cotonti.com : Email transition https://www.cotonti.com Son konu mesajları Cotonti en Wed, 26 Nov 2025 08:09:28 -0000 Antar # oc : It is amazing that there is an actual plugin for this:

http://www.neocrome.net/page.php?id=2070

I did not know about this, codes are not likely but it is really interesting that this has been done before exact method and nobody knows.
I am using this at least 2 years]]> Çrş, 04 Şub 2009 01:47:14 -0000 Dilster3000 Çrş, 04 Şub 2009 01:21:30 -0000 oc
http://www.neocrome.net/page.php?id=2070

I did not know about this, codes are not likely but it is really interesting that this has been done before exact method and nobody knows.]]> Çrş, 04 Şub 2009 01:18:23 -0000 m_ogz Pzt, 02 Şub 2009 05:18:25 -0000 Trustmaster Paz, 01 Şub 2009 20:32:39 -0000 oc Paz, 01 Şub 2009 18:39:18 -0000 Trustmaster [list=1]
  • When changing email, prompt for password.
  • Optional (set in Admin Config) email revalidation when changing email.

    • Disagreed that email validation is something that puts bad guys away, though. It's not a problem to register a new mailbox for doing some harm :-)]]>     Paz, 01 Şub 2009 05:16:02 -0000     Kilandor Paz, 01 Şub 2009 03:32:23 -0000 oc Paz, 01 Şub 2009 03:30:08 -0000 Trustmaster [list=1]
  • Activation e-mails don't reach user mailboxes due to insane spam policies, which is no good. Usually have to re-register with another mailbox in this case.
  • Sometimes you have to change email because the old mailbox is no longer valid, so it does no help if the activation email is sent to old box.

    • Well, if you talk security, the problem is that if somebody has intercepted user's session, he can go to profile, change email and request password recovery for that email. And this way he steals the account completely. If all you want to avoid is this problem, I would advise just prompt for a password when user changes email. No complex coding, no extra database stuff.]]>     Paz, 01 Şub 2009 03:00:18 -0000     oc
    @Brock:
    Well, you are right. This is why my old method is better. I actually don't see no reason to take precautions after user/hacker is on the profile. Actually most of the systems doesn't have this method (I've never seen before for myself). And if user intends to change his/her email, after reading instructions and warnings he should be careful.

    Anyway, I coded two different methods, pick one. (Second one is not my favourite, but there are some features we can use even if we choose one (like no mail send if email checks on reg is off-same end)

    @Kilandor:

    You can't foresee what may happen if I go your way.

    I actually was not too happy with the recent hack, because I used "user session identifier" but it was a strict hack, I won't try and explain the reasons I changed user group, but this code may be better.

    So, forget all coded before, new code is:

    users.profile.inc.php

    Before the code:

    	/* ============= */
	default:
	/* ============= */

	break;
    http://www.cotonti.com/pastebin/10

    After the code:

    	$rusertheme = ($ruserskin != $row['user_skin']) ? $ruserskin : $rusertheme;
    http://www.cotonti.com/pastebin/11

    After the code:

    		$ruserbirthdate = ($rmonth==0 || $rday ==0 || $ryear==0) ? 0 : sed_mktime(1, 0, 0, $rmonth, $rday, $ryear);
    (replace the little string about 'email transition')
    http://www.cotonti.com/pastebin/12

    Of course, the update sql part part would be like this now:

    			user_email='".sed_sql_prep($ruseremail)."',

    Replaced with:
    $newmail

    $profile_form_email and skin tags remain like my previous post, like I said these are actually notes for myself, not to forget how code was, It would be nice the new release to come out, not able to code sucks.

    Oh, I almost forgot, say hello to our little friend:

    ALTER TABLE sed_users ADD COLUMN user_newmail varchar(64) collate utf8_unicode_ci NOT NULL default '';
    ]]>     Cmt, 31 Oca 2009 23:28:03 -0000     Brock Cmt, 31 Oca 2009 23:24:50 -0000 Kilandor That way say someone steals your account the email change request goes to you, and not the person trying to steal your account.

    And cool you used my pastebin :)]]>     Cmt, 31 Oca 2009 10:43:44 -0000     oc
    Process is, if user is able to change his/her email (still with the option from administration/users) and if he changes his email, an activation email is being send, and this way email's validity is checked, and one mail/one user policy is remain safe.

    Already coded and imported the language stuff, but because of the "no enhancement after Jan 25" it is N-0.1.0 feature. (If not liked, sure will be cancelled)

    What do you think ?

    ~edit: so, code in, users.profile.inc.php, right after the code:

    		$ruserbirthdate = ($rmonth==0 || $rday ==0 || $ryear==0) ? 0 : sed_mktime(1, 0, 0, $rmonth, $rday, $ryear);

		if (!$cfg['useremailchange'])
			{ $ruseremail = $urr['user_email']; }
    http://www.cotonti.com/pastebin/8

    Same on that file, change the whole $profile_form_email with:

    $profile_form_email = ($cfg['useremailchange']) ? "<input type=\"text\" class=\"text\" name=\"ruseremail\" value=\"".sed_cc($urr['user_email'])."\" size=\"32\" maxlength=\"64\" />" : "<input type=\"text\" class=\"text\" name=\"ruseremail\" value=\"".sed_cc($urr['user_email'])."\" size=\"32\" maxlength=\"64\" disabled=\"disabled\" />";

    And in users.register.inc.php, change whole 'validate' part with:
    http://www.cotonti.com/pastebin/9

    And of course, last, add after {USERS_PROFILE_EMAIL}:

    					<div style="font-size: xx-small;">{PHP.skinlang.usersprofile.Emailnotes}</div>

    Not the perfect usage of new Pastebin but I wanted you to see code and bug fix it, and to keep the code here safely.]]>     Cmt, 31 Oca 2009 07:18:33 -0000