[Request] Lock Account and Require Email Activation

[Brett B]

I'd like to request the ability to lock a member's account and require that they click on a link in an email that is sent to validate their email address. This would be beneficial if you suspect a member's email address is fake, especially if you don't require email validation for registration.

[Wondering Soul]

I doubt this would ever be done purely because that's what email validation at registration was designed for. If you check at registration, then there is no need for this, if you have that function turned off, then instead of having a feature like you suggested, you could just turn it on...

[Brett B]

Well I don't use email validation, so this is useful for the occasional use.

[China J]

Well the suggestion defeats itself purely for the fact that how can you send them a email and ask them to validate it if the email is fake or invalid? I would prolly like to see a PM sent to those who emails have bounced back and ask them to update their information. Ideally when you see the bounced back list you should have the option of placing them in validation and then you can send those persons a PM asking them to update their info imo :P

[Brett B]

Well the suggestion defeats itself purely for the fact that how can you send them a email and ask them to validate it if the email is fake or invalid? [b]I would prolly like to see a PM sent to those who emails have bounced back and ask them to update their information. Ideally when you see the bounced back list you should have the option of placing them in validation and then you can send those persons a PM asking them to update their info imo :P[/b]

Well the point would be that their account would stay locked if the email could not be validated. I didn't think of your idea (in bold) but it makes sense :)

[China J]

Well the point would be that their account would stay locked if the email could not be validated. I didn't think of your idea (in bold) but it makes sense :)

What about those who's info is simply out of date because they have not updated it? Locking their account would drive them away without the opportunity to update their info.

That's why I think a PM would be a better option asking them to open their control panel and update their email. Once that is done, if they are still part of validation group, they can click the resend validation link and become a normal member again. We just need a better way of handling bounced back emails so we can quickly moderate them.

[Brett B]

What about those who's info is simply out of date because they have not updated it? Locking their account would drive them away without the opportunity to update their info.

That's why I think a PM would be a better option asking them to open their control panel and update their email. Once that is done, if they are still part of validation group, they can click the resend validation link and become a normal member again. We just need a better way of handling bounced back emails so we can quickly moderate them.

Ok, that works. My original intention was to use this for trouble-maker members who I think may have intentionally used a fake email address.

[Cool Surfer]

I'd like to request the ability to lock a member's account and require that they click on a link in an email that is sent to validate their email address. This would be beneficial if you suspect a member's email address is fake, especially if you don't require email validation for registration.

Very useful feature.

[blackfalcon]

could you not put their account in the Validate group and dispatch a link with their account validate link, or is this only available with vbulletin?

[blackfalcon]

yes I just tested. Make the suspect in the validating group, and go to management, click on manage validating and select "resend activation code"

Though, being able to move all members into this group at once would be nice, if you run a large forum and you do random checks like this.

[msliq]

I don't know if this is a bug, but I am the board owner and I locked myself out of my own board because my 3 incorrect password login attempts locked the admin account.

Is there something I can do on the mysql backend to correct this?

[sunrisecc]

Isn't the timeout 15 minutes or did you set it longer?

[msliq]

i don't remember setting that time limit, but i did put on a 3 strikes account lockout thinking it would apply ONLY to members - not to admins esp. if we could reset it using our admin emails!

[sunrisecc]

If I remember correctly, it does not lock the root admin out of the ACP. Hence you can go in and remove the lock that way and then log into the board. There were topics about this a long time ago.

[Chris Rudnicki]

i don't remember setting that time limit, but i did put on a 3 strikes account lockout thinking it would apply ONLY to members - not to admins esp. if we could reset it using our admin emails!

Would it not be smarter to have the feature on administrative accounts too?
I mean, unless you want a brute force attack on an admin's account.

[msliq]

If I remember correctly, it does not lock the root admin out of the ACP. Hence you can go in and remove the lock that way and then log into the board. There were topics about this a long time ago.

i can't get into the ACP either - i'm completely locked out of my account. looks like a complete reinstall and loss of data, but i'm hoping to reset on mysql backend so i can avoid this horror.

[sunrisecc]

Use PHPMyAdmin and reset the lock unless someone changed the password on you. If that is the case, you have bigger problems.

[sunrisecc]

If you want detailed help, create a topic in peer-to-peer and you can get the command if needed.
You can also submit a ticket.

In effect, you have hijacked an old topic and are asking for help in a feedback forum..