All about emails and how they're used in NodeBB
-
@julian when I change the email address of a user as admin, it shows in ACP that the email address is confirmed. However, when I searched the previous (deleted) email address, the forum still found the user, and the user could not use their old email address to create a new user account.
Some users want to change their email addresses but keep the second account (we allow a second account, since sometimes they need to ask private questions and do not want to be associated with their well-known account), is there any way to solve this?
-
@baris I thought so. User says he cannot register again since the forum tells him that this email address is already in use.
Additionally, when I check the old email address in ACP (Manage>Users), I can still see the username show up. Is this normal? Or is it because I can see the email address in the email change history on his profile?
I believe it should not matter which admin does the change, right? Because I did not use "admin" with user id 1 , I used my own account with admin privilege.
-
J julian referenced this topic on
-
J julian referenced this topic on
-
B baris referenced this topic on
-
B btc referenced this topic on
-
Hi guys, I want to create users with their email already confirmed on the forum when redirect from the website, without need to manually validate the email in the Admin Panel or send a confirmation email. Where can I manually set or modify this code?
Thanks guys!
-
Emails . It is Nodebb's 'Elephant in the room' if I can be permitted to say.
Problems include outward registration emails not sending, particularly to gmail accounts. (which I understand are more to do with the email servers than Nodebb)
But, the whole email registration and password reset method needs a rethink.
Ive heard from others its the number 1 reason why people start using Nodebb then dont continue. -
@eeeee said in All about emails and how they're used in NodeBB:
But, the whole email registration and password reset method needs a rethink.
Well, that's why emails are not mandatory anymore! Plus, I really hated the fact that anyone could register with anybody else's email.
I'll admit the email verification flow is janky, but it's the best we've got if you want to support some form of out-of-band password reset.
-
@Julien-Heng said in All about emails and how they're used in NodeBB:
Where can I manually set or modify this code?
It would have to be added in the session-sharing plugin. That plugin pre-dates this email rewrite, which is why I don't think it confirms emails.
-
I'll admit the email verification flow is janky, but it's the best we've got if you want to support some form of out-of-band password reset.
Ok, Ive given this password reset a lot of thought. I didn't know the term 'out-of-band' but this is an idea along lines of alternative method which doesnt rely on email
So background, lets say my forum
- Contains no sensitive information, so not a terrible issue if a password recovery was hacked. So an easy reset password reset method wouldnt be a risk
- it has infrequent posters. The amount of password reset requests was huge. People were re-registering
So solution could be Admins could allow users to opt into an easy click on picture reset (if they wanted the option)
Method, you can try this a maximum of say, once per month
Click your favourite:
Film: Comedy, Horror, Drama, Historical, Nature, Crime
Fruit: Apple, Banana, Pear, Orange, Coconut, Grape, Pineapple
Color: Red, Blue, Green, yellow, brown, Black, WhiteIf the correct choices are clicked then you can reset password there and then
Probability of random hack 1/7 ^ 3 so less than 0.3%Im sure there must be a name for this type of reset method, its a kind of variant of answering 3 memorable questions, but less to recall.
if the words are accompanied by pictures most people remember the 3 items they chose -
J julian forked this topic on
interesting...
