Note: We are moving the topics of this forum and it will be deleted at some point
Publish your own request for comments/change or patches for the next version of phpBB. Discuss the contributions and proposals of others. Upcoming releases are 3.2/Rhea and 3.3.
I suggest we add a feature to allow new registered users to login even if they didn't verify their email but will have the same permission as a visitor and will get a notification box asking them to verify the account through the email, also give an option to resend email verification in case the user didnt notice they need to verify or if the email was blocked by filters or anti-spam programs...etc or in case they entered the email wrong so they can fix it and enter a correct one, like that you can avoid a lot of trouble to get in contact with admin.
here is an image from github.com that might explain more what i mean:
I just saw this topic (thanks to a link from the email verification after login RFC topic), so this might be old news, but I didn't see it mentioned.
Erik Frèrejean wrote:Why not simply login the user when he clicks the activation link?
That sounds like a disaster waiting to happen. Suppose I intercept your E-mail (E-mail isn't private by any means) and click your activation link. Then I'm logged in as you and can do anything that I want.
Pony99CA wrote:
Suppose I intercept your E-mail (E-mail isn't private by any means) and click your activation link. Then I'm logged in as you and can do anything that I want.
If you are able to intercept someone's email, you can simply request a password reset after the account is activated by its rightful owner.
I didnt notice this topic even after search and i made a new one but will just copy what i said to here
Atramez_Zeton wrote:Greetings,
I suggest we add a feature to allow new registered users to login even if they didn't verify their email but will have the same permission as a visitor and will get a notification box asking them to verify the account through the email, also give an option to resend email verification in case the user didnt notice they need to verify or if the email was blocked by filters or anti-spam programs...etc or in case they entered the email wrong so they can fix it and enter a correct one, like that you can avoid a lot of trouble to get in contact with admin.
here is an image from github.com that might explain more what i mean: