Could it be possible to suggest that while the registration process is going on that an email could be sent with a validation code that the user has to put in a box right then and there, instead of emailing after the registration process a validation link to activate the account?
So if the email is not valid an account will not be created in the first place.
And then the account should be automatically validated as they did that with the activation code.
PHPBB.NET Support
Welcome to the PHPBB.NET - Free Forum Hosting
Suggestion for validation of accounts via email address.
4 posts • Page 1 of 1
Suggestion for validation of accounts via email address.
by LAokay on Wed Aug 26, 2009 4:09 am
- LAokay
- Posts: 4
- Joined: Wed Aug 26, 2009 4:02 am
Re: Suggestion for validation of accounts via email address.
by LAokay on Wed Aug 26, 2009 2:44 pm
It's so the database won't grow to such a large size with unactivated spambot accounts, or just unactivated users in general.
Maybe you have unlimited hard drive space and unlimited time to maintain a message board but I don't. I need an easier way to stop the spambots from filling up my database with junk.
The captcha doesn't seem to do that much when in a few days I can have over 100 spambot accounts un-activated on my message board. Granted they are not activated, but through the ACP it will timeout when trying to remove the unactivated accounts (even with a 5 minute timeout), and I have to used a sql database editor to do it manually, or I could spend days trying to remove accounts through the ACP, one at a time (so it won't timeout after 5 minutes).
My request I believe will stop the bots in their tracks when they can't even get an unactivated account unless they confirm their email right then and there. Basically right now it creates the unactivated account, and then sends the email. I would prefer it doesn't even create the account until a validation code is entered from that person's email (if it is a person at all).
Think of it as you are at a car dealership and they won't let you test drive a car unless you show your drivers license to them.
They'll let you sit in the car, but not drive it. I don't want anybody sitting in the cars unless they're going to drive them.
So basically this would force a real person to check their email just before registration/activation is complete, put in the code in that email, and then registration/activation is complete. Does it matter that the email was sent mid-registration? All spambot accounts that then put in a fake email address will not get an account, and there won't be hundreds or thousands of spambot accounts sitting at the end of a week waiting for me to remove them all.
Or does somebody else have a better idea?
Maybe you have unlimited hard drive space and unlimited time to maintain a message board but I don't. I need an easier way to stop the spambots from filling up my database with junk.
The captcha doesn't seem to do that much when in a few days I can have over 100 spambot accounts un-activated on my message board. Granted they are not activated, but through the ACP it will timeout when trying to remove the unactivated accounts (even with a 5 minute timeout), and I have to used a sql database editor to do it manually, or I could spend days trying to remove accounts through the ACP, one at a time (so it won't timeout after 5 minutes).
My request I believe will stop the bots in their tracks when they can't even get an unactivated account unless they confirm their email right then and there. Basically right now it creates the unactivated account, and then sends the email. I would prefer it doesn't even create the account until a validation code is entered from that person's email (if it is a person at all).
Think of it as you are at a car dealership and they won't let you test drive a car unless you show your drivers license to them.
They'll let you sit in the car, but not drive it. I don't want anybody sitting in the cars unless they're going to drive them.
So basically this would force a real person to check their email just before registration/activation is complete, put in the code in that email, and then registration/activation is complete. Does it matter that the email was sent mid-registration? All spambot accounts that then put in a fake email address will not get an account, and there won't be hundreds or thousands of spambot accounts sitting at the end of a week waiting for me to remove them all.
Or does somebody else have a better idea?
- LAokay
- Posts: 4
- Joined: Wed Aug 26, 2009 4:02 am
Re: Suggestion for validation of accounts via email address.
by LAokay on Fri Aug 28, 2009 6:40 am
OK, well at least I got my thoughts out.
I didn't mean to turn it into some rant.
I just think there is a better way for the activation process to insure bots stay out.
I just wanted to suggest that because it aggravates me that I have to clean up such a big mess because of the software.
I do like the software tho. Take my suggestion as a little helpful criticism.
I didn't mean to turn it into some rant.
I just think there is a better way for the activation process to insure bots stay out.
I just wanted to suggest that because it aggravates me that I have to clean up such a big mess because of the software.
I do like the software tho. Take my suggestion as a little helpful criticism.
- LAokay
- Posts: 4
- Joined: Wed Aug 26, 2009 4:02 am
4 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 47 guests