something like this would be better for someone submitted register form with a wrong email address…
my previous user database is not require email verification, many of users input wrong email, now i want to force all of them do verification but give them a chance to edit email before they can login.
Whenever you change the email address in this dialog, another confirmation email will be sent. It looks like a way to do email bomb attack…
Discourse identified a user by email. It’s hard to change email address when you are not a user (when you don’t have an identity). Looks like by design IMO.
However, as an logined user, you may change your email address. Or whatever, sign up again with right email address. Taken username is under control of admins. A registered user may talk to staffs to tweak it.
“email bomb attack” thing could make by normal register too. if there is access rate limit for register, just do same thing for confirmation email resent.
event inactive user has identity. they try login using username or previous email, and a password. they can be used for auth.
my users is imported, which is not require confirmation before, lots of users inputed wrong email address. let every of them contact admin is impossible.
People very rarely make that mistake though, so why add cognitive load to the vast majority of users to cover that edge case? I think it’s better to just let users change their emails afterwards.
I definitely agree with you. One thing we could and should do is detect common email typo errors, like gnail.com or similar. That’d be helpful. Question is, what’s a common typo…
We don’t get many typoed emails but do get quite a lot of people who try to register with phony email addresses first (for privacy or spam reasons I guess). Then after they realize it doesn’t work, they re-register with a working email. Biggest problem is they then have to come up with another username since their preferred one is now taken so they pick something like username1 or username123. Makes for a lot of ugly usernames. The sign up flow could be a lot better here though.