Forum OpenACS Q&A: Registering users with post-facto email address checks...?
about 4) allows user's to be registered immediately, or requires
users to have an email address checked. (https://openacs.org/doc/user-registration.html)
I prefer my user's to have valid email addresses, but I want to
reward them for taking the effort to register at all. Requiring the
email check breaks certain ACS/user behaviors, specifically, the
ability to start an activity, be asked to login and then be
automatically returned to the interrupted activity. Examining logs
show that often times, users start an activity, are forced to
register, and then abandon their initial activity. That's not good
for building users and traffic.
Has anyone implemented a process in which users are registered, and
accepted as "interim" users, and then at a later time are asked to
verify their email address or else be banned from the system? And
what does the OpenACS 4 user registration process look like?
GreenOrder, although not quite what you're talking about.
However, what you're talking about is pretty easy to do. You can
have a scheduled proc that checks for users who fit your "this
guy now needs to verify his email address" check (days since
registration, etc...), and updates the user_state to
needs_email_verification. OpenACS 3.2.5 will gracefully handle
this the next time the person logs in. The one thing I'm not *
certain* about is exactly what happens if the user is permanently
logged in... you might have to hack something there.
Just to clarify: the users start out in state authorized, your proc moves them from state authorized to state needs_email_verification and then OpenACS and their email verification move them back to state authorized?
some weird checks for pre-approved sets of email address
(government and such) and what type of user they are (supplier).
But what happened is that we had an open site with no email
verification for a few months. Then we added email verification,
and the way we did that is that we simply updated the state of all
existing users in the DB to need_email_verification.
Now, we had custom login scripts, so our scripts handled that
new state, but I am 99% sure that the generic OpenACS login
scripts would do the right thing, too.
an automatic welcome email with a coded url requesting them to click on the link that flags the db that the email is valid.
If they don't do this in x days. the account automatically
This way, the user can stay logged on and still have
their account deleted if the email isn't confirmed
We may implement something like this soon.
And that should work, although intriguingly, uh bugifyingly, when I scan the users table on one of the systems I admin, I can see that there are users in state authorized that have a null email_verified_date. This suggests to me a bug somewhere within the OpenACS 3.2.5 registration system -- this system has always insisted users verify their email address.
So if the user hasn't replied to the verification email in X days send a polite reminder that if they don't respond to this one their account will be moved to "require verification" or removed.
A simple popup reminder to check their email each time they start a new session until verification occurs may be effective also.