[buddypress-trac] [BuddyPress] #4132: Upload profile image at activation

buddypress-trac at lists.automattic.com buddypress-trac at lists.automattic.com
Fri Apr 20 13:59:06 UTC 2012 

#4132: Upload profile image at activation
-------------------------+------------------------------
 Reporter:  sooskriszta  |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Core         |     Version:  1.5.4
 Severity:  normal       |  Resolution:
 Keywords:  2nd-opinion  |
-------------------------+------------------------------

Comment (by sooskriszta):

 Facebook uses the "old BP" technique of uploading images on registration,
 before even sending out an activation link. If you click on activation
 link, you are already logged in.

 hi5 has a similar method. When you click on activation link, you find that
 you are already logged in.

 In Twitter, when you register, you are logged into your account (and you
 can add photos, edit profile, etc). Then an activation email is sent to
 you. If you click on activation email, you find yourself already logged
 in.

 If you click on Activate link in Meetup, you find that you are already
 logged in.

 etc.

 But @boonebgorges, after your explanation, I understand your the security
 concerns a bit better. I think the 1st of the 2 workflows in my above
 message could be a good solution...

 When I register for a BBPress site, I am logged in immediately (and my
 login times out in 30mts upon inactivity). But I don't have access to the
 major functions of the site. I receive an activation email. If I click on
 the activation email immediately, I find that I am already logged in, and
 am prompted to upload a profile picture.

 If on the other hand, I am timed out, and then click on activation link,
 then after activation, I should be asked to log in manually. In that case,
 (because experience shows that % of people that fall in this category is
 so low) this should be a normal login, and user need not be prompted for
 any action.

 Eitherway, I think the activation code should be short-lived. It should
 not last more than a couple of hours and definitely not longer than 1 day.
 After all, there's always the "resend activation email" fuctionality,
 which should always expire the old code and send a new one...

-- 
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4132#comment:5>
BuddyPress <http://buddypress.org/>
BuddyPress

More information about the buddypress-trac mailing list