Recently in 2.9.0beta2 users that already have an account can click invite links. But I generated invite links can click them it said I invited myself and because I am TL2+ and I clicked 5 different invite links of mine I received the Champion badge. You can see a screenshot below of it below. These are in the Replit EDU forums and you can view my profile here.
Reach TL2+ (by default) make invite links that you then click. It will say that you invited yourself on your profile and that you accepted your invite as shown above. And if you enough invite links you will receive the Campaigner and Champion badges.
This bug is now fixed. Thanks again @not-ethan for reporting it! If you notice anything at all wrong with the invite system, do let us know. We’re actively working on it.
there’s a bug in which you can create an invite code and redeem it yourself, doing this you can get the invite badges, which is annoying. This was mentioned by @not-ethan and a pull request was made, but the bug is still active. My idea was if someone uses an invite code for the web, but that person is logged it make the code fail!
Thanks for bringing this up again, Urias. We are seeking to not touch the invite system too much at the moment, because it is complex and making changes can have unintended and unplanned consequences.
Is there any way we could sidestep this problem by changing how the badge is awarded? E.g. if the person redeeming the invite is already a member, do not award the campaigner badge to the person who created the invitation?
This seems to me to be a problem that likely has existed for a long time and gone unnoticed. Another answer might be to treat this as “do nothing, works by design” and leave it to community moderators to address it if they are concerned by people abusing this method to get more badges.
My SQL probably needs checking , but I believe you could add this line to the badge query to stop it being granted to people who have invited themselves - AND i.invited_by_id <> u2.id
So something like this:
SELECT u.id user_id, current_timestamp granted_at
FROM users u
WHERE u.id IN (
SELECT invited_by_id
FROM invites i
JOIN invited_users iu ON iu.invite_id = i.id
JOIN users u2 ON u2.id = iu.user_id
WHERE i.deleted_at IS NULL
AND i.invited_by_id <> u2.id
AND u2.active
AND u2.trust_level >= 0
AND u2.silenced_till IS NULL
GROUP BY invited_by_id
HAVING COUNT(*) >= 1
) AND u.active AND u.silenced_till IS NULL AND u.id > 0 AND
(:backfill OR u.id IN (:user_ids) )
Cool! I haven’t played with the badge system in a while but looking now I don’t see the invites related badges in the admin>badges UI. Maybe these are system badges that have to be edited in core discourse?