Register and login method

[NHO123]

Hello,

On our site we register users doing the following which has been possible with WP core since 4.3+:

1. Asking their mail address only
2. Generating username from mail address ( alias part )
3. WP core is then sending a mail to the user with a link he must click in order to set his password before he can login to the site. ( in that way SMAMMERS and false mail addresses are not possible )
4. We don't log the user in directly.

So my questions are.

1. Can the plugin support this register method
2. Can we avoid that the user is logged in as soon as he click the "send" button on the support form ?

[mayeenulislam]

I got that. I know your concern. We've thought about it earlier.
But have you faced any spam account creation with our registration method?

[NHO123]

Yes, this has 2 sides.

1. As far as I can see you plugin leaves the options for us to register the user sending him user name and password. By that we don't get SPAM. But as we need same register method here as all over the site we need to register the user by thsi method:
   1.Asking their mail address only
   2.Generating username from mail address ( alias part )
   3.WP core is then sending a mail to the user with a link he must click in order to set his password
   before he can login to the site.
2. By logging the user in directly upon register/sending support request he can SPAM with false mail adddres.

[mayeenulislam]

First of all, the plugin has capability creating username from email address and it's configurable from GUI settings page. So that part is closed. 😄

I know there are spam issues in quick registration process, but can you confirm that, something already occurred? Because we followed the way WooCommerce did. And you know how big their user base is. If they are not facing any spam user creation with on-the-spot-session-cookie-creation, then we're not concern by this time. (lame excuse 👊 )

Can you please observe and inform us about any spam account creation through our registration process?

[NHO123]

1. Yes, that can work.
   But how can we set it up so that we only ask for mailadress in the form. And then the username is created from mailaddres ( possible from WP core 4.3+ )
   As it is, the form ask the user for both username and mail address.
2. We don't need WooCommerce to learn us how this works :-) When logging in users directly you see SPAM and false mailadresses SPAMMING the site and its users. That's why we need the user to confirm their mailadress as indicated above.

[NHO123]

1. I see now that I can set it up so that only mail address is being asked. This setting: http://screencast.com/t/C1yfuaabS
   Still have the question if it can setup so that user has a password se link upon register from form. Possible from WP core 4.3+ ) As it is, it sends an email with username and password in, not a link from which the new user set his own password.
2. Direct login I can't see how is possible to avoid. That is worst thing in relation to SPAM and false mail addresses.

[mayeenulislam]

Updated FAQ with your queries regarding Automatic username and password creation.

The link-to-verify feature is not present in this plugin. So, you're requested to not waste your time searching for it. 😃
If you want the feature, it's open to contribute anytime. 👍

[NHO123]

Ok thanks.

I am not strong in how this works. Contribute ? Does it mean that I should have it developed and add ?

Issue no 2 Direct login I can't see how is possible to avoid. That is worst thing in relation to SPAM and false mail addresses. Can that be done with the pluging ?

[mayeenulislam]

If you can't contribute, let us decide your suggestion and feature request. Because still, we've a lot of things to do, you know. We'll sort things out and implement good things (suggested by good users like you), but when it's good time for us.

And in development process there are hierarchies of features, where one is dependent on the other. So let us decide please. We'll inform you about new updates, and you will be notified via our Github issue managers whenever a ticket is closed. 😃

The link-to-verify feature is not present in this plugin.

There's no plugin over our plugin is available now.

[NHO123]

Ok, so for "The link-to-verify feature is not present in this plugin" i do have a request here and will see if this is implemented - right ?

And for 2:
"Direct login I can't see how is possible to avoid. That is worst thing in relation to SPAM and false mail addresses. Can that be done with the plugin ?"
I will have to wait to see if this is implemented or is there a way to prevent users from being logged in directly now ?

[mayeenulislam]

no. 1 ✅
no. 2 if you are meaning when a user submit a ticket, with that submission they are logged in, and you want an intervention there using a link-to-verify thing, then it's covered in no. 1.

[NHO123]

No 1 :-)
No 2 No, it is not covered by No 1. as this problem login directly in is more severe. No matter which flow is used logging in users directly can be done or not.

[mayeenulislam]

I think we're talking about this thing, as you said:

Can we avoid that the user is logged in as soon as he click the "send" button on the support form ?

Can you please elaborate, how it's different from no. 1 and how do want to deal with this? For less description, you can use screenshot. 😃

[NHO123]

1. This takes care of the method used to convert a guest to a user. As you support it now a username password is mailed to the user. Even though you don't yet support the first time password method as WP support fom ver 4.3 the above is good enough a users needs to check his mail before he is able to login.
2. BUT, as you as it is simply log the user in without anything else he is capable of SPAMMING the site and the users even though he used a false e-mail address.

So, if you simple provide a method of not loggin in users when pressing "send" on a support ticket no 1 issue above is les important.

[NHO123]

Hello,

Is there any plans to implement a setting so that when guests open a ticket and in the same time is registered he is not logged in directly ?

[mayeenulislam]

Not sooner. It may sound ridiculous, but not sooner, until there's a proven breach.
Because we've taken all the known measures (except the link-to-verify method and captcha) to prevent bot account creation.
But it deserves taking action in future.

[mauamolat]

I agree