When a new user registers on the forums - it needs a bit stream lining in my opinion.
When admin approval is enabled and users fills the forum and presses "send" they should be taken to a page with a message "you will receive an email when your registration has been approved" instead of leaving all the info in the fields - it gives you the impression that "Oh, I pressed this button but why is all this still here? Did something go wrong" and gives the user chance the keep pressing the button again and again. It's confusing.
Add possibility to show user a message with instructions before registration - on the registration page / or even better: the ability to better customize more pages from the widgets instead of just "extend -> widgets -> global and groups/details.tpl. For example I would like to instruct the users what kind of names to use in the forums.
More/customizable fields in the registration form.
Require numbers in passwords, [x] Require LARGE letters in passwords, [x] Deny user from using his name or email as password, [x] Deny these common passwords -> customizable list.
Also password strength meter that is shown to the user at the registration form would be nice in my opinion.
Hello reader! Please add your own suggestions/support below. Let's try to get Nodebb's developer's attention together
I thought this happened, when you submit the form, it takes you to the home page, logged in, but unable to post until your account has been verified...
Being able to add individual routes to the widgets would be a nice touch, not sure how easy this would be in reality though. If we had some form of "Add New" route for widgets, it would either need to know all possible routes, or risk allowing someone to mistype the route and post here asking why it's not working.
There is a plugin for this if I'm not mistaken.
Within reason, NodeBB should have a minimum password complexity by default. Allowing an admin to remove this complexity doesn't shout security.
Would probably be slightly "cooler" to calculate how long it would take to hack the current typed password. (Not an exact science, you don't want to give away how many rounds you're using for your encryption etc)