[RFC] Usability: Login on registration / verification after registration

Note: We are moving the topics of this forum and it will be deleted at some point

Publish your own request for comments/change or patches for the next version of phpBB. Discuss the contributions and proposals of others. Upcoming releases are 3.2/Rhea and 3.3.
XTF
Registered User
Posts: 49
Joined: Sun Dec 04, 2011 6:31 pm

Re: [RFC] Usability: Login on registration

Post by XTF »

Erik Frèrejean wrote:Why not simply login the user when he clicks the activation link?
+1
One might even go one step further and do registration after email address verification. Would avoid unregistered users.

Atramez_Zeton
Registered User
Posts: 32
Joined: Mon May 08, 2006 10:14 am

[RFC] email verification after login

Post by Atramez_Zeton »

Greetings,

I suggest we add a feature to allow new registered users to login even if they didn't verify their email but will have the same permission as a visitor and will get a notification box asking them to verify the account through the email, also give an option to resend email verification in case the user didnt notice they need to verify or if the email was blocked by filters or anti-spam programs...etc or in case they entered the email wrong so they can fix it and enter a correct one, like that you can avoid a lot of trouble to get in contact with admin.

here is an image from github.com that might explain more what i mean:
verification.png
(39.08 KiB) Downloaded 650 times

User avatar
nickvergessen
Former Team Member
Posts: 733
Joined: Sun Oct 07, 2007 11:54 am
Location: Stuttgart, Germany
Contact:

Re: [RFC] email verification after login

Post by nickvergessen »

Member of the Development-TeamNo Support via PM

User avatar
Pony99CA
Registered User
Posts: 986
Joined: Sun Feb 08, 2009 2:35 am
Location: Hollister, CA
Contact:

Re: [RFC] Usability: Login on registration

Post by Pony99CA »

I just saw this topic (thanks to a link from the email verification after login RFC topic), so this might be old news, but I didn't see it mentioned.
Erik Frèrejean wrote:Why not simply login the user when he clicks the activation link?
That sounds like a disaster waiting to happen. Suppose I intercept your E-mail (E-mail isn't private by any means) and click your activation link. Then I'm logged in as you and can do anything that I want.

Bad idea.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

Oleg
Posts: 1150
Joined: Tue Feb 23, 2010 2:38 am
Contact:

Re: [RFC] Usability: Login on registration

Post by Oleg »

Pony99CA wrote: Suppose I intercept your E-mail (E-mail isn't private by any means) and click your activation link. Then I'm logged in as you and can do anything that I want.
If you are able to intercept someone's email, you can simply request a password reset after the account is activated by its rightful owner.

Atramez_Zeton
Registered User
Posts: 32
Joined: Mon May 08, 2006 10:14 am

Re: [RFC] Usability: Login on registration

Post by Atramez_Zeton »

I didnt notice this topic even after search and i made a new one but will just copy what i said to here
Atramez_Zeton wrote:Greetings,

I suggest we add a feature to allow new registered users to login even if they didn't verify their email but will have the same permission as a visitor and will get a notification box asking them to verify the account through the email, also give an option to resend email verification in case the user didnt notice they need to verify or if the email was blocked by filters or anti-spam programs...etc or in case they entered the email wrong so they can fix it and enter a correct one, like that you can avoid a lot of trouble to get in contact with admin.

here is an image from github.com that might explain more what i mean:
verification.png
(39.08 KiB) Downloaded 797 times

Post Reply