I notice that I can signup for site membership without actually owning the email address provided. While a confirmation email is sent, clicking the link in the email does not confirm the address. You can simply sign into the site as soon as you are approved.
I can’t find a way to require email verification. Am I missing something here?
I am trying to build a private site that has private info on it. If someone knows an email address of someone who is likely to be approved, they can simply gain access to the site with that email. This is highly insecure.
Am I missing something here?
It seems that the only solution is that the admin must manually contact each applicant by email to confirm the address.
Then you need to make your own logic and a two step verification system where you will check the user id and email in another Data Collection. If they are not verified you can send a Triggered Mail to them with a link inside and a dynamic parameter that will be checked. Then you must also make some control mechanism for logged in users so that only verified users can see pages.
Sending a triggered email to them to say if you didn’t just register to the site, let me know was my first thought. However, the limitations to the trigger email system means some has to manually field the response and then block the account. Then what if the person who owns the address tries to register…
Not pretty.
After looking at all the code options I have possibly discovered a path to do it right:
Custom registration page, gets email and password minimum
Validate input (proper email, pwd length minimum)
Call backend code to process registration
backend code encrypts the data, creates a url link that points back to an html function in the backend, then puts the link into an html email body, and sends the email via a 3rd party emailer to the registering user.
User gets the email, clicks the link to verify
Html function is called, decrypts the user data, re-validates it, then registers the user, then forwards them to a welcome page.
@capollonia
I did get it to work. It was a long involved process and not for the faint of heart. It is too complex to explain in a way you could could simply copy some code.
It involves writing a landing page for logins, a registration page for registering, a backend module for getting the registration info and processing it, a backend javascript library for encrypting the registration data to be sent in the verification email, a backend node module for adding the ability to send an email, a router page for getting the registration data sent by the link in the email, then code in that validation page to finally register the user.
In addition, I implemented a private members database to store contact data and other data for each user in order to be able to access that data by code. It also allows me to determine if someone who is already a member is trying to register again.
Also added a whitelist of email addresses so I can pre-approve people. Also have a database of user emails from a previous site to use in a similar way, to allow them to register without waiting for someone to go let them in.
See a solution that works here , except that the wixUsers.emailUser only works for users who are already logged in, as described here and here . I worked around this by using third party email (there’s a mailgun.js module readily available)
