I’ve been thinking about the invite workflow and I have the following suggestions. Let me know what you think.
Invitees shouldn’t have to confirm email address. The only way they got to the forum was reading an undisclosed token in their email.
email_domains_blacklist should be used to validate invite emails. The inviter should know that email cannot be used.
We could create a notification when creating invitee accounts to instruct them to define username and password before leaving. That could avoid some confusion later on, when they try to login again.
Maybe we could send a different welcome message to invitee accounts, adding some information related to their condition. The password definition being one of them. Stating that they were referred and that is reflected in our trust and that their actions would also affect the inviter’s reputation. [welcome_invite already has a different template.]
The inviter should be able to invite more than one person at once. Maybe a email list separated by commas with a clear limit.[conflicts with 6]
The inviter could provide the invitee name when creating an invite. Starting the email with the inviter’s name may increase the likelihood of the invitees opening the email.
Use the inviter name instead of username in the email template and address. Invitees may not recognize the inviters username.
The private message(Welcome message) sent when the invitee accepts the invitation could be signed by the inviter, instead of the system. Aside from being more personal, the invitee is readily presented with the inviters account, making it easier for them to begin conversations inside discourse.
Good idea as long as that’s the email address they want to use, or if they can change it.
Good idea, no point in sending an invite to someone only to have them not get in.
Excellent point When I invited some test accounts for the SitePoint site I didn’t understand how it worked and missing this led to some confusion. Once I knew what to do it was easy enough that it seemed obvious, but before I knew …
I was surprised when I learned my invitees were jumped straight to TL 2. I’m not sure the info is important as they’ll simply see more features. First I’ve heard about invitee misbehavior affecting the inviter.
While having a TL does imply a certain errmm level of trust, my “introduces potential abuse problems” flag gets raised.
I believe this has been fixed since after you posted this topic. I just tested the workflow and I was logged in directly without needing to confirm my email.
Implemented:
On it!
This can be done now by using Disposable Invite Tokens:
Implemented via:
Not sure if this is the correct approach. Any feedback here @codinghorror.