Advanced search  


cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.

Pages: [1]   Go Down

Author Topic: Only notify on confirmed registration  (Read 2879 times)

0 Members and 1 Guest are viewing this topic.


  • Coppermine newbie
  • Offline Offline
  • Posts: 10
Only notify on confirmed registration
« on: April 14, 2006, 02:56:27 pm »

When a user registers, I would like to receive a notification ONLY when that user has actually activated his account. Now I get one too on every registration attempt. The text like: "A new user with the username "blabla" has registered in your gallery" is, IMHO, premature. That user may not receive his activation link, or may otherwise choose not to activate after all. As the admin, I really only like to get a notification of people who actually successfully went through the whole process.

Thank you for your consideration.
« Last Edit: April 14, 2006, 10:04:49 pm by GauGau »


  • Coppermine frequent poster
  • ***
  • Offline Offline
  • Posts: 199
Re: Only notify on confirmed registration
« Reply #1 on: April 19, 2006, 10:16:49 pm »

I second this suggestion.  It will minimize the workload on the Administrator.

Aside from the reasons stated, the user might not have a valid email address (I have not tested yet whether the program has a way of rejecting invalid addresses or those attempting to use the same email address (when this feature is disallowed as indicated by the Admin in the "Configuration" panel.

I have a commercial calendar program that has option to require registration, I challenged this by registering an invalid email address, and it included the username in the database anyway.



OK, I decided to do a preliminary test on this. 

First test:
I decided to register using a fictitious email address ( and did not provide anything except a username and fictirious email address.  The system responded that an email was sent to the Administrator for approval. 

"Thank you.

Your request for account activation was sent to the admin. You will receive an email if approved."

Several issues come up hear. 

What would be the basis for Admin to approve someone, (s)he does not know.  Since I did it, I knew that the email address was fictitious.  However, how would an Admin know a seeming real email address, e.g., johndoe@yahoo,com

In the Config, I required email validation.  The note sent to the registrant did not indicate such validation is required.

I suggest therefore that the sequence be reversed, if validation is required of the registrant.  After the registration was done, the registrant is informed on the screen that (s)he must respond to the automated email.  [This should not be told but should be obvious that this is to confirm that an email provided is valid.].  In the same screen note, it must state also once the registrant has responded to the auto-email, the registrants name will be sent to the Administrator for consideration.

Second test:
My config specified that no two usernames may use the same email address.  The CPG system was able to detect that another user was using the same email address. [I used the same fictitious email address.

The second scenario leads to other issues. 

Does the software have a mechanism to weed out in the database fictitious email addresses during registration?
Does it have a mechanism to weed out registered users who no longer have a correct email address?

« Last Edit: April 19, 2006, 11:53:07 pm by cgc0202 »
Pages: [1]   Go Up

Page created in 0.019 seconds with 19 queries.