Applicant Email Verification

This discussion is related to the Applicant Email Verification addon.

Applicant Email Verification

TomTester

FYI current upload (March 5, 2007) shows:

Extension Name: Applicant Email Verification
Extension Url: http://getvanilla.com/
Description: Add a verification of the email to registration.
Version: 0.4.0
Author: Dinoboff
Author Url: dinoboff at hotmail dot com

Changelog:
* Version 0.4.1
* Fix a bug in the default role display on the registration page (Thanks to Alnokta for finding the bug)

Vanilla 1.1 Updater hence does not recognize that update has been installed.
Fix:

Change default.php to read

Extension Name: Applicant Email Verification
Extension Url: http://getvanilla.com/
Description: Add a verification of the email to registration.
Version: 0.4.1
Author: Dinoboff
Author Url: dinoboff at hotmail dot com

Changelog:
* Version 0.4.1
* Fix a bug in the default role display on the registration page (Thanks to Alnokta for finding the bug)

dhdesign

Whenever someone applies, the resulting screen that comes up is not displaying the support email address - that area is blank.

I've checked the language part of this extension, and the lines are as follows:

$Context->Dictionary['EmailVerification_ForMembership'] = 'You should soon receive an email from
'.$Context->Configuration['SUPPORT_EMAIL'].'. Follow the instructions it describes to activate your membership.
If you cannot find this email in your mailbox, check your "junk mail" or "spam trap" folder.';

$Context->Dictionary['EmailVerification_ForApplicationReview'] = 'You should soon receive an email from
'.GetEmail($Context->Configuration['SUPPORT_EMAIL']).'. Please follow the instructions it describes to validate your
email address. If you cannot find this email in your mailbox, check your "junk mail" or "spam trap" folder).<br />
Once your email address has been verified, your membership application will be reviewed by an administrator. If your
application is accepted, you will be contacted via email.';

Any ideas on why the support email address isn't being pulled in and displayed on the page?

Lussumo Bot

Uploaded version 0.4.2 of Applicant Email Verification.

Lussumo Bot

Uploaded version 0.4.2.a of Applicant Email Verification.

Lussumo Bot

Uploaded version 0.4.2.a of Applicant Email Verification.

andersja

Does this extension work on Vanilla 1.1.1?

Dinoboff

it should work on 1.1.1 (It is working on 1.1.2 as well without the patch). However it won't show on the Membership Applicants page if an applicant has got is email verified or not.

sa_lrc

Having trouble getting the patch the work for 1.1.2. The legend is showing up on the side panel but no X or check next to applicant's name. By "edit "/themes/settings_applicants_form.php" line 37" to "$this->DelegateParameters['Applicant'] = &$Applicant;" do you mean add the line at 37? Like the following: $this->DelegateParameters['ApplicantList'] = &$ApplicantList; $this->DelegateParameters['Applicant'] = &$Applicant; // added $this->CallDelegate('PostEmailAddress'); Also, I am getting a CSS error on the stylesheet. It ends with: "#frmApplicants ."

Dinoboff

Yep, it should look like that. I will look at the css error

Lussumo Bot

Uploaded version 0.4.2.b of Applicant Email Verification.

Dinoboff

I just fixed the 2 problems.

ithcy

does the applicant still need to be approved by a privileged user after successful email verification?

Minisweeper

I think you can change that in the settings cant you?

Dinoboff

yep mini,
Depends which default role you pick for the new members: applicant, they still need approval, member and they doesn't.

ithcy

thanks both.

cid499

Hmm... with Vanilla 1.1.4, it seems that every once in awhile, I still have to "approve applicants" even though I have the new user role set to "member". Turning the extension off and then on again fixes the problem, but its a little annoying. Any ideas??

Wanderer

The cookie expires too quickly?

cid499

Having little experience in dealing with cookies, the cookie response puzzles me... can you explain further please?

Wanderer

I'm only guessing but if the setting uses a cookie to remember between sessions, the cookie might be set to expire in say 3 days, after which it zaps itself. Turning the extension off and then on again fixes the problem because it sets a new cookie.

Like the "remember me" option when logging in, at least once a month this cookie resets itself.

Cookies that are set to be permanent have an expiration date of say 2099!

Posted: Friday, 15 February 2008 at 6:05AM

timfire

It shouldn't be a cookie problem. There should be a number of entries in conf/settings.php that control the extension. The relevant one here, I'm guessing, would be $Configuration['APPLICANT_EMAIL_VERIFICATION_ON'].

cid499, you've confirmed that the extension works some of the time? Just to clarify, it works for a period and then "turns itself off"? I would guess something is effecting conf/settings.php... or less likely, conf/extensions.php. Next time it happens, check to see if the above setting is still set to '1'. Also try and note if any significant events, like changing some extension settings or running specific functions, occurred prior to the bug.

cid499

It's not that it turns itself off - on the settings page for new user verification, the checkbox that says "Activation by Email" is still checked. The problem, however, is that I need to approve new membership applicants, even though the member role and membership approval role are both set to "Member."

I find out the extension is not working when I have to approve new applicants, even though it should automatically approve through email.

cid499

I think I may have found the issue - if somebody signs up for a new account, but doesn't click the link in the email to validate their account, then their names are added to the "membership approval" list. Is there any way to hide this from my login page? Also is there a way to delete the database entries after a certain amount of time for users who have not validated their accounts through e-mail?

timfire

cid499I think I may have found the issue - if somebody signs up for a new account, but doesn't click the link in the email to validate their account, then their names are added to the "membership approval" list. Is there any way to hide this from my login page? Also is there a way to delete the database entries after a certain amount of time for users who have not validated their accounts through e-mail?

Oh yeah, I knew that it did that. Actually, it does that ALL the time. As soon as someone applies, their name is added to the "membership approval" list. It will stay there until the user clicks the link in their email, at which time their name disappears from the list automatically (and your notice will go as well). I bet most users were clicking the link right away, so you never noticed it before. For users that don't click it right away, I usually wait a day or so before I take any admin action. (And thus far, all my users have clicked the link themselves, eventually.)

As for users never clicking the link... You can deny an application, right? That makes the notice go away, right? Another option, which is an easy but un-elegant workaround, would be to take away your own permission to approve applicants. You can always change it back, but in the meantime, you won't see any applicant notices.

Pere

Hi everybody,

I've been using this add-on successfully for a time, but now I'd like to know if there is a simple, easy way to make users get automatically authenticated / logged in after they click on the activation link.

Thanks!

fysicsluvr

I'm not sure that can be done, for security reasons. (they never actually entered their password when they clicked the link.) However, it could be modified to provide a link to the login page, and automatically fill the username box with their username.

Wanderer

Clicking the link assumes you are who you are because the link was delivered to you by email, which, by implication, only you have access to.

Other forums use this method to verify identity, I have a feeling it can be done in Vanilla.

fysicsluvr

yes, but if you type your email in wrong ... (could possibly be someone else's email, or it could get sent to the catch all)

Wanderer

I can't remember the process off hand and I am not in a position to test it but I am sure the email link arrives with a long verification string which is matched to its mate stored in the database.

If things don't match it won't let you in, surely.

fysicsluvr

no, but if when you're registering, and you accidentally mistype your email address, and that mistypen email address happens to belong to someone else.......the owner of the email address would have been given the ability to log in as the original person. This would be fine, unless every user must also be verified; in which case you will have verified that user, assuming (rightfully so) that the person using the log in name/pw was in fact the person who registered it. And if you happened to know the original person personally; then you may have given them a higher role. BIG SECURITY PROBLEM. If this idea is implemented; at least provide an admin option to disable it (preferably off by default)

Wanderer

If you type an email address while registering, either by accident or on purpose, it definitely tells you it already exists!

I'm sure Mark has taken all this into account (pardon the unintentional pun), if it was a problem it would have surfaced by now.