Email change Verification

Someone registers, gets approved, then they decide to change their email address in their profile. I noticed the system does not require them to re-verify. This opens the door for people to change their email address to non functioning ones or worse, Is this feature available and I'm just missing it or is it something we need to request on the next build? I think it's a very important security issue.

Hello!

Email verification during profile edit is equal the same process during join. If u want that user lost his Active status then disabel option in admin panel->settings->moderation settings section - "Do not change profile status after editing profile information:".

Regard

Ok, here's the three choices:

1. Automatic profile activation after joining:
2. Do not change profile status after editing profile information
3. Automatic profile confirmation without confirmation email

Now, which ones do I select to make the system send a re-validation email if they change their profile? I do not want them to just be able to change it without validation and I also don't want to spend all day manually confirming profile changes.....

Changing the email address in account testuser does not result in an automatic validation email, no matter what setting you use in admin/settings/moderation.

If I login as admin and go to settings/moderation I can manually send a confirmation email for account testuser.

Once I send the email, I click on the link of the received email and I get an error message telling me that testuser is already approved.

I go back to the site and I have no access as the testuser. Account has not been re-approved (possibly reading information from initial registration approval?).

I login as admin and the membership for testuser has not been approved nor do I get any meesage telling me the confirmation email was sent or even successfully validated.

I cannot make a determination if the email was successfully validated as an admin so I cannot approve his account. This system is as backwards a setup as I have ever seen. I would really like to resolve this as I am almost to the point of opening my site. If I am being stupid, by all means, make me look stupid. My feelings aren't that fragile. I need this to work and I'll shake your hand if you can point out my error.

Bumped

I dont wanna have users too, who can edit the "username" and "email"! Plz fix this!

I don't think the nice folks at Boonex are understanding the issue.

The only way to disallow email change without validation is to turn off "Do not change profile status after editing profile information" but all that does is force the administrator to approve the profile change.  Not only is that a pain, but it doesn't address the core issue - email change AFTER an account has already been confirmed ensuring that the new email address is confirmed before it's actually changed.

I think I understand why Boonex folks either don't understand or have a hard time fixing it.  It's because there's currently no table or method to save the email desired to be changed to as a temporary storage until it's confirmed.

What should happen is, on profile edit, if email is one of the items changed, the changed value is inserted into a ProfilesChange table with field names of ID and Email, and a confirmation email is sent to that new address.  If it's confirmed, then the Email from that Profiles table for the affected account is overwritten with the Email from the ProfilesChangetable, then that row is deleted from the ProfilesChange table.

 Sounds good to me. Why don't you write something up to help us?

Which setting will SEND out an email confirmation letter, and when they click on the confirmation link, the system will automatically give them access to their account (so I won't have to activate/approve it)?

Thanks,

Blaine.

The way it is set up now, it is virtually useless. after the initial signup sends the confirmation email, it's done. You can either set it up to allow the members to make any changes they wish or you can set it to disable the membership if any changes are made after the confirmation email is sent. The second setting requires the admin to manually edit each account that becomes disabled if a member makes even the smallest change. This is time consuming and completely useless.

Trying to get anyone to listen on this point has failed. the system needs to be able to automatically send re-confirmation email if the email address is adjusted.

Hi SkyForum,

I do know that if you check the box to the right of:

Admin --> Settings --> Moderation Settings --> Do not change profile status after editing profile information

... the profile will not be de-activated, So, if a members makes the slightest change to their profile, The status of the profile (ie: promotion) will not change and you WILL NOT have to activate the profile AGAIN!

I agree that the "email" re-verification needs work.

Blaine.