In-Portal Issue Tracker

Welcome to the In-Portal Open Source CMS Issue Tracker! This is a central management / tracking tool for all types of tasks / issues / bugs for the In-Portal Project. Before reporting any issues, please make sure to read the Guide into Issue Tracker and How to Properly Test and Report Bugs!

Dependency Graph

[ View Issue ] [ Relation Graph ] [ Horizontal ]

Viewing Issue Simple Details
ID	Category	Type	Reproducibility	Date Submitted	Last Update
0000949	[In-Portal CMS] Security	feature request	always	2010-12-13 11:14	2012-07-25 05:32

Reporter	Dmitry	View Status	public
Assigned To	alex
Priority	minor	Resolution	fixed
Status	closed

Summary	0000949: Change in user Email Validation process
Description	Often these days there is a need to make sure User Email is validated. Current functionally (5.1.1) doesn't fully answer all the requirements. Proposed solution is to ADD "EmailValidated" checkbox to user record (only admin can change it). On the Front-End that checkbox will be checked automatically, when user confirms it's email during registration or after the email change. Below is description of actions that will take place for each of User Registration methods (Instant, Pending, Email Activation). Otherwise, it will become confusing. New User Registration: - Instant Registration - additional text needed to be added to the Registration Email Event which will say please click here to validate your Email address (only in case if Email field was entered). - Pending - additional text needed to be added to the Pending Registration Email Event which will say please click here to validate (only in case if Email field was entered). - Email Activation - automatically should mark the Email as verified once account is activated (once properly activated). User Updated Email address: 1. Reset EmailValidated check-box 2. Send 2 emails: - to OLD email address - saying that an email on account has been changed - click here to UNDO the change if it's wasn't you. - to NEW email address - asking to click "here" to Verify the Email. However, NEW email will be UNDONE to old one if in case if User has clicked on UNDO the change + will be marked back as Verified. NOTES: a. Above functionality to be automatically activated if Email is present/entered b. None of this Email Verification should trigger ANY sort of Disabling / Activating the account. What we can do is to ask Users to verify their Email (if it has not been) once they logged on Front-End. c. In the future Admin will be able to filter our and PRUNE all old user with no email validated.
Additional Information	How to implement UNDO e-mail change ----------------------------------- 1. create PrevEmails column (text, empty serialized array by default) in PortalUser table; will be serialized array of all user's email change attempts in format: Array ( md5(emailchange_time1+user_id) => old_email1 md5(emailchange_time2+user_id) => old_email2 ) 2. when user's e-mail is changed, then we add one more record to array in PrevEmails column and send a link with that hash (array key) to a user as undo link 3. when user clicks an undo link we can search for given MD5 string in that field using LIKE clause; when found we revert e-mail change and delete that record from array Other stuff ----------- Other stuff is pretty obvious and we have done it on some other projects already. I'll just copy-paste from there. We also need to make sure, that user can't manually change EmailValidated column. Also I think, that column should be called EmailVerified, since we verify that user owns a e-mail he typed on form. Email is already valid, since matches user@domain.tld format.

Web Development by Intechnic

In-Portal Open Source CMS