Ask users to confirm their email address once per year (for account recovery)

Steffen

Well-known member
Some users have disabled email notifications and registered many years ago with an email address which they don't have access to any longer. Should they forget their password they therefore won't be able to reset it. They regularly try to contact support but we cannot verify whether it's really them or whether someone intentionally or unintentionally requests access to a foreign account.

It would be nice if XenForo had an option to ask users once per year (maybe make this configurable) whether their email address is still valid. This confirmation shouldn't require clicking a link in email. It should just be a notice shown on the website "Is foo@example.org still your current email address? [button yes] [link to change email address]" (similar to Google, Twitter and other services).
 
Upvote 31
This would be very easy to achieve if the Notices System would expose more variables, especially $visitor.
43545269982_60042297ee_o.png
 
Maybe XenForo could include the following small patch to achieve what @S Thomas suggested? :)

Diff:
--- a/src/XF/NoticeList.php
+++ b/src/XF/NoticeList.php
@@ -64,6 +64,7 @@ class NoticeList
     protected function getTokens()
     {
         return [
+            '{email}' => $this->user->user_id ?  htmlspecialchars($this->user->email) : '',
             '{name}' => $this->user->user_id ?  htmlspecialchars($this->user->username) : \XF::phrase('guest')
         ];
     }
 
Another positive vote for this.

I am pleased the thought of configurable option was mentioned, although if it is user based they ideally should not be able to set it longer than a year and say no more often than once every month (or two/three months) , same I think if its an admin option.

All I'm saying here is I'm not sure if it was a user option if they should be allowed to turn it off, maybe. I can simply see a situation where a user turns it off not really paying attention to what they are doing (as per usual sometimes it happens) then it is usually the case of "Murphy's Law" that it is one of those who has disabled it who actually needs it. :D

Ultimately being asked once every 365/366 days to confirm your mail via a single click is not too much bother nor spammy.
 
By saying "maybe make this configurable" I didn't mean "configurable by the user" but "configurable by the admin (for the whole site)". :)
I'd concur that is probably best, as I say the chances are if the members have an option to completely turn it off ( and once a year is not -too much / too often- to confirm your mail via a simple click for anyone :) ) , it will be those who actually need it, well probably. You know how things can work out.
 
Good idea!

This mod actually helps, in that, members may not like logging in with a defunct email. Not exactly a fix, but it does help:

 
Nothing in that add-on says it checks for validity of the email. All it does is disable login with username.
... which does indeed help to remind users to update their email. If I do not use any email notifications and always login with my username I might forget that my email address is outdated. But if I have to login with my email address the chance of noticing that it is outdated is much higher.
 
Top Bottom