Extension:ConfirmAccount

The ConfirmAccount extension disables direct account creation and requires submission and approval of accounts by bureaucrats. Account creations can be enabled through configuring user rights, such as if you wanted Sysops/Bureaucrats to be able to directly make them.

If installed with the ConfirmEdit extension, captchas can be used to stop flood requests.

The new user log extension also works with ConfirmAccount.

Setup

 * Download the extension from SVN
 * Run the SQL query, substituting in your wiki's table prefix. ConfirmAccount.pg.sql is for PostgreSQL, and ConfirmAccount.sql is for MySQL.
 * If you don't currently have it, download the ExtensionFunctions.php file and copy it to the extensions directory, e.g. YourWikiSite/wiki/extensions. If, after installation, you are getting file access errors for these scripts, this is a likely source of the problem.
 * Add the  line to LocalSettings.php.
 * Make sure that  is true in localsettings and you have a working email system.
 * Note,  not tested for MW < 1.11.

Configuration
Several variable definitions can be added to localsettings.php:


 * - Replace the new users' new pages with their biographies.
 * - If the above is set on, this text is appended to the end of each user's automatic user page text.
 * - Replace the new users' talk page with a welcome message. Configurable at MediaWiki:Confirmaccount-welc.
 * - Used to force usernames to use real name only.
 * - How long to keep rejected requests.
 * - How many requests can come from an IP per day. Only matter if throttling is on.
 * - Minimum biography length.
 * - Show the Terms of Service checkbox on the request form and require it to be checked to submit.
 * - Show the extra confirmation fields like resume/contacts/urls.
 * - Whether to allow users to attach a file to their request.
 * This has no effect if $wgAccountRequestExtraInfo is set to false.
 * - The file types that users are allowed to upload.
 * This has no effect unless $wgAllowAccountRequestFiles is set to true;
 * - A key/value map that contains the directory, url, and hash of the account request attachment storage location. The default value should work by default as long as MW is able to create folders with the correct permissions in the /images directory.
 * - An array, with integer keys, of arrays. These arrays are of the form (subpage param, user group). The subpage param is used to separate the queues when browsing Special:ConfirmAccount. The user group lets people approved to a certain position start of with a corresponding user group. You can still grant any position to anyone, regardless of what they applied for, however.
 * - Should the applicant's information be saved and accessible via Special:UserCredentials for users with the 'lookupcredentials' right.
 * - similar to $wgFileStore['accountreqs'] above but for permanent storage.

The default values are in SpecialConfirmAccount.php

Sysops can still directly create accounts. To disable this, add: to localsettings.php

If only logged-in users are allowed to view pages, make sure you add the request account page to $wgWhitelistRead. For example:
 *  In other languages you have to replace "Special" and "Main Page" with the words that are used instead of special in your language like "Spezial" and "Hauptseite" in a German wiki, otherwise nobody will be able to create an account.

Use

 * 1) As a bureaucrat (or other user with the confirmaccount permission), browse to Special:ConfirmAccounts
 * 2) Click approve/reject
 * 3) You will see the whole form with the users' data. Carefully review the form, and proceed to creating the account or rejecting the request.
 * 4) If you chose to create the account, the user's biography will become their userpage and the userpage will be automatically created with the default summary of Creating user page with biography of new user.

Issues

 * Older versions of MediaWiki may not show the link to Special:RequestAccount at the user login form. You can edit MediaWiki:loginprompt to remedy this.
 * Name collisions: account creations will be checked and stopped if it collides with a pending name. Requests are checked for pending/account name collisions too.
 * AuthPlugin stuff: If a central login is used, when accounts are confirmed and made, we may get name collisions if each wiki of the farm lets you request accounts on it. Collisions are dealt with by picking a new name.
 * If your email client loses its mail data before sending it out, users will not get their passwords but may have an account. Since no one knows the passwords, you may want to use Extension:Password Reset to send them new ones.
 * If only a few people view the confirm accounts page, the randomly triggered pruning of old request will not trigger often, so old rejected requests may persist.