FUDforum: Bug Reports » Handling of confirmation expiry in 2.6.2

Home » FUDforum Development » Bug Reports » Handling of confirmation expiry in 2.6.2

Show: Today's Messages :: Polls :: Message Navigator

Handling of confirmation expiry in 2.6.2 [message #17945]

Tue, 27 April 2004 12:44

wfjmueller

Messages: 95
Registered: December 2003
Location: Darmstadt, Germany

Karma: 0

Member

In a 2.6.2 installation we observed some problems with users who registered but, for whatever reason, failed to complete the email confirmation procedure. Such a user

is listed in the member listing, and it is not indicated, that confirmation is still pending.
so a group manager can add such a user to a group, without getting any indication or warning
so an administrator can add such a user to the moderator list of a forum.

When the confirmation timeout expires (in our setup in 7 days), the member is removed from the member table. However, the tables reflecting the groups and moderator associations are not cleaned up automatically. The effect is, that

one sees in group listings lines with a blank member name
one gets a home page, where a link of a listed moderator gives an 'invalid user' error.

The both effects disappear after a run of the consistency checker.

However, it be best if these situations could not arise in the first place. It might be best if unconfirmed members

were somehow flagged in the member listing
could not be included in groups
could not be named as moderators

Report message to a moderator

Re: Handling of confirmation expiry in 2.6.2 [message #17947 is a reply to message #17945]

Tue, 27 April 2004 14:00

Ilia

Messages: 13241
Registered: January 2002

Karma: 0

Senior Member
Administrator
Core Developer

Quote:

is listed in the member listing, and it is not indicated, that confirmation is still pending.
so a group manager can add such a user to a group, without getting any indication or warning
so an administrator can add such a user to the moderator list of a forum.

This is not a bug, but rather intended behavior.

Quote:

one sees in group listings lines with a blank member name
one gets a home page, where a link of a listed moderator gives an 'invalid user' error.

This was a bug that is now fixed.

FUDforum Core Developer

Report message to a moderator

Re: Handling of confirmation expiry in 2.6.2 [message #17952 is a reply to message #17947]

Tue, 27 April 2004 15:04

wfjmueller

Messages: 95
Registered: December 2003
Location: Darmstadt, Germany

Karma: 0

Member

Ilia wrote on Tue, 27 April 2004 16:00

Quote:

is listed in the member listing, and it is not indicated, that confirmation is still pending.
so a group manager can add such a user to a group, without getting any indication or warning
so an administrator can add such a user to the moderator list of a forum.

This is not a bug, but rather intended behavior.

o.k., I can see arguments for considering points 2. and 3. a feature. But maybe the admin or group manager might want to decide him- or herself on whether to do this for an unconfirmed user. So I wonder what the reason is to conceal the confirmation status, or from the other viewpoint, what is the risk of disclosing this. If point 1 would be fixed, and this is probably quite straightforward, the admin is warned and can choose what to do for such users.

Report message to a moderator

Feature request: warning about unconfirmed users [message #17953 is a reply to message #17945]

Tue, 27 April 2004 15:12

christo

Messages: 25
Registered: February 2004

Karma: 0

Junior Member

Hi Ilia,

I accept that granting privileges to unconfirmed users might be a desired feature.

But it would be great if admins/group managers get a warning when they try to grant such privileges or when a privileged unconfirmed user gets removed without a trace (or both).

Example of surprise:

User registers but does not confirm.
User becomes member of Group and obtains moderation privileges
User gets purged
User registers again with the same registration data

Luckily the database inconsistencies gave us a clue ...

But if this is fixed now, from the admin point of view, the user has mysteriously lost his privileges.
Even worse: If he again does not confirm, you enter an infinite loop ...

See my point?

Regards,
Christopher

Christopher Huhn, GSI Darmstadt, Germany

Report message to a moderator

Re: Handling of confirmation expiry in 2.6.2 [message #17954 is a reply to message #17952]

Tue, 27 April 2004 15:15

Ilia

Messages: 13241
Registered: January 2002

Karma: 0

Senior Member
Administrator
Core Developer

Having the admin assign privileged access to the user and not being aware of the user's status seems highly unlikely to me. It would imply that the admin maybe a tad careless, normally moderation permissions are assigned to established members who's accounts are not in question. More over an admin can always confirm the user manually via the user manager control panel.

As far as displaying this information on the member listing, this is something I'll need to consider.

FUDforum Core Developer

Report message to a moderator

Re: Feature request: warning about unconfirmed users [message #17956 is a reply to message #17953]

Tue, 27 April 2004 15:31

Ilia

Messages: 13241
Registered: January 2002

Karma: 0

Senior Member
Administrator
Core Developer

In reply to christo:

Here is my thinking on the matter. In order to gain elevated permissions or access to limited access resources (forums) the user normally needs to query the administration staff of the forum. To do so they need to either send a private message or post a regular message on the forum. Neither of these abilities are available in the even the user's account is not confirmed, which means the user cannot make such a request until they've confirmed their account.

The problemtic situation you've described was mostly the result of the bug wfjmueller had discovered and that I have fixed today. Future releases should not have left over pointers to users removed due to lack of account confirmation.

FUDforum Core Developer

Report message to a moderator

Re: Feature request: warning about unconfirmed users [message #17957 is a reply to message #17956]

Tue, 27 April 2004 15:43

wfjmueller

Messages: 95
Registered: December 2003
Location: Darmstadt, Germany

Karma: 0

Member

Ilia wrote on Tue, 27 April 2004 17:31

You describe the probably typical forum situation. The problems I described arose out of a different situation:

We are switching from mailing lists to forums. So I send an email on a mailing list, announcing the forum. Since I knew the persons, I gave them roles and permissions as soon as they registered. In the end, it turned out that in some cases the confirmation wasn't done, which produced the described state. And from this situation you'll also see, that having a 'confirmation pending' indicator in the member list can be helpful to the admin or group manager.

Report message to a moderator

Re: Feature request: warning about unconfirmed users [message #17959 is a reply to message #17957]

Tue, 27 April 2004 16:28

Ilia

Messages: 13241
Registered: January 2002

Karma: 0

Senior Member
Administrator
Core Developer

Added in CVS.

FUDforum Core Developer

Report message to a moderator

Previous Topic:	subscribing to forums/topics
Next Topic:	2.6.3RC2: Time zone settings.

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sat Nov 09 00:30:59 GMT 2024

Total time taken to generate the page: 0.02578 seconds