleting things, should stay, but, if the user has Javascript enabled, we can use the Javascript confirmation boxes which are much nicer (otherwise use something like we have).
If it's something like the alert() box, I'll state this right now: I find it absurdly tacky to use that. Maybe something like a jQuery in-page confirm would work better (and have more appeal) for everyone.

User avatar
Sam
Registered User
Posts: 31
Joined: Fri Jan 23, 2009 10:24 pm

Re: [Usability] Reducement of confirmation pages / Allow undo

Post by Sam » Mon Dec 21, 2009 3:39 am

Instead of a straight out delete statement, it would probably be better if you simply set a 'status' column to on-queue-to-delete or something of that nature, meaning the data is not gone, but is in limbo before it leaves the undo history and a garbage collection action is taken and it is purged from the database. It is much easier said than done programatically, but it isn't impossible.

Regarding confirm boxes, I thought the biggest CSRF protection was its built in use of the forum_key functions, which can (and should be done) with any other HTML webfrom submission.

Post Reply