Extension:ConfirmAccount

The ConfirmAccount extension disables direct account creation and requires submission and approval of accounts by bureaucrats. Account creations can be enabled through configuring user rights, such as if you wanted Sysops/Bureaucrats to be able to directly make them.

If installed with the ConfirmEdit extension, captchas can be used to stop flood requests.

The new user log extension also works with ConfirmAccount.

Setup

 * Download the extension from SVN
 * Run the SQL query, substituting in your wiki's table prefix. ConfirmAccount.pg.sql is for PostgreSQL, and ConfirmAccount.sql is for MySQL.
 * Add the  line to LocalSettings.php.
 * Make sure that  is true in localsettings and you have a working email system.

Configuration
Several variable definitions can be added to localsettings.php:


 * - Replace the new users' new pages with their biographies.
 * - Replace the new users' talk page with a welcome message. Configurable at MediaWiki:Confirmaccount-welc.
 * - Used to force usernames to use real name only.
 * - Whether to keep rejected request for some time or not.
 * - How long to keep rejected requests.
 * - How many requests can come from an IP per day. Only matter if throttling is on.
 * - Minimum biography length.

The default values are in SpecialConfirmAccount.php

Sysops can still directly create accounts. To disable this, add: to localsettings.php

Use

 * 1) As a bureaucrat (or other user with the confirmaccount permission), browse to Special:ConfirmAccounts
 * 2) Click approve/reject
 * 3) You will see the whole form with the users' data. Carefully review the form, and proceed to creating the account or rejecting the request.
 * 4) If you chose to create the account, the user's biography will become their userpage and the userpage will be automaticaly created with the default summary of Creating user page with biography of new user.

Issues

 * Older versions of MediaWiki may not show the link to Special:RequestAccount at the user login form. You can edit MediaWiki:loginprompt to remedy this.
 * Name collisions: account creations will be checked and stopped if it collides with a pending name. Requests are checked for pending/account name collisions too.
 * AuthPlugin stuff: If a central login is used, when accounts are confirmed and made, we may get name collisions if each wiki of the farm lets you request accounts on it. Collisions are dealt with by picking a new name.
 * Password hashes may be salted with user IDs, which request accounts don't yet have. The password can only be made when the account is created. Sites that don't use system emailing will not be able to use this extension likely.