Extension:ConfirmAccount

The ConfirmAccount extension disables direct account creation and requires submission and approval of accounts by bureaucrats. Account creations can be enabled through configuring user rights, such as if you wanted Sysops/Bureaucrats to be able to directly make them.

If installed with the ConfirmEdit extension, captchas can be used to stop flood requests.

The new user log extension also works with ConfirmAccount.

Setup

 * Download the latest snapshot and extract it to your extensions directory. If you are not running MediaWiki 1.14+, select the snapshot for your version of MediaWiki.
 * Run the SQL query, substituting in your wiki's table prefix. ConfirmAccount.pg.sql is for PostgreSQL, and ConfirmAccount.sql is for MySQL. That is, find whichever of those two files, and send a query that creates the account_credentials and account_requests tables, with /*$wgDBprefix*/ replaced according to whatever is appropriate.
 * ''Please add some explanation, or some links to manuals; how to do this?
 * Add the  line to LocalSettings.php.
 * Make sure that  is true in localsettings and you have a working email system.
 * Make sure '../extensions/ConfirmAccount' is readable (for CSS)

Configuration
There are several configuration variables that can be adjusted in localsettings.php. The default values are in SpecialConfirmAccount.php (but you should not edit that file).

Sysops can still directly create accounts. To disable this, add: to localsettings.php

If only logged-in users are allowed to view pages, make sure you add the request account page to $wgWhitelistRead. For example:
 *  In other languages you have to replace "Special" and "Main Page" with the words that are used instead of special in your language like "Spezial" and "Hauptseite" in a German wiki, otherwise nobody will be able to create an account.

To further categorize users based on their interests, you can set up MediaWiki:Requestaccount-areas. This should be in a format like:
 * *Topic|Topic wiki page|text to append to all interested users' bios |text to append to all interested users' bios in group0|text to append to all interested users' bios group1|text to append to all interested users' bios in group2|...

These group numbers are based on. So if 0 is the index for 'authors', then 'authors' interested in a topic will have the group0 text appended to their biography. This can be useful, say, if users can be approved as either authors or editors. Authors can have "category:X authors" where X is a topic, like "mathematics", and editors can have "category:x editors". You can have as many groups as you want, but you need at least one.

Use

 * 1) As a bureaucrat (or other user with the confirmaccount permission), browse to Special:ConfirmAccounts
 * 2) Click Review
 * 3) You will see the whole form with the users' data. Carefully review the form, and proceed to creating the account or rejecting the request.
 * 4) If you chose to create the account, the user's biography will become their userpage and the userpage will be automatically created with the default summary of Creating user page with biography of new user.

Known issues

 * Do not set $wgGroupPermissions['*']['createaccount'] to true in LocalSettings, it will override the request login and allow users to sign up without confirmation.
 * Do not set MediaWiki:Requestaccount-areas/xx where xx is a language code, the first part of each line is used as the keys to store in the DB for the items account requesters check.
 * Older versions of MediaWiki may not show the link to Special:RequestAccount at the user login form. You can edit MediaWiki:loginprompt to remedy this.
 * Name collisions: account creations will be checked and stopped if it collides with a pending name. Requests are checked for pending/account name collisions too.
 * AuthPlugin stuff: If a central login is used, when accounts are confirmed and made, we may get name collisions if each wiki of the farm lets you request accounts on it. Collisions are dealt with by picking a new name.
 * If your email client loses its mail data before sending it out, users will not get their passwords but may have an account. Since no one knows the passwords, you may want to use Extension:Password Reset to send them new ones.
 * If only a few people view the confirm accounts page, the randomly triggered pruning of old request will not trigger often, so old rejected requests may persist.
 * Integration with LDAP Authentication extension

External link

 * Citizendium's account request form (ConfirmAccount and ConfirmEdit are enabled)
 * Hindupedia's account request form (ConfirmAccount is enabled)