More stringent registration process More stringent registration process
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

More stringent registration process

Started by cgc0202, December 21, 2007, 02:39:34 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

cgc0202

Since I started a more interactive CMS site for my websites, I had  a sudden deluge of registration requests in all my photogallery sites, including my personal website -- they are clogging my email accounts.

Right now, the CPG uses a simple registration using a minimum of username, password  and email address (with no automated email verification).  I request other information too, like general address (location), website, interests, etc.   but the CPG does not consider this before sending a request to the Admin email address.

First: I think many of the registrants are bots.  Is there a way to add more verification procedures like  registration challenges (write the digits, or fuzzy image, or some even use the ability of registrant to be able to do simple arithmetic), then check the email actually works.

Second: 
Many of the registrants are not really avid photographers nor interested with the general theme of the gallery.  They just want to post ads in the comments or worse post porn and ads in the photogallery itself.
This could be prevented if the required presentation of website like associated with a username the email address used in the account in the website as well as other information.

In the current CPG, any of the above information are not included in the email sent to the Admin for approval.  Thus, as Admin, I have to login to find out if the registrant provided the information I requested -- this adds more work to the Admin, especially in very busy sites.  An improvement would be for the "for approval email" to include the information requested (as specified in the Configuration).

I think there are security issues also that are related by the aforementioned that could be mitigated if some of the precautions suggested are addressed.

Cornelio


Nibbler

Verification of emails is an existing config option. Captcha for registration is available as a plugin.

cgc0202

Quote from: Nibbler on December 21, 2007, 02:41:54 AM
Verification of emails is an existing config option. Captcha for registration is available as a plugin.


Thanks Nibble for the information.  I think you were referring to the captcha here:

http://forum.coppermine-gallery.net/index.php?topic=29564.0

and discussed here too:

http://forum.coppermine-gallery.net/index.php?topic=36319.0

What I have in mind is on top of this too.  For the actual email sent to the Webmaster/Admin to include all the information provided by the registrant -- as as specificed and requested of the user, as spedified in the Configuration

Cornelio


Tad

I too am looking for a way to get more info from the registrant.  I have added the captcha mod and verify emails checked in config, but was hoping to find a way to have the ip address show up in my admin email of the registration process in case I choose to ban the spammer at a later date. Right now all I recieve is the username of the new registrant.  I have looked in mail.inc, register.php and admin.php, but I am no php guru so I'm not sure what I should be looking for to change or add to. Any help would be greatly appreciated.  I'll keep reading through posts in case I've missed something.