[RFC] Registration & Login Overhaul

Note: We are moving the topics of this forum and it will be deleted at some point

Publish your own request for comments/change or patches for the next version of phpBB. Discuss the contributions and proposals of others. Upcoming releases are 3.2/Rhea and 3.3.
User avatar
VSE
Extension Customisations
Extension Customisations
Posts: 670
Joined: Mon Mar 08, 2010 9:18 am

[RFC] Registration & Login Overhaul

Post by VSE » Tue May 17, 2011 4:05 am

In reference to this article, there are many really good suggestions that I think could be made to phpBB's login and registration forms.

Some key points:

Require Users to Type Their Password Only Once
Instead of forcing users to type a password twice, use javascript to allow the user the ability to unmask their password to check it. Stop password masking.
Image

Combat Spam by Hiding a Text Field With JavaScript, Instead of Using CAPTCHA
Spambots can’t fill in the field because they can’t interact with objects in client-side JavaScript; only users can.
Image

Allow Users to Log in With Their Email Address
Image

Log Users in Without Leaving the Page
Using AJAX of course. Here's a nice jQuery drop down login that could be implemented in phpBB, for example.

Allow Users to Log in Via Facebook, Twitter or OpenID
This option is just becoming way too common these days for phpBB's core to continue to ignore it.
Has an irascible disposition.

User avatar
/a3
Registered User
Posts: 97
Joined: Mon Sep 20, 2010 6:44 am

Re: [RFC] Registration & Login Overhaul

Post by /a3 » Tue May 17, 2011 9:18 am

VSE+ wrote:•Combat Spam by Hiding a Text Field With JavaScript, Instead of Using CAPTCHA
Spambots can’t fill in the field because they can’t interact with objects in client-side JavaScript; only users can.
I don't agree. Not all clients use JavaScript, and I don't believe people should be expected to use JavaScript either.
VSE+ wrote:•Allow Users to Log in With Their Email Address
There's an option which when disabled, allows the same email address to be used for more than one username.
VSE+ wrote:•Log Users in Without Leaving the Page
Using AJAX of course. Here's a nice jQuery drop down login that could be implemented in phpBB, for example.
I don't see the point. But I guess I wouldn't be too upset, as long as there's a non-JS version as well.
VSE+ wrote:•Allow Users to Log in Via Facebook, Twitter or OpenID
This option is just becoming way too common these days for phpBB's core to continue to ignore it.
I mentioned this in another post of mine:
/a3 wrote:Including Facebook, OpenID etc. by default would create further privacy problems for end-users. I believe that phpBB should be able to function as a self-contained bulletin-board solution by default. 3rd-party dependencies should be added in modules.

As for hooks, I wouldn't have a problem with this.
$ git commit -m "YOLO"

User avatar
Sierron
Registered User
Posts: 62
Joined: Wed Aug 25, 2010 11:41 am
Contact:

Re: [RFC] Registration & Login Overhaul

Post by Sierron » Tue May 17, 2011 5:44 pm

I cannot agree more with /a3 post.

User avatar
VSE
Extension Customisations
Extension Customisations
Posts: 670
Joined: Mon Mar 08, 2010 9:18 am

Re: [RFC] Registration & Login Overhaul

Post by VSE » Tue May 17, 2011 10:45 pm

/a3 wrote:
VSE+ wrote:•Log Users in Without Leaving the Page
Using AJAX of course. Here's a nice jQuery drop down login that could be implemented in phpBB, for example.
I don't see the point.
Just to prevent three extra page loads just to get logged in. Plus, it simply puts on a more professional interface, not to mention makes it more current with what the rest of the web has already been doing for years now (phpBB is quite a bit old-fashioned in the so-called web 2.0 department). ;)
Has an irascible disposition.

T0ny
Registered User
Posts: 1
Joined: Wed May 18, 2011 2:27 pm

Re: [RFC] Registration & Login Overhaul

Post by T0ny » Wed May 18, 2011 2:32 pm

Combat Spam by Hiding a Text Field With JavaScript, Instead of Using CAPTCHA
Spambots can’t fill in the field because they can’t interact with objects in client-side JavaScript; only users can.
Spambots don't fill in fields, they simply send the required information to the server. It won't matter whether you have hidden the field using javascript, the bot will still send it, if it is required.

User avatar
AmigoJack
Registered User
Posts: 92
Joined: Wed May 04, 2011 7:47 pm
Location: グリーン ヒル ゾーン
Contact:

Re: [RFC] Registration & Login Overhaul

Post by AmigoJack » Fri May 20, 2011 3:36 pm

VSE+ wrote:Just to prevent three extra page loads just to get logged in
But AJAX also sends requests and receives responses - you're just hiding (not killing) the traffic. Most AJAX implementations I encountered have bad or no fallbacks at all - most of them expect to function properly - if internet is disconnected while performing AJAX you mostly end up with not being able to abort or reset anything. Reloading or bookmarking/linking a site which uses AJAX for i.e. browsing listings are a nightmare to me and I fail to understand who enjoys such downsides.

I can imagine that as a module quite well, so users who want to be 2.0ish can use it - and it would only kick in if JS is activated.

User avatar
VSE
Extension Customisations
Extension Customisations
Posts: 670
Joined: Mon Mar 08, 2010 9:18 am

Re: [RFC] Registration & Login Overhaul

Post by VSE » Wed May 25, 2011 9:20 pm

/a3 wrote:
VSE+ wrote:•Allow Users to Log in With Their Email Address
There's an option which when disabled, allows the same email address to be used for more than one username.
http://www.phpbb.com/customise/db/mod/p ... via_email/
Has an irascible disposition.

User avatar
sooskriszta
Registered User
Posts: 85
Joined: Wed Dec 29, 2010 7:23 pm

Re: [RFC] Registration & Login Overhaul

Post by sooskriszta » Thu Sep 29, 2011 7:59 pm

VSE+ wrote:Require Users to Type Their Password Only Once
Instead of forcing users to type a password twice, use javascript to allow the user the ability to unmask their password to check it. Stop password masking.
Image
+1
VSE+ wrote:Allow Users to Log in With Their Email Address
Image
+1
VSE+ wrote:Allow Users to Log in Via Facebook, Twitter or OpenID
This option is just becoming way too common these days for phpBB's core to continue to ignore it.
This an absolute must - while OpenID hasn't really caught on, Facebook and Google login integration are indispensable now. However, these should not be on by default...the admin should be able to check boxes to respectively switch these on.
OC2PS
Testfestés, Arcfestés, Csillámfestés

Alapanyagok, Képzések, Ismertetők
Hennafestés
GMAT coaching and MBA Admissions Consulting
formerly known as sooskriszta

User avatar
VSE
Extension Customisations
Extension Customisations
Posts: 670
Joined: Mon Mar 08, 2010 9:18 am

Re: [RFC] Registration & Login Overhaul

Post by VSE » Thu Sep 29, 2011 11:50 pm

/a3 wrote:I don't agree. Not all clients use JavaScript, and I don't believe people should be expected to use JavaScript either.
Too bad. ;) phpBB DOES expect you to use Javascript.

Don't believe me? Turn off javascript and head on in to the ACP, and try to view permission masks and/or edit permissions. Or try clicking on a BBcode button or a smiley. Or try creating a post with an attachment or a poll.

You can't do any of those things, as phpBB and its default style Prosilver require Javascript for certain interactions already.

Turning off Javascript is akin to using a monochrome monitor these days. It's possible, but nobody in their right mind is doing it. To turn off javascript is to cripple your browser and absolutely diminish what the web has to offer. The option to disable it is an archaic vestige left over in browser preferences from a time when Javascript was new, untrustworthy and often used for illicit purposes. Those who do turn it off, deserve to have a limited and difficult experience (kind of like those who continue to use IE6 :lol: )
Has an irascible disposition.

User avatar
sooskriszta
Registered User
Posts: 85
Joined: Wed Dec 29, 2010 7:23 pm

Re: [RFC] Registration & Login Overhaul

Post by sooskriszta » Fri Sep 30, 2011 1:31 am

VSE+ wrote:Those who do turn JS off, deserve to have a limited and difficult experience (kind of like those who continue to use IE6 )
+1
OC2PS
Testfestés, Arcfestés, Csillámfestés

Alapanyagok, Képzések, Ismertetők
Hennafestés
GMAT coaching and MBA Admissions Consulting
formerly known as sooskriszta

Post Reply