creating an account should wait for confirmation

VERIFIED DUPLICATE of bug 87795

Status

()

Bugzilla
User Accounts
VERIFIED DUPLICATE of bug 87795
16 years ago
5 years ago

People

(Reporter: bbaetz, Assigned: myk)

Tracking

Details

(Reporter)

Description

16 years ago
Currently, when we create an account, we set it up, and mail the password (to
ensure that the user really owns that account)

If the user makes a typo, that means that we end up with a valid account, which
can never be used.

Instead, we should create a token which expires in n days (1-2 ?) which ahs to
be confirmed before an entry is made in teh profiles table.

From endico on irc, there are 48890 accounts, but only 19158 distinct reporters,
and 21976 distinct people who have made a comment. Even if you assume that noone
who has made a comment has ever filed a bug (which is really really really
unlikely), that still leaves us with about 20% of accounts who have never done
either. So unless there is another class of users I've forgotton about, this
accounts for a large number of people, and so this would also be worth doing.

This also ensures that the postmaster doesn't get bounces from incorrect emails,
and that you can't cc a user (and thus give them spam mail) before their account
is activated.

We'd obviously then have to check the tokens table for these sort of email
adressess, just like we currently check them for email changes in progress.
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → DUPLICATE

*** This bug has been marked as a duplicate of 87795 ***

Updated

11 years ago
Status: RESOLVED → VERIFIED
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.