[RFC] Usability: Login on registration / verification after registration

Note: We are moving the topics of this forum and it will be deleted at some point

Publish your own request for comments/change or patches for the next version of phpBB. Discuss the contributions and proposals of others. Upcoming releases are 3.2/Rhea and 3.3.
igorw
Registered User
Posts: 500
Joined: Thu Jan 04, 2007 11:47 pm

[RFC] Usability: Login on registration / verification after registration

Post by igorw » Mon Oct 10, 2011 9:35 pm

We can improve the usability of the registration process a lot by automatically logging the user in.

Why is this not done yet?

A user cannot login until he is activated. This is done to prevent spam as well as prove the authenticity of the users' email address.

How to address those issues

The idea is to automatically log the user in after registration, and also allow him to login without activation. However, until he activates his account he will not be able to perform any actions that a) result in public content b) involve his e-mail address.

He will not be able to:
  • Create topics, posts, PMs
  • Send emails through the board
  • <please suggest more>
In order to do this we need to add checks to those relevant parts of code, to make sure the user is activated.

Further implications

Unactivated users are now registered users. They can view anything a registered user can before activating. I do not see any issues with this.



Did I miss any things that must be denied? Are there any issues I did not address?

User avatar
Arty
Former Team Member
Posts: 985
Joined: Wed Mar 06, 2002 2:36 pm
Location: Mars
Contact:

Re: [RFC] Usability: Login on registration

Post by Arty » Mon Oct 10, 2011 9:57 pm

He will not be able to:
  • Alter any parts of profile
Otherwise birthday lists would be full of inactive users and their profiles would be full of spam links, hoping that some users checks their profile.

User avatar
DavidIQ
Customisations Team Leader
Customisations Team Leader
Posts: 1831
Joined: Thu Mar 02, 2006 4:29 pm
Location: Earth
Contact:

Re: [RFC] Usability: Login on registration

Post by DavidIQ » Mon Oct 10, 2011 10:02 pm

igorw wrote:
  • Send emails through the board
Might be obvious but I think they should not be able to see any of the communication links at all or make them unusable icons which would include IM links as well as the email link which could also reveal the user's email depending on board configuration.

Reply button(s) should be displayed but if they try to use them show a fail message.
Image

User avatar
A_Jelly_Doughnut
Registered User
Posts: 1780
Joined: Wed Jun 04, 2003 4:23 pm

Re: [RFC] Usability: Login on registration

Post by A_Jelly_Doughnut » Tue Oct 11, 2011 1:04 pm

Can the things listed be handled with permissions? That's the easiest implementation...

Inactive users group can:
Post via the moderator queue.
Not send email
Not send PMs
Not receive PMs
A_Jelly_Doughnut

User avatar
nickvergessen
Former Team Member
Posts: 733
Joined: Sun Oct 07, 2007 11:54 am
Location: Stuttgart, Germany
Contact:

Re: [RFC] Usability: Login on registration

Post by nickvergessen » Tue Oct 11, 2011 3:48 pm

WHen we implement this with a group, we should also implement a auto-group system (user groups depending on post-count)
Member of the Development-TeamNo Support via PM

User avatar
A_Jelly_Doughnut
Registered User
Posts: 1780
Joined: Wed Jun 04, 2003 4:23 pm

Re: [RFC] Usability: Login on registration

Post by A_Jelly_Doughnut » Wed Oct 12, 2011 12:11 am

Arty wrote:He will not be able to:
  • Alter any parts of profile
Otherwise birthday lists would be full of inactive users and their profiles would be full of spam links, hoping that some users checks their profile.
Inactive users are already hidden from the Birthday list. But implementing a permission "can alter profile" would be one way to make phpBB users who link their users information from another source happy.
A_Jelly_Doughnut

User avatar
DarkBeing
Registered User
Posts: 83
Joined: Sun Jul 19, 2009 2:32 pm
Location: Currently Estonia
Contact:

Re: [RFC] Usability: Login on registration

Post by DarkBeing » Wed Oct 12, 2011 10:38 am

igorw wrote:............

Further implications

Unactivated users are now registered users. They can view anything a registered user can before activating. I do not see any issues with this.

......
In general a nice idea. The only issue I see so far is, that on some boards I have come across, you are required to register and activate your account before you can see anything to prevent content leakage (I guess). If you register and can see everything, why bother to activate your account?
Thinking about it, why not skip the whole user activation in this case in general and simply create a "newbie" group with certain permission. Can do X till created X posts or whatever to become a "normal" member?

Also will this not create issues when you have a 18+ rated board and unactivated "users" can already view everything? I guess can be fixed eventually with permissions. But this brings me back to the question, then why have user activation at all?

igorw
Registered User
Posts: 500
Joined: Thu Jan 04, 2007 11:47 pm

Re: [RFC] Usability: Login on registration

Post by igorw » Wed Oct 12, 2011 11:05 am

DarkBeing, if we go with the "inactive users group" (an idea I really like so far) then the "seeing things you shouldn't" problem is non existent, given the change is sufficiently documented.

As to why we have user activation, the first post already gives a vague explanation: "This is done to prevent spam as well as prove the authenticity of the users' email address." While I don't know how relevant the spam argument is anymore (that's what CAPTCHAs are supposed to be for), the identity thing is still important. It comes down to this: we do not want users signing up with other people's e-mail address and those other people getting emails from the board as a consequence.

User avatar
naderman
Consultant
Posts: 1727
Joined: Sun Jan 11, 2004 2:11 am
Location: Karlsruhe, Germany
Contact:

Re: [RFC] Usability: Login on registration

Post by naderman » Wed Oct 12, 2011 12:34 pm

DarkBeing wrote:Also will this not create issues when you have a 18+ rated board and unactivated "users" can already view everything? I guess can be fixed eventually with permissions. But this brings me back to the question, then why have user activation at all?
I think you misunderstood, this is about email activation, where users activate themselves. I think in the case of admin activation we should not allow people to login at all until they are activated.

User avatar
A_Jelly_Doughnut
Registered User
Posts: 1780
Joined: Wed Jun 04, 2003 4:23 pm

Re: [RFC] Usability: Login on registration

Post by A_Jelly_Doughnut » Thu Oct 13, 2011 12:59 am

naderman wrote: I think you misunderstood, this is about email activation, where users activate themselves. I think in the case of admin activation we should not allow people to login at all until they are activated.
I'm not sure why they two modes should be different, especially if there are appropriate permissions to disallow the inactive users from really doing anything?
A_Jelly_Doughnut

Post Reply