It sucks a little bit when you come to a site and find that your favorite username is already taken. It sucks a LOT when you find that your favorite username is taken, but that the old user never posted a single thought, never logged in after the first day, and it's been four years since they've even thought of the site.

My personal preference would be to have a culling process for abandoned names. I've mentioned that I implemented something similar on a trivia quiz game.

• keep the name forever if they've ever achieved rank 2
• keep the name for five years if they've ever posted a single node, question or reply
• keep the name for a year if they've ever voted on a poll or used the chatterbox
• keep the name for six months if they actually log in
• send an email a week before the name is about to be culled
• assign any old writeups to a user called 'the long departed' or something similar
• cull the name, allowing it for future signups

Pass all existing monk signups through this filter and I bet you end up culling at least 80% of all existing monks. Someone showed stats to this effect in previous discussions.

And secondly, please mark up the list of recent sign-ups with something css-able. The single column <table> there is useless. CSS-like would include a useful classname for each section, and <li> for each element. Then the default style could make them wrap in a grid-style. Users can also change that to make them show up in a smaller font, or hide them altogether.

As for me, I came here at Mar 09, 2003, found this place scary (too advanced) and started learning Perl from the book. My first post was at Dec 10, 2004. In the meantime I did not login.




holli, /regexed monk/

Hi, this is a low-priority item on my (and quite possibly other gods) todo-list. Its a low priority because it doesnt really have a signifigant impact on the site, its just a point of frustration for new users that want their specific handle.

Its also low priority because the proper solution is to change the user creation and that requires a fair amount of work to do, for very little payoff as no pmdevil stands to personally profit from doing it as they already have accounts that presumably they are happy with. Whats to stop this becoming a site issue? Nothing really, but the gods would eventually notice and then we'd update the site to prevent it. So really all that somebody would do is waste their own time to force us to re-prioritize our todo-list and resolve the problem once and for all.

BTW, if you can tell me via email what the user account was and what the details were that you did enter, I can fix the account to allow you to use it. Well, i can if you can provide sufficient details to convince me you arent hacking someones account. :-)

Updated:And the user is all sorted now...

Well, i can if you can provide sufficient details to convince me you arent hacking someones account

In this case, you'll likely be able to tell that from the information on the account itself, since he didn't finish typing the email address; thus, it won't just be undeliverable, but will probably point to a non-existent domain, if it's even syntactically valid.

Well, nothing prevents anyone from creating as many accounts as they want. However, setting up each account takes some time - it's labor intensive. It would be pointless as well. Right now the invalid accounts aren't deleted, because there has been no need for it. The hassle caused by a few bogus accounts doesn't justify the hassle of cleaning them up. I suppose if they become a problem, the gods will take care of it.

Only to a level. With reasonable knowledge of socket programming and SMTP protocol, it is very easy to write a TCP socket server listening port 25 with limited SMTP functionality to work with your validation process.

If that's the case why should you worry?

How can you create an invalid account if it is invalid? The system shouldn't delete it, as it shouldn't be created in the first place ...

How can a Vandal create as many accounts as he wants? and what do you understand by a Vandal? I wouldn't let a "system" detect a vandal if i don't know what a vandal is ....

reply by original author of question: The question is asked because I tried to create a new account.
I accidentally clicked on "submit" before completing the entire e-mail address. (only a portion was entered)
The system now recognizes the new user name, but it can never be logged into because there is no way to access the password.
The question was posed as stated because I can see that this could/would be a problem if this occurred on a large scale and there were no corrective action taken, like removing the user name if the e-mail containing the password bounced.
A Vandal is defined for purposes of this discussion as Someone who creates a large number of user names for no particular reason.

A Vandal is defined for purposes of this discussion as Someone who creates a large number of user names for no particular reason.

So if someone creates a lot of user names with the intent to bring this site down he is no Vandal?

See about Vandals and vandalism: Wikipedia

CountZero

"If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

Maybe I'm missing the point here, but:

• If the e-mail wasn't complete, like: foo@bar the system shouldn't accept it.
• The other case is foo@bar.com instead of baz.foo@bar.com but I don't think this is the case.

Also, if the system accepted your e-mail address as valid for creating an account, the issue is that it didn't asked you for a password ... how come? As you said that it doesn't validate the password ... who generates the password?

Dodge This!

I've been thinking about this for a bit as part of a system I've been working on. Obviously the only thing you can tie a user to is their email address.

I'm thinking along these lines: when you register, your account is marked 'provisional' until you log in at least once, and maybe do somthing like post, change password from the random one that was given ... if it is still provisional after say one month, delete it. To me it makes sense to do this, all part of trying to keep meaningless data out of the system.

I think that once someone has used the system once, you are pretty much honour bound to keep the account open.

These little glyphs that give non-machine readable digits to be included in the membership app are good too. Seem to remember seeing something on CPAN to do that, might be wrong.

Something like you mention is what many forums use.

You enter a user name, password, e-mail address and you receive an e-mail with a link to validate your account.

re: "These little glyphs that give..." Those are used by sites that have been badly burned by spam and do a pretty good job but are not completely foolproof. There are some packages that do Char. recognition, designed to get past that. Doesn't seem to be that big a problem here.

But a small change to the "create" process might clean things up a little.

Roy