[Accepted] email change warning

[Parham]

Like the previous yabbs, when a valid email was required... I'd always put my real one in, then when all was set up, I'd replace it with a fake one just because I didn't like my email in there.

So I tried to do that when I registered here and I got a little shocking surprise .  My proposed change would be to make the "this must be a valid email" text a little more viewable, and possibly warn them of what might happen if the email is changed:

"This must be a valid email address, if changed, a new password will be sent."

something like that.

[David]

People shouldn't be putting in fake addresses, they can hide them if they wish.  It does seem like a warning that is easy enough to add though.

[Parham]

... for the dumbasses like me

[Jack.R.Abbit™]

isn't that "change email and get a new password" part something that the admin can select? so if they switch it off and the warning says "a new password will be sent" and it is not sent... now we have even more confusion.  I may have just complicated it a bit more but I think two warning ned to be in the lang file... one for each senario.

Am I being lame?

-Jack

[Parham]

if it's turned off though, nothing will be shown

[Jack.R.Abbit™]

you mean if that option is turned off, that little note is not shown.  It does not act that way currently.  I assume that is just a freindly note telling you that you really should use a valid email address.  Does it actaully get check to see if it is valid?  Surely all you can look for is the proper format ("[email protected]") but that does not make it "valid"

Perhaps the current message stays all the time.  If the email/pasword option is checked then it adds another line staing so.  Still requires a lang addition.

[Gobalopper]

There could be a table that did email verification. It could be used for registering new accounts or changing passwords. Basically whenever one of those events happen it gets written to that table and an email sent with the key for that event.
The user then has to click the link embedded in the email for the action to actuall occur.

I do something very similar already in YaBB 1.5.x when registering new accounts. Before someone is added to the member list they must respond to an email  by visiting an activation url.

[Overseer]

^ sounds like a very good idea to me.

[Parham]

this is how i do it (copy and paste from my site's code, it's a dirty copy/paste, so some code was rearranged).  Not all of it is mines either which is why you'll have to figure out some variables :

Code Select Expand


#
# Table structure for table `activation`
#

DROP TABLE IF EXISTS `activation`;
CREATE TABLE `activation` (
 `id` bigint(20) NOT NULL auto_increment,
 `activation_key` varchar(255) NOT NULL default '',
 `activation_activation` varchar(255) NOT NULL default '',
 PRIMARY KEY  (`id`)
) TYPE=MyISAM;


if the email is changed...

Code Select Expand


#generate the activation key
$activation_key = generate_activation();

#send an email off to the user to activate their account
if ($settings_need_activation == 1 and $forms_email != $data_email) {
 $result = mysql_query("UPDATE activation SET activation_key = '$activation_key',activation_activation = 'no' WHERE id = '$data_id'");
 $email_message = "Please go to:\nhttp://www.website.com/activate.php?forms_key=$activation_key\nto activate your account";
 send_email($forms_email,'DO NOT REPLY',"$settings_site_title Account Activation",$email_message);
}


Code Select Expand


function generate_activation() {

$length = 25;
mt_srand((double)microtime() * 1000000);

$activation = '';

for($i = 0; $i < $length; $i++) {
 $number = mt_rand(48, 122);
 if (($number > 96 && $num < 123 ) || ($number > 64 && $number < 91) || ($number > 47 && $number < 58)) {
   $activation .= chr($number);
 } else {
   $i--;
 }
}

return $activation;

}


activate.php is nothing more than:

Code Select Expand


$result = mysql_query("UPDATE activation SET activation_activation = 'yes' WHERE activation_key = '$forms_key'");