Disallow changing of real email address by users.

Posted: Sun Jun 08, 2008 12:03 pm

I tried the changes to disallow free email users to register, but we get a lot of kids who don't have access to the ISP account to set up their own email account. This is causing many to just forget about registering on our site. Therefore, I would like to allow them to register using free email address, but not allow them to change it later without admin intervention. I have been unable to find a hack which will require re-authentication in order to change the email address. If someone knows of one that is compatible with RN220 I would appreciated the info, thanks.

I found the code which displays the email address when someone tries to edit his user information. Your Account index.php on or about lines 1295-1310

Code:

            .'<tr><td bgcolor="'.$bgcolor2.'"><b>'._UREALEMAIL.':</b><br />'._REQUIRED.'</td>'


            .'<td bgcolor="'.$bgcolor3.'"><input type="text" name="user_email" value="'.$userinfo['user_email'].'" size="50" maxlength="255" /><br />'._EMAILNOTPUBLIC.'</td></tr>'

Commenting out these lines will not allow them to change their email address, but will it cause any other problems, I have not forseen? Any insights would be greatly appreciated.

Posted: Sun Jun 08, 2008 12:16 pm

Hmm, this will allow them to change it via the forums profile, but not through Your Account. More work ahead.

Posted: Sun Jun 08, 2008 1:43 pm

If they try to change it through the forum profile, they have to revalidate it or their account gets set to inactive.

registered · Posted: Sun Jun 08, 2008 2:44 pm

... if the Forums Configuration has "User Activation" turned on

Posted: Sun Jun 08, 2008 2:49 pm

So let me get this straight, if users cannot see the email field in Your account, and user activation is on in forums config, then users will not be able to change their email address without re-authenticating?

Posted: Tue Jun 10, 2008 7:01 pm

Hiding the form field is not the ideal solution as you can still inject it, you would have to adjust the sql UPDATE statement to prevent it updating that field but for your average user, what you have should be ok and yes, if user activation is turned on in the forum preferences it will require the user to revalidate any email change.

Or you could just wait until RN2.3 when hopefully we'll have this and a raft of other user account gadgets to play with Smile

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

Quote:

...and a raft of other user account gadgets to play with...

...that need to be tested.

Posted: Wed Jun 11, 2008 10:41 am

Well, I figured that my solution could be circumvented by someone who knew what they were doing, but we wanted to do something.

Posted: Sun Oct 05, 2008 4:18 pm

Whoa, I found that ,by hiding the email address field, I was causing the problem I wanted to stop. Every time someone changed anything else, or even just clicked to save button, their email address was getting deleted. I was able to prevent users from changing their email address from the Your Account module by making the Email address field 'readonly'. Users can still edit their email address in their forums/profile, and this will deactivate their account requiring them to re-authenticate using their new email address.

Thanks for your help.

Posted: Mon Oct 06, 2008 7:45 pm

GRR, now we are having a different problem. Everything appears to be working fine, except now if someone changes their email address their account is made inactive. This is fine and just what we want, as we want users to keep an active, current email address in their profile.

However, now when they click the link in the re-activation email, instead of getting the "your account has been activated' message, they only see the parts of the webpage for anonymous users - and, their accounts do not get reactivated.

I have tested this to make sure, and yes sir, this is exactly what is happening. Copy and paste instead of clicking the link does not work, either.

Here is a copy on one ot the activation links users are receiving. I copied this from the reactivation email of a test user I made.

Quote:

http://clanfga.com/modules.php?name=Forums&file=profile&mode=activate&u=334&act_key=d04288

[/url][/quote]

Worker Joined: Aug 26, 2007 Posts: 236

You can activate the user again with phpMyAdmin and the nuke_users table. It is just to change user_active 0 to 1. I think you can also activate the user through Forum Admin. Approx 5 % of my users gets inactive upon registering on my site. I think you get inactive then when you state that you are under 13 years old.

Posted: Tue Oct 07, 2008 12:04 am

The key parameter is too short. Are you sure the rest of it is not wrapping onto a new line in the email client?

Posted: Tue Oct 07, 2008 10:50 am

Guardian2003, the key is problem, but why would it be getting cut short? Yes I am sure it is not wrapping to a new line. Six users have forwarded the activation email to me, and I also tested this myself. This feature was working a few days ago.

Is this handled through Your Account? I uploaded a fresh copy of YA index.php and only made changes to 'read-only' the email field, and the signature field.

I will try uploading the whole module and test it again, before making any changes.

Posted: Tue Oct 07, 2008 11:06 am

Yes it is handled by YA but as I mentioned in a previous post, we are extremely close to releasing RN 2.3 so please don't sweat over this too much.

Posted: Tue Oct 07, 2008 11:13 am

OK, thanks. I tried re-uploading the entire YA module and it still sends out bad emails. Sad

I