|
|
| Re: Feature request: warning about unconfirmed users |
Tue, 27 April 2004 11:43 |
|
|
| Ilia wrote on Tue, 27 April 2004 17:31 |
In reply to christo:
Here is my thinking on the matter. In order to gain elevated permissions or access to limited access resources (forums) the user normally needs to query the administration staff of the forum. To do so they need to either send a private message or post a regular message on the forum. Neither of these abilities are available in the even the user's account is not confirmed, which means the user cannot make such a request until they've confirmed their account.
|
You describe the probably typical forum situation. The problems I described arose out of a different situation:
We are switching from mailing lists to forums. So I send an email on a mailing list, announcing the forum. Since I knew the persons, I gave them roles and permissions as soon as they registered. In the end, it turned out that in some cases the confirmation wasn't done, which produced the described state. And from this situation you'll also see, that having a 'confirmation pending' indicator in the member list can be helpful to the admin or group manager.
|
|
| Re: Feature request: warning about unconfirmed users |
Tue, 27 April 2004 11:31 |
|
|
In reply to christo:
Here is my thinking on the matter. In order to gain elevated permissions or access to limited access resources (forums) the user normally needs to query the administration staff of the forum. To do so they need to either send a private message or post a regular message on the forum. Neither of these abilities are available in the even the user's account is not confirmed, which means the user cannot make such a request until they've confirmed their account.
The problemtic situation you've described was mostly the result of the bug wfjmueller had discovered and that I have fixed today. Future releases should not have left over pointers to users removed due to lack of account confirmation.
|
|
| Re: Handling of confirmation expiry in 2.6.2 |
Tue, 27 April 2004 11:15 |
|
|
Having the admin assign privileged access to the user and not being aware of the user's status seems highly unlikely to me. It would imply that the admin maybe a tad careless, normally moderation permissions are assigned to established members who's accounts are not in question. More over an admin can always confirm the user manually via the user manager control panel.
As far as displaying this information on the member listing, this is something I'll need to consider.
|
|
| Feature request: warning about unconfirmed users |
Tue, 27 April 2004 11:12 |
|
|
Hi Ilia,
I accept that granting privileges to unconfirmed users might be a desired feature.
But it would be great if admins/group managers get a warning when they try to grant such privileges or when a privileged unconfirmed user gets removed without a trace (or both).
Example of surprise:
- User registers but does not confirm.
- User becomes member of Group and obtains moderation privileges
- User gets purged
- User registers again with the same registration data
Luckily the database inconsistencies gave us a clue ...
But if this is fixed now, from the admin point of view, the user has mysteriously lost his privileges.
Even worse: If he again does not confirm, you enter an infinite loop ...
See my point?
Regards,
Christopher
|
|
| Re: Handling of confirmation expiry in 2.6.2 |
Tue, 27 April 2004 11:04 |
|
|
| Ilia wrote on Tue, 27 April 2004 16:00 |
| Quote: |
- is listed in the member listing, and it is not indicated, that confirmation is still pending.
- so a group manager can add such a user to a group, without getting any indication or warning
- so an administrator can add such a user to the moderator list of a forum.
|
This is not a bug, but rather intended behavior.
|
o.k., I can see arguments for considering points 2. and 3. a feature. But maybe the admin or group manager might want to decide him- or herself on whether to do this for an unconfirmed user. So I wonder what the reason is to conceal the confirmation status, or from the other viewpoint, what is the risk of disclosing this. If point 1 would be fixed, and this is probably quite straightforward, the admin is warned and can choose what to do for such users.
|
|
| Re: Handling of confirmation expiry in 2.6.2 |
Tue, 27 April 2004 10:00 |
|
|
| Quote: |
- is listed in the member listing, and it is not indicated, that confirmation is still pending.
- so a group manager can add such a user to a group, without getting any indication or warning
- so an administrator can add such a user to the moderator list of a forum.
|
This is not a bug, but rather intended behavior.
| Quote: |
- one sees in group listings lines with a blank member name
- one gets a home page, where a link of a listed moderator gives an 'invalid user' error.
|
This was a bug that is now fixed.
|
|
| Handling of confirmation expiry in 2.6.2 |
Tue, 27 April 2004 08:44 |
|
|
In a 2.6.2 installation we observed some problems with users who registered but, for whatever reason, failed to complete the email confirmation procedure. Such a user
- is listed in the member listing, and it is not indicated, that confirmation is still pending.
- so a group manager can add such a user to a group, without getting any indication or warning
- so an administrator can add such a user to the moderator list of a forum.
When the confirmation timeout expires (in our setup in 7 days), the member is removed from the member table. However, the tables reflecting the groups and moderator associations are not cleaned up automatically. The effect is, that
- one sees in group listings lines with a blank member name
- one gets a home page, where a link of a listed moderator gives an 'invalid user' error.
The both effects disappear after a run of the consistency checker.
However, it be best if these situations could not arise in the first place. It might be best if unconfirmed members
- were somehow flagged in the member listing
- could not be included in groups
- could not be named as moderators
|
|
Calendar
Search
Help
Members
Control Panel
Logout [ CommonCrawl [Bot] ]
Home