[RFC|Merged] Delete "Confirm e-mail address"

These requests for comments/change have lead to an implemented feature that has been successfully merged into the 3.1/Ascraeus branch. Everything listed in this forum will be available in phpBB 3.1.
Post Reply
User avatar
Pony99CA
Registered User
Posts: 986
Joined: Sun Feb 08, 2009 2:35 am
Location: Hollister, CA
Contact:

Re: [RFC|Merged] Delete "Confirm e-mail address"

Post by Pony99CA »

Senky wrote:Sorry, Steve, that "you" was pointing to anyone participating in this conversation.
Fair enough. Maybe it's a language issue, but I would have said "I don't understand why this is still being discussed after the merge" (or something similar).
Senky wrote:I am not development leader, however I just consider Merged patches to be merged. Process before merging is called discussion, because it is to be discussed before. After that, it should be implemented, merged, and kept... at least this is how I see development process...
In general, RFCs should not be reversed. However, imagine that phpBB 3.1 came out in Beta with E-mail confirmation removed and users hated it. Would you actually require a new RFC to undo the old RFC? I wouldn't; I'd just change the RFC status to Rejected and do whatever was required to "unmerge" (if Git uses labels on features/patches and the feature is labelled, you might be able to delete or deactivate the patch by label).

I certainly understand why some people want the change, but I feel that it's:
  • A potential support problem for some board owners -- nobody answered my question about password recovery for boards that don't require user activation.
  • Not a big time saver for people who copy/paste passwords anyway. Is Ctrl+A/Ctrl+C/Ctrl+V once when your register (and maybe again if you change E-mail addresses) such a huge burden?
  • Not all that popular even here. By my count of people who explicitly indicated a preference for this change, it was as follows:
    • 8 for: Oleg*, Sierron, Vinny*, bantu*, naderman*, igorw*, imkingdavid*, Senky
    • 8 against: Ger, DavidIQ*, nickvergessen*, marc1706*, *Daniel, Marshalrusty*, KnocksX, Pony99CA
    • 5 indeterminate: rxu*, XTF, Unknown Bliss*, brunoais, Noxwizard*
    NOTE: The asterisks after the names represent phpBB team members, and even they split 6-4.

    That's hardly a ringing endorsement for the change. On phpBB.com, it's often stated that the core doesn't get changed unless it benefits the whole community. This change couldn't even manage a majority here. :?
Finally, remember that the number of people who participate here is far smaller than phpbb.com (60858 registered members here versus 430896; and "active" members are probably far less). Better participation is one reason that I've argued that the RFC process should be held on phpBB.com. As it's not, maybe we could put a poll up for the users there to better gauge how important this change is (brunoais suggested something similar, too).

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

KnocksX
Registered User
Posts: 80
Joined: Thu Jul 19, 2012 2:03 am

Re: [RFC|Merged] Delete "Confirm e-mail address"

Post by KnocksX »

God, keep the phpBB.com users away from voting please. I am not 100% against this, btw, but I would like to know how the boards without activation issue is addressed. In general, I am pro anything that would make the forum more user friendly (and imitate commercial software when needed) without taking away an important functional feature.

At this point I just feel that arguing about this is a waste of resources. 3.1 is stalling because there is so much work to be done on Extensions. This is trivial compared to that.

Oleg
Posts: 1150
Joined: Tue Feb 23, 2010 2:38 am
Contact:

Re: [RFC|Merged] Delete "Confirm e-mail address"

Post by Oleg »

I proposed this change because I have a strong dislike of having to retype, or even copy-paste, information that is in plain sight. As has been pointed out, it is possible to copy-paste wrong email addresses. If you really care about your account you should take extra precautions to make sure you can access it. For a lot of users and boards out there, this is either not an issue or they can email administrators to recover/change their accounts.

Just as there isn't unanimous support for removing duplicated plain text fields, there isn't unanimous support for keeping them. Therefore, I would suggest the following:

1. Implement the facility to change one's email address and password, or possibly allow editing of any fields that can be filled out during registration, on a user account that is not activated.

2. Implement the "contact board administrator" feature to make it easy to contact admins in case of technical issues, such as misspelled email address.

3. If after that there are still complaints resulting from people mistyping their email addresses, and there are no reports from people appreciating shorter registration form/process, then we can debate reinstatement of duplicate plain text fields.

User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 1904
Joined: Thu Mar 02, 2006 4:29 pm
Location: Earth
Contact:

Re: [RFC|Merged] Delete "Confirm e-mail address"

Post by DavidIQ »

I think that if this were implemented then the user would need to be automatically signed in after they complete registration (I think there might be an RFC for this already). That way if they did make a mistake in entering their email then they can easily go into their UCP and change/fix it.
Image

KnocksX
Registered User
Posts: 80
Joined: Thu Jul 19, 2012 2:03 am

Re: [RFC|Merged] Delete "Confirm e-mail address"

Post by KnocksX »

DavidIQ wrote:I think that if this were implemented then the user would need to be automatically signed in after they complete registration (I think there might be an RFC for this already). That way if they did make a mistake in entering their email then they can easily go into their UCP and change/fix it.
Except they would have no way of knowing that they signed up with the wrong email address.

Oleg wrote: 1. Implement the facility to change one's email address and password, or possibly allow editing of any fields that can be filled out during registration, on a user account that is not activated.
There are so many forums where admins simply don't give a damn (or don't have time for this, and rightly so), that this would never work in practice.

User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 1904
Joined: Thu Mar 02, 2006 4:29 pm
Location: Earth
Contact:

Re: [RFC|Merged] Delete "Confirm e-mail address"

Post by DavidIQ »

KnocksX wrote:Except they would have no way of knowing that they signed up with the wrong email address.
Sure they would. First they wouldn't be able to post because they would still need to click on the verification link in the email they were sent. Second they would have some sort of notice throughout the forum that says they still need to verify their email address. So if they never received the email they would then go and verify they entered their email correctly and change it if needed. That could be suggested in the notice.
Image

User avatar
Pony99CA
Registered User
Posts: 986
Joined: Sun Feb 08, 2009 2:35 am
Location: Hollister, CA
Contact:

Re: [RFC|Merged] Delete "Confirm e-mail address"

Post by Pony99CA »

Oleg wrote:I proposed this change because I have a strong dislike of having to retype, or even copy-paste, information that is in plain sight. As has been pointed out, it is possible to copy-paste wrong email addresses. If you really care about your account you should take extra precautions to make sure you can access it. For a lot of users and boards out there, this is either not an issue or they can email administrators to recover/change their accounts.
Saying that users "should" take precautions is certainly true, but we all know that they don't. I'll bet that even most of us have messed up once or twice because we were in a hurry or were so used to typing something that we didn't notice the typo.

Regardless, your problem sounds more philosophical now, not liking the idea of having to type something twice that you can easily proofread. But lots of sites do that, like bill paying pages that want your bank's routing number and account number entered twice, even though you can easily read them.

Or, looking at it the other way, I've seen places that allow you to make your password visible (changing "********" to "password"). If I'm using that at home, I often make the password visible because there's nobody there to shoulder surf me. Why not implement that for phpBB (you could probably do it with JavaScript) and then only have one password entry field, too? ;)
Oleg wrote:Just as there isn't unanimous support for removing duplicated plain text fields, there isn't unanimous support for keeping them.
Yes, so "ties" should go to the status quo. ;)
Oleg wrote:Therefore, I would suggest the following:

1. Implement the facility to change one's email address and password, or possibly allow editing of any fields that can be filled out during registration, on a user account that is not activated.
I'm still not sure how this would work. Would an inactive member logging in get the current "not activated" message and then be redirected to the UCP to check their E-mail address, sort of like how users requiring password changes can get to that page?

If so, that sounds good even if we keep E-mail address confirmation. It will help those people who type the wrong E-mail twice. :)
Oleg wrote:2. Implement the "contact board administrator" feature to make it easy to contact admins in case of technical issues, such as misspelled email address.
This should be done regardless. I implemented such a change for a client and he loved it.

But now you're adding a dependency on another feature that presumably isn't merged yet. That seems like the wrong way to go about things. ;)
Oleg wrote:3. If after that there are still complaints resulting from people mistyping their email addresses, and there are no reports from people appreciating shorter registration form/process, then we can debate reinstatement of duplicate plain text fields.
Yuriy provided anecdotal evidence that people complain about mistyping E-mail addresses. And I can almost guarantee that the number of reports you'll get from people appreciating the change will be very small. People rarely report that they like small improvements. A better gauge would be if complaints about filling in the E-mail address twice drop off.

Anyway, it seems like a lot of effort has been spent over this RFC that won't really save much time, doesn't have overwhelming support and, to be implemented as described above, needs at least two more (possibly larger) changes. (I don't mean the effort in coding this -- I mean the effort in debating it. :))

And believe me, I hate unnecessary redundancy, like voice response systems that have me enter my account number and then, when I finally get an operator, get asked to tell them my account number or voicemail systems that ask you to type in your phone number even if you're calling from that phone. :roll: But having to retype my E-mail address has never bothered me to that extent.

I guess my problem is that I don't like a safety feature removed for a few users' philosophical problems and a miniscule potential savings. Opening the RFC for discussion was fine, but merging it when there wasn't consensus seems premature. As I mentioned above, staff often tells people on phpbb.com that their pet feature has to be good for a large chunk of the community to justify being added to the core, and I'm not sure that this passes that test.

However, if you're bent on keeping this merged, will you at least guarantee us that you'll implement those other two items before phpBB 3.1 goes Beta?

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

KnocksX
Registered User
Posts: 80
Joined: Thu Jul 19, 2012 2:03 am

Re: [RFC|Merged] Delete "Confirm e-mail address"

Post by KnocksX »

Anyone feel like doing a quick survey of how other forum packages handle this so we can just let this through or bury it? :roll:

User avatar
Pony99CA
Registered User
Posts: 986
Joined: Sun Feb 08, 2009 2:35 am
Location: Hollister, CA
Contact:

Re: [RFC|Merged] Delete "Confirm e-mail address"

Post by Pony99CA »

Here are some boards.
  • vBulletin: Registering at vBulletin.com and vBulletin.org both require E-mail confirmation.
  • Xenforo: Registering at xenforo.com does not seem to require E-mail confirmation.
  • Simple Machines: Registering at SimpleMachines.org does not seem to require E-mail confirmation.
  • Invision Power Board: Registering at InvisionPower.com does not seem to require E-mail confirmation.
I say "does not seem to" above because I didn't try to go deeper and see if they asked for the E-mail address again, but I'll presume that they do not.

I don't know how the last three handle the problem of entering an incorrect E-mail address, though.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

XTF
Registered User
Posts: 49
Joined: Sun Dec 04, 2011 6:31 pm

Re: [RFC|Merged] Delete "Confirm e-mail address"

Post by XTF »

So?
Not yet approved I guess. :p

Post Reply