Jump to content

What problems could users encounter whilst trying to Register?


JTallis

Recommended Posts

Okay, so I'm in a bit of a mess.

 

The two main problems that users could encounter when Logging in, are:

- Account Suspended/Banned

- Forgotten Password

 

But, can you think of two relating to Registration? I thought of "Email being taken", so if someone else signed up using your Email. Which.. although that would be unlikely, would be a security risk too. Let's say, I signed up, and then someone else signed up with my Email.. but couldn't. So they contact the site, and I end up being suspended and they gain access. There is no way I can prove who owns a certain Email, so using this method.. would just go to pot and end up people getting Suspended here, there, and everywhere.

 

Do you have any other suggestions?

Link to comment
Share on other sites

Email address conflicts: When someone registers, their registration isn't active until they respond to a confirmation email sent to the address they signed up with. Generally a random hash is sent in the email and the user has to click a link the returns the hash via a GET var, or they can return to the site and enter it manually. If they haven't confirmed, their account remains flagged as inactive, and they are unable to login, or are directed to the confirmation code entry page, etc.

 

Forgotten password: generate a random hash, insert it into the DB using the same hashing algorithm (and salt, if applicable), set a flag in the DB to indicate the user must change their password on next login. Email the random hash to the email address on file so they can login and change their password. You can also implement a challenge/response system the user must pass before the new hash is emailed if you want more security.

 

Suspension/Ban: There's no foolproof method. The user can sign up under a different email address. IP addresses change. As many ways as you can think of to keep someone out, they can think of ways around it.

Link to comment
Share on other sites

No, what I mean is.. for a help section.

 

I already have "forgot password" and "suspension/ban" of-course, people can get around bans but... some people have had to contact the site they were banned on to find out why, and sometimes apply to be unbanned. The reason why I'm not going to provide IP Bans, is for what you said, they change. It would end up banning some innocent person when ones IP changes.

 

I just need to know what problems users could encounter whilst registering. Safe ones. I mean.. there is something like "Not accepting your details?" but... a problem like that would only happen when the registration form has changed recently. Anything else than that... would usually be someone inserting invalid characters... which will be displayed in the errors.

 

If I again haven't made myself clear, let me know. What would be the two main problems a user could encounter when registering, and also only mention ones that aren't going to be a security issue.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.