Would it be possible to have registered users (using their e-mail) be able to signup without having to login?

Greetings,
Twan

Comments

joachim’s picture

joachim commented

You mean, compare the email, and if it corresponds to an existing user account, sign them up?

In theory yes, but then you've got a security hole. Because if I know your email, and I know you have an account on site X, then I can go and sign you up!

You'd need to redirect the user to a password checking form, which will be pretty complicated to do, and about the same UI for the user. Hence simpler to just make them sign up first.

However, a system for delaying the signup until another process has been completed would be useful for other things too.

t.vd.westerlo@2atwork.com’s picture

t.vd.westerlo@2atwork.com commented

No, I would like to signup without the email-check. I know someone can signup another person by using his/her e-mailaddress but the site-owner doesn't care about that.
So any e-mailaddress should be accepted (without logging in) as a signup wether it is a registered user or not.

joachim’s picture

joachim commented
Status: Active » Closed (won't fix)

> but the site-owner doesn't care about that.

Well I do!

t.vd.westerlo@2atwork.com’s picture

t.vd.westerlo@2atwork.com commented

If it's an option that can be turned off (and on) then what's the problem? They then now the risk. Next to that the risk is the same for anon subscribers. Maybe this option can make all signups as anonymoud but shows the mailadresses in the default list of people who sign up (in stead of anonymous)

tomdisher’s picture

tomdisher commented

I'd like to see this functionality as well. Anonymous users can already be signed up for an event, so there isn't much of a difference.

Leiph’s picture

Leiph commented
Status: Closed (won't fix) » Active

I am re-opening this issue.

This feature request is a proven need. For registered users who seldom login an unverified signup (like the unverified comments) would be a great help.

There are absolutely no security risks with an unverified signup, neither the website nor the integrity of the users are at risk. (Actually - the integrity risk is present today: If you enter an email address you will get information about whether it belongs to an account or not.)

Meanwhile - how do I comment out the 'check for existing user'?