Jump to content

Community

Questions about discrepancies with the different log in methods.


rM//AndY
 Share

Recommended Posts

Hello IPS,

Two simple questions:

- When logging in with Twitter Connect, you are asked to manually enter an email address. If User Validation is set in the ACP, shouldn't the email address entered during this type of registration be validated by the board? Facebook Connect seems to provide IPB with the user's email address (which was already validated by Facebook). I believe I saw an option to change that address, does Facebook allow a user to enter one manually and skip the validation process this way as well?

- Twitter Connect allows you to attach your Twitter log in to an existing account, during the Twitter Connect log in/registration process. Any reason why Facebook Connect doesn't give you that option?


Thanks!

Link to comment
Share on other sites


Hello IPS,



Two simple questions:



- When logging in with Twitter Connect, you are asked to manually enter an email address. If User Validation is set in the ACP, shouldn't the email address entered during this type of registration be validated by the board? Facebook Connect seems to provide IPB with the user's email address (which was already validated by Facebook). I believe I saw an option to change that address, does Facebook allow a user to enter one manually and skip the validation process this way as well?



- Twitter Connect allows you to attach your Twitter log in to an existing account, during the Twitter Connect log in/registration process. Any reason why Facebook Connect doesn't give you that option?




Thanks!




Facebook does allow that. :unsure:
Link to comment
Share on other sites


Linking to a logged in user. Just go to User CP > Profile > Manage Facebook Connect.




Sure, but I was talking about giving the option during the initial log in/registration (as Twitter Connect does), to prevent users from inadvertently creating duplicate accounts.

Either way, my main concern is still the lack of email validation when using these log in methods. Any thoughts on that?
Link to comment
Share on other sites

I don't know if you're allowed to require email validation with those login methods. The agreements for using twitter/facebook are pretty long winded, and quite strict on what you can and can't do to their members. For example: did you know that you aren't allowed to have the facebook sign in link any smaller than your largest other sign in link?

Link to comment
Share on other sites

I meant that if you visit an IPB with Facebook Connect option available, and go to the login form or registration page, and put in your Facebook details, you should be able to then associate with an existing account, just like you can with Twitter. At least, it used to be this way.

Link to comment
Share on other sites


You have to validate your email to use twitter and facebook, don't you?



Sure, but IPB doesn't take the email address from Facebook or Twitter, it asks you to enter one. At that point, you can enter whatever you want and it isn't validated against anything.


I don't know if you're allowed to require email validation with those login methods. The agreements for using twitter/facebook are pretty long winded, and quite strict on what you can and can't do to their members. For example: did you know that you aren't allowed to have the facebook sign in link any smaller than your largest other sign in link?



I don't see why not. If Facebook/Twitter connect provided the email address that the user already validated on those sites, then sure, I'd agree with that. However, the user is asked to enter an email address to access the board, I think this falls under IPB's jurisdiction.


I meant that if you visit an IPB with Facebook Connect option available, and go to the login form or registration page, and put in your Facebook details, you should be able to then associate with an existing account, just like you can with Twitter. At least, it used to be this way.



That's the thing, unless I'm remembering wrong, it didn't give me that option when I tested it a couple days ago.
Link to comment
Share on other sites

How to spam IPB 3.1 boards like a pro:
1. Get a twitter account
2. Log into forum with twitter acount
3. Provide fake email addy
4. Spam board
5. Disconnect twitter acount from forums before bannage
6. Rinse and repeat with same account, no captcha at all :)

Link to comment
Share on other sites


How to spam IPB 3.1 boards like a pro:


1. Get a twitter account


2. Log into forum with twitter acount


3. Provide fake email addy


4. Spam board


5. Disconnect twitter acount from forums before bannage


6. Rinse and repeat with same account, no captcha at all :)




You do need a captcha to join twitter. And a validated email account.
However, if you really wanted to spam "like a pro" you would
a) hire people on Mechanical Trunk to fill out signups and captchas for pennies an hour
b) write a bot to do it for you.

You also fail to take into account the IPS spam service, which would catch this somewhat quickly.
Link to comment
Share on other sites


You do need a captcha to join twitter. And a validated email account.


However, if you really wanted to spam "like a pro" you would


a) hire people on Mechanical Trunk to fill out signups and captchas for pennies an hour


b) write a bot to do it for you.





But thats the thing, you just need one valid twitter account, after that you can enter in fake email addys into IPB because twitter doesn't give it the email addy otherwise. Plus IPB doesn't verify validate the email addy and theres no captcha on the twitter page. You can also disconnect twitter from the account afterward.
Link to comment
Share on other sites


But thats the thing, you just need one valid twitter account, after that you can enter in fake email addys into IPB because twitter doesn't give it the email addy otherwise. Plus IPB doesn't verify validate the email addy and theres no captcha on the twitter page. You can also disconnect twitter from the account afterward.



And if you just use 1 valid twitter account, the IPS Spam Service would catch on.
Link to comment
Share on other sites


Aight. Here's the fix.


Change the default user group.


Tada.


http://screencast.com/t/MmI1NjY5YTct




Have fun not being able to mass approve the validating members :) Because the validating group is not the same as the validating page which requires the members to be inserted into a special table for that :P



And if you just use 1 valid twitter account, the IPS Spam Service would catch on.



I don't think it even checks twitter accounts at least I haven't seen it in the code
Link to comment
Share on other sites


Have fun not being able to mass approve the validating members :)



...Email validation.




And if you just use 1 valid twitter account, the IPS Spam Service would catch on. <-- I don't think it even checks twitter accounts at least I haven't seen it in the code



I assume it does, im sure an IPS staff member can take a look and update us on that.
Link to comment
Share on other sites

If you're having such a problem with with Twitter registrations then why don't you turn it off?

I think a better suggestion in this whole thing is a way to disable Twitter Registrations or specific types of registrations at the administrators discretion via the "Disable new registrations?" setting. It should be a multi-select that allows you to choose if you would like only FB and IP.Board registrations but still allow for Twitter connect but not registrations. <_<

Maybe that would work for those that are getting so many?

Link to comment
Share on other sites


Sure, but IPB doesn't take the email address from Facebook or Twitter, it asks you to enter one. At that point, you can enter whatever you want and it isn't validated against anything.



Wrong about the FaceBook one. It does pull the email address from it and if it's prompting for an email address, then that means the person already has an account on there using that same email. Otherwise, it won't ask for it at all.

With Twitter though, yeah, it prompts for the email address even if it's not already in use. Just pop them into a member group where they can't access profiles (so they can't disassociate the accounts via your board) and you should be good to go.
Link to comment
Share on other sites

  • 3 months later...
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy