-
Type:
Improvement
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 1.9
-
Component/s: Authentication
-
Labels:None
-
Affected Branches:MOODLE_19_STABLE
-
Fixed Branches:MOODLE_18_STABLE, MOODLE_19_STABLE
Currently there is no process and any new email address is accepted.
I think we could do it like this instead:
- User edits profile and submits form
- If email is different then:
- Do NOT update the real profile email yet.
- Save that new email in a user preference together with a random key.
- Send an email to the NEW address with instructions and a link containing the secret key.
eg http://moodle.org/user/emailchange.php?id=y73nj3bh3b3m7678bbhbhbhbh3bh34 - User finds the email, clicks the link, and a script:
- verifies the secret key,
- changes the profile email to the new one and
- deletes the user preference
- will help resolve
-
MDL-3173 moodle open as spam relay
-
- Closed
-