Jump to content

Extension:ConfirmAccount

From mediawiki.org
MediaWiki extensions manual
ConfirmAccount
Release status: stable
Implementation User identity , Database , Special page
Description Requires submission and approval of accounts.
Author(s) Aaron Schulztalk
Compatibility policy Snapshots releases along with MediaWiki. Master is not backward compatible.
MediaWiki >= 1.37.0
Database changes Yes
Tables account_requests
account_credentials
License GNU General Public License 2.0 or later
Download
README
  • $wgAutoWelcomeNewUsers
  • $wgAccountRequestTypes
  • $wgConfirmAccountNotice
  • $wgConfirmAccountCaptchas
  • $wgConfirmAdminEmailExtraFields
  • $wgConfirmAccountRequestFormItems
  • $wgConfirmAccountContact
  • $wgAccountRequestExts
  • $wgAccountRequestThrottle
  • $wgConfirmAccountFSRepos
  • $wgRejectedAccountMaxAge
  • $wgConfirmAccountSaveInfo
  • $wgConfirmAccountSortkey
  • $wgAutoUserBioText
  • $wgAccountRequestWhileBlocked
  • $wgConfirmAccountRejectAge
  • $wgMakeUserPageFromBio
  • confirmaccount
  • confirmaccount-notify
  • requestips
  • lookupcredentials
Quarterly downloads 174 (Ranked 34th)
Public wikis using 953 (Ranked 279th)
Translate the ConfirmAccount extension if it is available at translatewiki.net
Issues Open tasks · Report a bug

The ConfirmAccount extension disables direct account creation and requires the approval of new accounts by a bureaucrat. Direct account creation can still be enabled (if you want Administrators /Bureaucrats to be able to directly make them) by configuring User rights .

The ConfirmEdit extension can be used (in conjunction with the ConfirmAccount extension) in order to use captchas to stop flood requests (since version 1.39).

Installation

  • Download and move the extracted ConfirmAccount folder to your extensions/ directory.
    Developers and code contributors should install the extension from Git instead, using:cd extensions/
    git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/ConfirmAccount
  • Add the following code at the bottom of your LocalSettings.php file:
    wfLoadExtension( 'ConfirmAccount' );
    $wgGroupPermissions['*']['createaccount'] = false; // REQUIRED to enforce account requests via this extension
    $wgGroupPermissions['bureaucrat']['createaccount'] = true; // optional to allow account creation by this trusted user group
    
  • Run the update script which will automatically create the necessary database tables that this extension needs.
  • Further configure as required.
  • Ensure the wiki has write permissions on $wgUploadDirectory .
  • Please also note the known issues, because they may affect your wiki.
  • Yes Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

Configuration

Optional

There are several configuration variables that can be adjusted in LocalSettings.php , after wfLoadExtension('ConfirmAccount');

See part "config" in extension.json for all the variables that can be set.

Extension by default use content of the person's bio as default content for userpage. This behavior can be disabled, if $wgMakeUserPageFromBio = false;
To disable the biography in form, set $wgConfirmAccountRequestFormItems['Biography']['enabled'] = false;
By default, a 6 word biography is required for the new user to submit the request form. To adjust this requirement, e.g. for 10 words set $wgConfirmAccountRequestFormItems['Biography']['minWords'] = 10;
Sysops can still create accounts directly, if not disabled by set
$wgGroupPermissions['sysop']['createaccount'] = false;
If only logged-in users are allowed to view pages, make sure you add the request account page to $wgWhitelistRead .

For example:

$wgWhitelistRead = [
    'Special:RequestAccount',
    'Main Page'
];
In other languages you have to replace "Main Page" and "Special:RequestAccount" with their local names, for instance "Hauptseite" and "Spezial:Benutzerkonto_beantragen" in a German wiki.

To further categorize users based on their interests, you can set up MediaWiki:Requestaccount-areas. This should be in a format like:

*Topic|Topic wiki page|text to append to all interested users' bios |text to append to all interested users' bios in group0|text to append to all interested users' bios group1|text to append to all interested users' bios in group2|...

These group numbers are based on $wgAccountRequestTypes. So if 0 is the index for 'authors', then 'authors' interested in a topic will have the group0 text appended to their biography. This can be useful, say, if users can be approved as either authors or editors. Authors can have "category:X authors" where X is a topic, like "mathematics", and editors can have "category:x editors". You can have as many groups as you want, but you need at least one.

Minimal

To attempt to prevent spam, instead of captchas, blacklists and filters; manually moderate new user registrations, with a simpler Request account. Requesting only a username, email address and brief message. Add the following to LocalSettings.php after the line require_once "$IP/extensions/ConfirmAccount/ConfirmAccount.php";.

 $wgMakeUserPageFromBio = false;
 $wgAutoWelcomeNewUsers = false;
 $wgConfirmAccountRequestFormItems = [
 	'UserName'        => [ 'enabled' => true ],
 	'RealName'        => [ 'enabled' => false ],
 	'Biography'       => [ 'enabled' => false, 'minWords' => 50 ],
 	'AreasOfInterest' => [ 'enabled' => false ],
 	'CV'              => [ 'enabled' => false ],
 	'Notes'           => [ 'enabled' => true ],
 	'Links'           => [ 'enabled' => false ],
 	'TermsOfService'  => [ 'enabled' => false ],
 ];

Optionally tweak system messages: requestaccount-text, requestaccount-notes, requestaccount-ext-text, requestaccount-acc-text.

Usage

Interaction diagram of a successful account creation process.
Confirming account requests on Special:ConfirmAccounts (beta form)
  1. As a bureaucrat (or other user with the confirmaccount permission), browse to Special:ConfirmAccounts
  2. Click Review
  3. You will see the whole form with the users' data. Carefully review the form, and proceed to creating the account or rejecting the request.
  4. If you chose to create the account, the user's biography will become their userpage and the userpage will be automatically created with the default summary of Creating user page with biography of new user.
  5. After an account is created, the data input by the user at the time of the request can be referred to by typing the username at Special:UserCredentials
In order for bureaucrats to get notified of pending requests you need to set an email / mailing list in LocalSettings.php:
$wgConfirmAccountContact = 'Bureaucrat@domain.com';

Sending notification email to multiple users

This extension allows sending emails to multiple approvers to confirm the account if these users have the confirmaccount-notify permission. This is in addition/alternative to the $wgConfirmAccountContact setting.

This can be achieved (for instance for bureaucrats) by providing them this permission by adding the following to the LocalSettings.php file:

$wgGroupPermissions['bureaucrat']['confirmaccount-notify'] = true;

Enhancements

Pruning Frequency

To combat robot-requests, default settings prevent rejected email accounts from re-requesting an account for a random period of time after rejection. If you want rejected emails to be able to re-request accounts immediately after rejection, or after a fixed wait-time (days, weeks, months, or even years after rejection), apply the following 2 steps:

1) In the LocalSettings.php file, after required declaration, set Rejected-Age to 0 (for immediate expiration on rejection), or to your desired wait-time, in seconds:

wfLoadExtension( 'ConfirmAccount' );
$wgRejectedAccountMaxAge = 0;

2) Add one line to the file /frontend/specialpages/actions/RequestAccount_body.php at the very end of the function showForm() which shows the Request form, to force pruning right before any new request:

original code:

$out->addWikiMsg( 'requestaccount-footer' );
}

new code:

$out->addWikiMsg( 'requestaccount-footer' );		
# PRUNE
ConfirmAccount::runAutoMaintenance();
}

If you would like to add a "Request account" login link, the latest version of the extension already adds it for you. However, if that doesn't work, you will need to update to the latest version of your branch of ConfirmAccount from Git. For instance, if you are using MediaWiki 1.35, you should stay on the REL1_35 branch but pull from Git to retrieve the latest changes.

Known issues

  • If $wgEmailConfirmToEdit = true; is set users will need to confirm their email twice before being able to edit. See task T182337 for further information.
  • Do not set/create MediaWiki:Requestaccount-areas/xx where xx is a language code, the first part of each line is used as the keys to store in the DB for the items account requesters check.
  • Older versions of MediaWiki may not show the link to Special:RequestAccount at the user login form. You can edit MediaWiki:loginprompt to remedy this.
  • If your email client loses its mail data before sending it out, users will not get their passwords but may have an account. Since no one knows the passwords, you may want to use Special:ResetPassword to send them new ones.
  • If only a few people view the confirm accounts page, the randomly triggered pruning of old requests will not trigger often, so old rejected requests may persist. This prevents email addresses from re-requesting accounts for an unknown time period. You can override this behavior, and allow immediate re-requests, by forcing prune right before any new Request is submitted. Instructions here.
  • Extension is not working anymore with mediawiki 1.43; see here

Troubleshooting

Notification emails do not get sent

If you are testing, note that a user must first confirm their email address through the link emailed to them, and then the email will be sent to the bureaucrat to confirm the account.

Make sure that setting(s) related to extension are introduced after the require_once line. Not before, otherwise extension doesn't see these settings and they fail silently. e.g.

wfLoadExtension( 'ConfirmAccount' );
$wgConfirmAccountContact = "admin@example.com";

Also note that when using the confirmaccount-notify setting, that each user in the group (e.g. sysop) will not receive notices unless their Email options in Special:Preferences allow "Allow other users to email me" and that they have confirmed their email address within the same form.

See also