ticalc.org
Basics Archives Community Services Programming
Hardware Help About Search Your Account
   Home :: Archives :: News :: Account verification required

Account verification required
Posted by Magnus on 27 January 2002, 13:46 GMT

We have just launched a new system on ticalc.org used to verify the email addresses that are connected to the user accounts on our site. This is done because we have found there to be a lot of accounts that have old non-functioning email addresses registered, which causes us a lot of problems when communicating with the users.

When an account "expires", the user will be asked at login time to verify the email address. This is done by having the page send an email to the registered address, and then using a web based form to input a code that is sent in that email. Assuming that the recipients mail server is online, the whole process should take no more than a minute or two.

All current accounts have been given a random time for "last verified". This means that all current accounts will get the verification prompt sometime between today and approximatly two months from now.

 


The comments below are written by ticalc.org visitors. Their views are not necessarily those of ticalc.org, and ticalc.org takes no responsibility for their content.


Re: Account verification required
Ding Chavez  Account Info

something is fishy about this from TI-Calc...they're gonna pull of plan B maybe next month, and from here, its all downhill.
Oh, BTW, I got the Voyager 300. Its in the box right now, because I am collecting money from people who made bets with me in school believing that I wouldnt buy it. Already made $40 so far!

"Werewolves were the only species to survive...Humans? Just a lame excuse for god's perfect creation!"

"For us to become werewolves, we must think like the mighty werewolf."
AWoooHHOoooHOoooHooo

Werewolf.com

     29 January 2002, 07:23 GMT

Re: Re: Account verification required
depleateduranium Account Info
(Web Page)

LoL. ;=)

     29 January 2002, 13:29 GMT


Re: Re: Re: Account verification required
DasBoot  Account Info

I'd bay a lot to get your handle...

     29 January 2002, 21:21 GMT


Re: Re: Re: Re: Account verification required
S. G. Account Info
(Web Page)

Even though it's misspelled?

     31 January 2002, 19:29 GMT

Re: Re: Account verification required
Michael Vincent  Account Info
(Web Page)

Are you sure? Because it's "Voyage" not "Voyager" and it is also "200" not "300."

     29 January 2002, 14:17 GMT


Re: Re: Re: Account verification required
Robert Mohr  Account Info
(Web Page)

It's just like the Rolexx I got for $20.

     29 January 2002, 21:16 GMT

Re: Re: Account verification required
Achorny  Account Info

How exactly did you get a Voyager already?

     29 January 2002, 22:14 GMT


Re: Re: Re: Account verification required
lord_nightrose Account Info
(Web Page)

they deleted my 'mock-up' joke. Hmm. Interesting...

Hey TICalc, what's with all the rampant deletion that has been going on lately? You guys never did this before, or at least not this often.

     2 February 2002, 04:20 GMT

Re: Re: Account verification required
lord_nightrose Account Info
(Web Page)

Heh... they delete the comments about his puzzlingly bad English.

     31 January 2002, 15:01 GMT


Re: Re: Re: Account verification required
Achorny  Account Info

Hey, look at my reply above this one. At one time there was a reply to it, but it seem to have "mysteriously" dissapeared.

     1 February 2002, 21:57 GMT


Re: Re: Account verification required
lord_nightrose Account Info
(Web Page)

You're in or you're out.

     2 February 2002, 04:19 GMT

Re: Account verification required
David Phillips  Account Info
(Web Page)

I haven't received one of these emails yet, and I didn't see a place to trigger one, so it might already do this, but just in case, I figured I would mention this idea. As the news article states, a code is sent in the email, and it must be pasted into a form on the website. Would it not make sense to have a complete URL complete with the code in the email, or to have replies sent to the email processed by a script automatically? I would guess that it already does this, and the mentioned code pasting is just a good last resort, but either of the above mentioned common ideas would make things easier for everyone. I mean, how hard is it to process a form via GET instead of POST, anyway? :)

     30 January 2002, 08:16 GMT

Re: Account verification required
Tijl Coosemans
(Web Page)

With PHP, there isn't even a difference...

     30 January 2002, 12:12 GMT

Re: Re: Account verification required
Robert Mohr  Account Info
(Web Page)

With CGI, it's actually easier--you don't have to read STDIN and then split it up, you just read the part of the address behind the "?" (I forget the actual code used though--I haven't used CGI lately).

     31 January 2002, 02:53 GMT


Re: Re: Re: Account verification required
lord_nightrose Account Info
(Web Page)

.../verify.cgi?code= 803469865982364-8807328-
456908625635- 215-21265-2365-6 etc

#! /usr/bin/perl
$code = params('code');

     31 January 2002, 05:13 GMT


Re: Re: Account verification required
David Phillips  Account Info
(Web Page)

Yes, there is a difference! And if you aren't writing your scripts to take advantage of it, then you are seriously misusing the language, and inviting a world of security holes into your scripts.

Using EGCPS as global variables is unfortunately a very common mistake made by programmers new to PHP. You will find a lot of scripts available that are written like this, and as such, you should not use them. I strongly suggest that anyone writing PHP turn the register_globals configuration variable off. Doing so makes your scripts a lot cleaner, and more secure.

The problem with using those variables as global is that you then cannot tell what is what, and have to assume that any variable that exists could have been set by the user. For example, you might set a variable to be true if the user is authenticated, and check it later. If you allow globals to be registered, then the user can pass a GET or POST variable with that name.

     31 January 2002, 15:48 GMT


Re: Re: Account verification required
Magnus Hagander  Account Info
(Web Page)

Processing a form via GET rather than POST is not harder, no.

However, since there is a password involved, you should never *EVER* use GET for the form, since the password will appear in the URL (and thus in all logs - both on the server and on any proxy or whatever that's on the path from client to server - as well as in the history file on the local machine).

Processing responses to an email is a lot more difficult than it seems. Since there are hundreds of different formats of auto-responding out there - some broken mail servers would bounce the entire mail back with just a single line added when the user does not exist, for example.

That said, I have now put the code into the URL that is sent out in the email, which will pre-fill the field in the form. It's not completely automatic, but at least it gets you away from cut-and-paste of the code.

     3 February 2002, 13:29 GMT


Re: Re: Re: Account verification required
David Phillips  Account Info
(Web Page)

Yes, I agree completely. Passwords should never be used via GET, and preferably, by POST, when it is not secured by SSL.

I figured that the email would contain a one time throw away code, which would be sufficient for validating if an account received the email.

You're right about processing the email. I'd forgetten about all that. That's probably why I always use URL's with throw away codes :)

     3 February 2002, 19:56 GMT

Re: Account verification required
DHC015 Account Info
(Web Page)

Ummm, the e-mail address that I used for Author and to register is no longer valid. Will my account be deleted? I'd prefer a different username anyway, but I'd have to re-upload my files and I actually don't have the nice .zips on my computer. Is there someone that I can contact?

     31 January 2002, 05:47 GMT


Re: Re: Account verification required
lord_nightrose Account Info
(Web Page)

You could try reading the previous posts...

Tijl Coosemans
My author email address is outdated too. Who should I contact to have it changed?
27 January 2002, 13:04 GMT

Re: General question
Magnus Hagander
Please contact filearchive@ticalc.org.

     31 January 2002, 15:03 GMT

Re: Account verification required
lord_nightrose Account Info
(Web Page)

I find it interesting that even though the upload queue is labelled as 'heavy', only 3 files have been approved in two weeks.

     31 January 2002, 14:58 GMT


Re: Re: Account verification required
Alan Wu  Account Info

Ditto. Maybe those three files are the only ones that don't require further checking. ;)

     31 January 2002, 23:45 GMT


Re: Re: Re: Account verification required
lord_nightrose Account Info
(Web Page)

Someone probably uploaded 10 GB of porno images in .89e format... heh.

     1 February 2002, 04:04 GMT


Re: Re: Re: Re: Account verification required
lord_nightrose Account Info
(Web Page)

I'm surprised they haven't deleted my porno comment yet...

     2 February 2002, 23:44 GMT


Re: Re: Re: Re: Re: Account verification required
TIPrograms  Account Info

I think ticalc's scripts or something are messed up -- I've gotten 102 downloads so far this week (I usually get around 30-40 if I'm lucky). And programs of mine that usually get around 1-2 downloads a week have gotten around 10 so far. Something's wrong (but, hey, I'm not complaining.)

     3 February 2002, 05:44 GMT

1  2  3  4  5  

You can change the number of comments per page in Account Preferences.

  Copyright © 1996-2012, the ticalc.org project. All rights reserved. | Contact Us | Disclaimer