Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
How to set the initial role of new users?
review
New
I've made a new role that requires approval on posts and I want new users to get assigned to this role automatically instead of or as well as "Member". How?
Or should I leave new users as Member and make a new role like "Proper member" that I upgrade people to after I decide to trust them?
0
Comments
You could create a New Member role select them as the default role after confirming email and then use the permissions to control what they can do such as post or view certain things.
Then after they passed the trustworthy test you can make each person Full members (Member role) with permissions to do what members can do normally.
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
I don't want to do the email confirmation. Just because it adds friction to the signup process.
Then you would be asking for trouble by spam bots and you would come back here crying about how your forum has been ruined with millions of spam bots posting spam and will want to know how to get rid of them.
WTF does that mean? it means Spam ME to the HILT if you want spam forget about legitimate users.
Confirm Email is essential in the process of authentication.
Good luck
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
suggest you upgrade to vanilla 2.2.1
Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.
I guess it would be easier to change the default member role so that it requires posting approval and to create a new member role for "trusted members".
That way of handling new users is only managable if you have a few users.
wouldn't his original idea be easier assigning two roles. although flawed from a logic standpoint.
but it would be a pain in the neck managing the approval of comments and would discourage a normal user from commenting if there was a time gap.
regarding the how?
new role: NewUser - only check the box for require approval (everything else is not checked for this role.
if the "NewUser" role were role id 11
then with vanilla 2.2.1
$Configuration['Garden']['Registration']['DefaultRoles'] = array('11'); // id# of the NewUser Role
then both roles are assigned.
if it is fixed in a future version....
$Configuration['Garden']['Registration']['DefaultRoles'] = would be both roles the regular member id and the NewUser roleid in the array.
regarding not requiring confirm email. if you have a good user question and some of the other spam prevention, it could be done.
Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.
I thought there was also the question "change original role and add a new role for confirmed members or use existing member role for final members and create a new intermediate role". I just wanted to say that I think that restricting the original role might be less work.
I agree that this is far from being elegant. But there are a lot "moderated" forums where postings need to be confirmed by a mod before they are published. I wouldn't go that way either, but it is not too unusual.
If New members only need to make a few moderated posts and are elevated to the more privileged role afterwards, the difference wouldn't hurt too much, I guess
Are you saying that email confirmation actually stops spammers? I don't expect it to make much difference because surely they can create a valid email address and acknowledge the confirmation just as easily as they can get past the captcha and signup form. They seem to have valid looking email addresses like zdzrgsdr@pubmail886.com which is a real domain.
The reason I chose Vanilla was because it was so clean and simple. I don't want to bog it down with more complications for users. My forum is small enough that I read every post and will easily be able to check every new user's first post for spam even if it grows a lot. As long as their first post shows they're a human and saying something related to the forum's topic then I'll approve them. The spam I'm seeing is very crude. It's just piles of links advertising scammy products. They're not making any effort to fool a moderator. If that does happen, I'll increase the level of protection some other way.
Version 2.2.1 having a setting for new user's roles sounds like the ideal solution.
River and RJ, why do you say this idea is "flawed from a logic viewpoint" and "far from being elegant"? Are there problems it could cause that I haven't thought of?
user question? You mean like a handwritten captcha that tests them a bit harder? It sounds great. I haven't seen an option for that though. Is it a plugin?
@review
Yes, see this:
https://vanillaforums.org/addon/addregistrationquestion-plugin
Most spam applications are bots.
They have valid looking email addresses which may even be real, but they never reply to the email confirmation, so can never join and spam the forum.
If you don't want email confirmation then I would think about also using something like https://vanillaforums.org/addon/registrationrestrictlogger-plugin
No problems, but while there is no way to prevent spam bots from registering in your forum, there are a thousand ways to prevent new users from registration.
My opinion is that it should be ridiculously easy to participate.
Your plan is an approach, where you stop users until you have manually checked them. What about times when you are not available? Sleeping, sick, on holidays, etc. At such times you will use new users.
The registration question is one way. I think there is another plugin which disallows links in the first post.
Links are what most spammers want to place in your forum. So what about an approach which combines roles for approved members and the right to post links?
Or user curated content: let your users mark posts as spam and if X users marked it that way, send it back to the to-be-moderated loop. Maybe even something like recommendations for role changes: if X users of role something recommend that a user should be "elevated" to their role, let it happen automatically.
Everything which works without your help and as fast as possible is to be preferred, if you ask me.
The things I was talking about wouldn't be possible without custom plugins, but I don't think they would be hard to write. I'm on vacation, only with my mobile, otherwise I would try my hands on some of the above
The user recommendation for trusted users is rubbish. Forget about it...
Totally Agree. Very simple. and with approval registration and no confirm e-mail it can work quite effectively.
rather than attempting to block web link, not worth the effort. Stop spam bots at registration.
Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.
I couldn't find this plugin - out of curiosity, where is it?
Seems as if I made a mistake. I could have sworn peregrine wrote such a plugin, but I cannot find it (searching is kind of tedious because the ownership of his plugins have been changed and not re-assigned to his re-incarnation).
But maybe it was only a code snippet or something someone has spoken about.
I think preventing roles from posting links would make more sense. Sometimes spammers register in this forum and spread quite a few postings with spam links
OK I'm using the addregistrationquestion plugin. Hopefully that'll help.
not as much as both the plugins suggested.
https://vanillaforums.org/discussion/comment/243129/#Comment_243129
recommend you use both plugins suggested.
Pragmatism is all I have to offer. Avoiding the sidelines and providing centerline pro-tips.
Lmao… if your forum is made up of 5 people then surely it does not matter…
If a person finds it too hard to register legitimately, then they must be in their 80's Because even my mother was able to register on websites.
If you don't understand how bots work or what massive spam attack means, just search this forum. People set their registration to approval and end up spammed with bots waiting for approval. Zombie applicants..
email confirm is the only way to know if the email is real. Because they have to click a link given by the forum to verify it is a real email. Most people can do that without issues. Only those who are bots or paid spammers would not verify their email. Verifying an email allows you to block that email address from registering.
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
He did and gave some to me and some to bleitvst to redistribute… he gave them away because he did not want to support them any longer. If he ever comes back, he can take them back if he wants to.
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
OK I'm using the addregistrationquestion plugin. Hopefully that'll help.