Only notify on confirmed registration Only notify on confirmed registration
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Only notify on confirmed registration

Started by meimeiriver, April 14, 2006, 02:56:27 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

meimeiriver

When a user registers, I would like to receive a notification ONLY when that user has actually activated his account. Now I get one too on every registration attempt. The text like: "A new user with the username "blabla" has registered in your gallery" is, IMHO, premature. That user may not receive his activation link, or may otherwise choose not to activate after all. As the admin, I really only like to get a notification of people who actually successfully went through the whole process.

Thank you for your consideration.

cgc0202

#1
I second this suggestion.  It will minimize the workload on the Administrator.

Aside from the reasons stated, the user might not have a valid email address (I have not tested yet whether the program has a way of rejecting invalid addresses or those attempting to use the same email address (when this feature is disallowed as indicated by the Admin in the "Configuration" panel.

I have a commercial calendar program that has option to require registration, I challenged this by registering an invalid email address, and it included the username in the database anyway.

cgc0202

N.B.

OK, I decided to do a preliminary test on this. 

First test:
I decided to register using a fictitious email address (xxx@yahoo.com) and did not provide anything except a username and fictirious email address.  The system responded that an email was sent to the Administrator for approval. 

"Thank you.

Your request for account activation was sent to the admin. You will receive an email if approved."

Several issues come up hear. 

What would be the basis for Admin to approve someone, (s)he does not know.  Since I did it, I knew that the email address was fictitious.  However, how would an Admin know a seeming real email address, e.g., johndoe@yahoo,com

In the Config, I required email validation.  The note sent to the registrant did not indicate such validation is required.

I suggest therefore that the sequence be reversed, if validation is required of the registrant.  After the registration was done, the registrant is informed on the screen that (s)he must respond to the automated email.  [This should not be told but should be obvious that this is to confirm that an email provided is valid.].  In the same screen note, it must state also once the registrant has responded to the auto-email, the registrants name will be sent to the Administrator for consideration.

Second test:
My config specified that no two usernames may use the same email address.  The CPG system was able to detect that another user was using the same email address. [I used the same fictitious email address.

The second scenario leads to other issues. 

Does the software have a mechanism to weed out in the database fictitious email addresses during registration?
Does it have a mechanism to weed out registered users who no longer have a correct email address?

cgc0202