View Issue Details

WikiJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0011112mantisbtsignuppublic2009-11-02 14:342009-11-04 22:03
Reporterwatergad Assigned To 
PrioritylowSeverityfeatureReproducibilityN/A
Status acknowledgedResolutionopen 
Product Version1.2.0rc2 
Summary0011112: Something like the "Terms and conditions" page when registering
Description

Make an support for the "Terms and conditions" page.

It's useful when Mantis gain an official status. You may want to force users to accept your conditions if they want to use Mantis.
The basic logic is:
"do you agree?

  • Yes -> continuing registration
  • No -> You can't use this system until you accept the conditions, die();"
Additional Information

I've done the following:

account_page.php

// after the line 95 [<form method="post" action="account_update.php">]
if ( $t_force_pw_reset ) { //I use it as a flag "it's the first registration instance of account_update.php
echo("<HR/>");
include ( dirname( FILE ) . DIRECTORY_SEPARATOR . 'terms_and_conditions.php.inc' ); // I store the "terms..." text here
echo("<HR/>

I agree with this terms and conditions blablabla I'm too stupid to know how to use lang files and lang_get() properly <input name=\"agree\" type=\"checkbox\"/>

 

<HR/>");
}

account_update.php

// after the line 47 [$t_user_id = auth_get_current_user_id();]
$f_terms = gpc_get_string( 'agree', '' ); // if we came here through verify.php -> account_page.php -> account_update.php

if( !$f_terms ){
    echo("<P>You can use this Mantis only if you accept the conditions blablabla I've already said I don't know how to use lang files.</P>");
    echo("<P>You have your password reset. The corresponding letter was sent to your address. You can try again confirming registration by the link from this email letter.</P>");

user_reset_password( $t_user_id, true );
form_security_purge('account_update');
auth_logout();
die;
}

  1. User receives the letter about his registration, or the letter after "lost password" feature, etc. He goes by the link from the letter.
  2. He opens account page beginning with the password change demand and the "Terms and conditions" text and the checkbox following.
    3.1 He sets the checkbox checked and goes further as it used to be.
    3.2 Or he leaves the checkbox unchecked. We output some kind of "sorry, bye" message, reset his password, and then he may try to do it again with a new letter.

This solution lacks necessary checks, e.g.:
if( OFF == config_get( 'lost_password_feature' ) ||
OFF == config_get( 'send_reset_password' ) ||
OFF == config_get( 'enable_email_notification' ) ) {
trigger_error( ERROR_LOST_PASSWORD_NOT_ENABLED, ERROR );
}
// ...
if( user_is_protected( $t_user_id ) ) {
trigger_error( ERROR_PROTECTED_ACCOUNT, ERROR );
}

if( !user_is_lost_password_request_allowed( $t_user_id ) ) {
    trigger_error( ERROR_LOST_PASSWORD_MAX_IN_PROGRESS_ATTEMPTS_REACHED, ERROR );
}

// ...

And has some weaknesses such as unnecessary filling fields on the account_page.php etc.

It also has to be included to the config file as an option - to show terms and to disable it.

But that's the general idea I suggest.

TagsNo tags attached.

Activities

watergad

watergad

2009-11-02 14:37

reporter   ~0023548

Kso! One issue ID later! (:
vboctor

vboctor

2009-11-04 22:03

manager   ~0023576

This looks to me like a good candidate for a 1.2.x plugin. I would expect users to accept the terms on first login in scenarios like:

  1. Admin creates an account, then user logins in for first time.
  2. User signs up, and verifies their account.
  3. User login via http basic or LDAP and account gets auto-created.

We should make sure that there is an on first login event which triggers on all these scenarios.