[pmwiki-users] A robust user registration module
wordituk at googlemail.com
Thu May 27 09:16:31 CDT 2010
In reply to various issues above.
- The user clicks on a link, a "GET" query string. They do not have to
- The data does not have to be stored *before* verification because
the data will be sent back when the user clicks the email link, and
the key tells us if it's correct.
- Upon successful verification the email and any other data has been
stored, so you have the data to unsub an email address. Just look it
up by supplying the storage page.
- This also works for email subscription only sign-ups to newsletters
or Notify, for users without accounts. It should not require a
username and password.
- Unsubscribing uses the same mechanism. The email is again hashed
with a secret. The user clicks the link, the key is checked, voila!,
verified or not.
- You can verify any info like this. It is not only against spammers,
but also hijacking. Only the real user has access to their email
account.That is the second reason for sending emails.
- The sign-up system could allow the admin, or other cookbooks, full
control. They specify which fields, only email is mandatory.
They specify where to write the verified data, and the separator.
fields: email, user, password
More information about the pmwiki-users