Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Applicant Email Verification

2»

Comments

  • It's not that it turns itself off - on the settings page for new user verification, the checkbox that says "Activation by Email" is still checked. The problem, however, is that I need to approve new membership applicants, even though the member role and membership approval role are both set to "Member."

    I find out the extension is not working when I have to approve new applicants, even though it should automatically approve through email.
  • I think I may have found the issue - if somebody signs up for a new account, but doesn't click the link in the email to validate their account, then their names are added to the "membership approval" list. Is there any way to hide this from my login page? Also is there a way to delete the database entries after a certain amount of time for users who have not validated their accounts through e-mail?
  • cid499I think I may have found the issue - if somebody signs up for a new account, but doesn't click the link in the email to validate their account, then their names are added to the "membership approval" list. Is there any way to hide this from my login page? Also is there a way to delete the database entries after a certain amount of time for users who have not validated their accounts through e-mail?
    Oh yeah, I knew that it did that. Actually, it does that ALL the time. As soon as someone applies, their name is added to the "membership approval" list. It will stay there until the user clicks the link in their email, at which time their name disappears from the list automatically (and your notice will go as well). I bet most users were clicking the link right away, so you never noticed it before. For users that don't click it right away, I usually wait a day or so before I take any admin action. (And thus far, all my users have clicked the link themselves, eventually.)

    As for users never clicking the link... You can deny an application, right? That makes the notice go away, right? Another option, which is an easy but un-elegant workaround, would be to take away your own permission to approve applicants. You can always change it back, but in the meantime, you won't see any applicant notices.
  • Hi everybody,

    I've been using this add-on successfully for a time, but now I'd like to know if there is a simple, easy way to make users get automatically authenticated / logged in after they click on the activation link.

    Thanks!
  • I'm not sure that can be done, for security reasons. (they never actually entered their password when they clicked the link.) However, it could be modified to provide a link to the login page, and automatically fill the username box with their username.
  • Clicking the link assumes you are who you are because the link was delivered to you by email, which, by implication, only you have access to.

    Other forums use this method to verify identity, I have a feeling it can be done in Vanilla.
  • yes, but if you type your email in wrong ... (could possibly be someone else's email, or it could get sent to the catch all)
  • I can't remember the process off hand and I am not in a position to test it but I am sure the email link arrives with a long verification string which is matched to its mate stored in the database.

    If things don't match it won't let you in, surely.
  • no, but if when you're registering, and you accidentally mistype your email address, and that mistypen email address happens to belong to someone else.......the owner of the email address would have been given the ability to log in as the original person. This would be fine, unless every user must also be verified; in which case you will have verified that user, assuming (rightfully so) that the person using the log in name/pw was in fact the person who registered it. And if you happened to know the original person personally; then you may have given them a higher role. BIG SECURITY PROBLEM. If this idea is implemented; at least provide an admin option to disable it (preferably off by default)
  • If you type an email address while registering, either by accident or on purpose, it definitely tells you it already exists!

    I'm sure Mark has taken all this into account (pardon the unintentional pun), if it was a problem it would have surfaced by now.
  • okay; I don't think you quite got what I meant. I meant if you mistype your email address, and it happens to be someone else's email address. (not necessarily a user of the forum) That other person can follow the link to be validated *and* logged into the forum as whatever unsuspecting user mistyped their email.

    Also, vanilla allows 2 users per email address.

    On another note: I just signed up for zoho, and it required you to enter your password in the email validation step. (i get the email; i click the link; it says "enter your password;" i enter the password I just chose at registration; i'm validated)
  • Oh I see, then they will get the email but they won't know the password.

    Another case of not letting stupid people loose with a lethal weapon like a computer!
  • Exactly, so you enter your password (it knows your userid indirectly from the validation link), and you're validated and logged in at the same time.

    Perhaps you could also dump them off at their account page with a message such as "customize your account page so people know who you are."

    **or allow them to log in and customize their account page before they're validated
  • I notice in my testing that the applicant receives three emails telling them to click the link to be authorized. Is there anyway to just have one email sent?

    TIA
    Dan
  • Also noticed that it doesn't pull the support email address for the confirmation window that appears after a person submits his application. Something to do with lines 4 and 5 in the language.php file Sorry I am new to all this but I assume it is pulling this info from the support email supplied in the applications setting form. It is just printing a "." instead of the email address. Vanilla 1.1.5 and latest version of this plugin.

    This is the same problem dhdesign noted in post #3 above back in Mar. of 07.

    TIA
    Dan
  • Anyone?

    Dan
  • Does anyone know if there is a way that a user can request a resend of the activation message using this extension?

    Where the original message does get caught in a spam trap or for whatever reason it needs to be resent - ideally it would be requested by the user by entering their username (like password reset) and the email only being sent to non authenticated users.

    Would be interested to know if anyone has already implemented this in anyway.
  • Does it work on Vanilla 2?
  • lucluc ✭✭
    It was for v1.
Sign In or Register to comment.