Referencing this: https://www.phpbb.com/community/viewtop ... &t=2347666
and this: https://www.phpbb.com/community/viewtop ... &t=2342646
Back in 1999 it might have made sense to allow reuse of emails, since one household might have had a single email address (provided by their ISP) that everyone shared. In 2015, it makes no sense and has become a bit of a weak spot with phpBB in terms of the side effects it causes -- see the two threads I referenced above, as examples.
Every single user account based system today of any meaningful purpose has a user-centric design when it comes to facilitating a user's access to their account in the event that the user name is forgotten. Many simply say "log in with your email address or your username", and those that require a user name always have a very clear "I forgot my user name" link.
phpBB has neither, and the users are left searching for a contact link for the board administrator and hoping that they get a response to their request. So far, it seems as though the response from the phpBB core development team has been along the lines of "sorry we can't do that due to security concerns". If that is not accurate, I'm happy to be corrected.
Can we please get the right attention on this and give it some fresh thought? I love phpBB but this is an example of where it is really looking bad when compared to other modern systems. Please deprecate the "reuse of emails" option and let's fix this.
Log in with email, or 'forgot user name' - reuse of emails dilemma
Forum rules
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.3.x. If you need support for phpBB 3.3.x please visit the 3.3.x Support Forum on phpbb.com.
If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.3.x. If you need support for phpBB 3.3.x please visit the 3.3.x Support Forum on phpbb.com.
If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
-
- Registered User
- Posts: 4
- Joined: Mon Jun 08, 2015 2:50 pm
- DavidIQ
- Customisations Team Leader
- Posts: 1904
- Joined: Thu Mar 02, 2006 4:29 pm
- Location: Earth
- Contact:
Re: Log in with email, or 'forgot user name' - reuse of emails dilemma
A quick search has yielded a few discussions on this already with only one having been rejected, for obvious reasons. There being an option to re-use emails is NOT the reason there isn't a "forgot username" option. As it happens around here a lot, someone came, created a topic to spit out an idea, then took off without seeing it through at all. You should probably create a ticket in our tracker so that a developer will take a look at some point and eventually implement a solution for having a "forgot username" feature.
Re: Log in with email, or 'forgot user name' - reuse of emails dilemma
Sort of murky on this one. If a user forgets a username but the forum has re-use emails active won't that require that the email contain multiple user names for that one email address? Then knowing all the user names, as well as the email address, a user could request a new password for each of those accounts and then set the password for those accounts when they may not actually be the user.
Not sure how this implementation would work.
Not sure how this implementation would work.
Do not hire Christian Bullock he won't finish the job and will keep your money
- DavidIQ
- Customisations Team Leader
- Posts: 1904
- Joined: Thu Mar 02, 2006 4:29 pm
- Location: Earth
- Contact:
Re: Log in with email, or 'forgot user name' - reuse of emails dilemma
In such a case the user could be directed to the "Contact Us" form with an explanation of why they need to contact the administrator.
Re: Log in with email, or 'forgot user name' - reuse of emails dilemma
Still don't see how that would work David. So an admin gets a notification stating the user forgot their username and provides their email address. The admin then goes and searches on the email address and multiple accounts are returned. How is the admin to know which username the OP is asking for?
I think the easiest solution is to remove the ability to have the re-use of email accounts but can see how that would cause issues as well. As they say across the pond, "it's a sticky wicket" or something like that.
I think the easiest solution is to remove the ability to have the re-use of email accounts but can see how that would cause issues as well. As they say across the pond, "it's a sticky wicket" or something like that.
Do not hire Christian Bullock he won't finish the job and will keep your money
- DavidIQ
- Customisations Team Leader
- Posts: 1904
- Joined: Thu Mar 02, 2006 4:29 pm
- Location: Earth
- Contact:
Re: Log in with email, or 'forgot user name' - reuse of emails dilemma
The admin would have to make the decision in that case. I don't see why we need to be looking at every single edge case though. We can just do a blanket feature that will cover probably 95% of the users and let the admin decide for the 5% that has created multiple accounts for the same email address for whatever reason. Not everything has to be automated.
Re: Log in with email, or 'forgot user name' - reuse of emails dilemma
You would probably be flogged for that comment over at .com
Users tend to want everything automated putting as little effort into running a forum as possible. But you knew that already I'm sure.
Do not hire Christian Bullock he won't finish the job and will keep your money
Re: Log in with email, or 'forgot user name' - reuse of emails dilemma
And the "automated setting" at the start of a vanila board is not to allow the multi-user-mail-adresses (afair) - if you set this option to true, you should be able to handle this extra 5% of work.
Re: Log in with email, or 'forgot user name' - reuse of emails dilemma
This is becoming a major headache (PITA) for us, so far today six emails from users who have forgotten their username and/or password. We do not allow email re-use, so finding, resetting accounts & notifying is a manual operation. I am more than happy to offer a $250 bounty on this to get the ball rolling.