Dizkus

Hi there, due to recent abuse on my site I have come up with some changes I think would be helpful to those of us who have had to handle situations like mine with PostNuke sites.

First of all, emailing a password to an email address is nice because it at least means that there is some way (at least initially) to contact a user. However, if the user is able to go in and immediately change their email address then this is somewhat of a moot point. They still only need one email address because once they change it, it will no longer be caught by the unique address check. So this is a good first step, but needs better application.

Secondly, I think it would be great to have pattern matching restrictions for both usernames and email addresses. It would also be nice if the words we put in the censorship module are automatically checked against the username during signup. This would also allow us to restrict free email services such as hotmail and yahoo.

Third, if a user changes his/her email address, I think the system should regenerate a password for them and force them to confirm the change. I have literally hundreds of invalid email addresses now.

These are just a few thoughts, I'm sure there are many more. If x-user or some other user hack can do this, please let me know, but the versions I have used don't.

-Lee

I hope someone listens because these are valid points. On one of my sites, which is not a PostNuke site, users can make edits to their profile but all changes go to a separate data table until validated by staff. You've inspired me to add a system there where changes must be validated via an emailed code and return as you suggest.

Slugger

I like the "third" option personally.. and agree it's something to be heavily considered..


-IR

--
http://www.invalidresponse.com