Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-13811

Add a confirmation step when a user changes their own email address in their profile.

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.9
    • Fix Version/s: 1.8.6, 1.9.2
    • Component/s: Authentication
    • Labels:
      None
    • Affected Branches:
      MOODLE_19_STABLE
    • Fixed Branches:
      MOODLE_18_STABLE, MOODLE_19_STABLE

      Description

      Currently there is no process and any new email address is accepted.

      I think we could do it like this instead:

      • User edits profile and submits form
      • If email is different then:
      • Do NOT update the real profile email yet.
      • Save that new email in a user preference together with a random key.
      • Send an email to the NEW address with instructions and a link containing the secret key.
        eg http://moodle.org/user/emailchange.php?id=y73nj3bh3b3m7678bbhbhbhbh3bh34
      • User finds the email, clicks the link, and a script:
      • verifies the secret key,
      • changes the profile email to the new one and
      • deletes the user preference

        Gliffy Diagrams

          Attachments

          1. MDL-13811_002.patch
            8 kB
          2. MDL-13811_003.patch
            9 kB
          3. MDL-13811_004.patch
            8 kB
          4. MDL-13811_005.patch
            9 kB
          5. MDL-13811.patch
            8 kB
          6. MDL-13811.png
            MDL-13811.png
            102 kB
          7. MDL-13811b.png
            MDL-13811b.png
            88 kB

            Issue Links

              Activity

                People

                • Votes:
                  3 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    11/Jul/08