Account creation user experience/SignupAPI

has jQuery (mostly) JS to:

• passwordStrength() to evaluate password
• checkRetype() for second password entry match,
• checkUsername() just complains if username not entered

It also makes an $.ajax post query to the SignupAPI's API to validate fields.

HTML5 has email fieldtype to do it for free on recent browsers.

ApiSignup.php edit

Given a lot of API signup parameters, calls its own addNewAccountInternal() function.

It then runs some hooks for AddNewAccount, UserLoginComplete, and BeforeWelcomeCreation. These might generate some welcome HTML, not sure how this gets returned to the caller.

ApiValidateSignup.php edit

(Same comment as ApiSignup, "Unit to create accounts in the current wiki", which is wrong)

This validates a single field: username or email or passwordLength (sic), returning a result message (good or bad) and icon (Checkmark or no mark), e.g.

 Object { result= "E-mail address is invalid" ,
          icon="MW-Icon-NoMark.png"
 }

It calls MW User class static functions like User::isValidUserName and User::isValidEmailAddr() and checks password length against a global.

Comments: password length check should be performed on the client by having server pass down $wgMinimalPasswordLength; the PHP code shouldn't encode the failure icon, it seems that should be up to CSS code; the JSON should return an unambiguous pass/fail status, e.g. array of failure conditions.

other edit

Adds some sourcetracking hooks in a SignupAPIHooks.

This works but has bugs.

ISSUE: for ACUX experiment, we don't want to add another special page. If so we want to hide it.

It has an Ajax mode that gives feedback on each field It triggers the same UserCreateForm hook as the current Special:UserLogin?type=signup

BUG: I created an account, it seemed to work, but got a reddish error box

Login error
The user account was not created, as we could not confirm its source. Ensure you have cookies enabled, reload this page and try again.

However, upon this failure, all the form fields were empty except for user name. It seems the server error doesn't repopulate the form?

I re-entered form info for the same username and got a reddish error box

Login error
Username entered already in use. Please choose a different name.

BUG: this message doesn't go away when you type a different message. The Ajax API and the static form aren't fully aware of each other.

BUG: the Ajax username validation got stuck in a failure mode "Username entered is invalid" no matter what I entered in username (and the reddish error box remained).

I submitted anyway and it reported my username was created with the regular

Welcome, NewUsername
Your account has been created

BUG?: this welcome page also said

SPageWiki could not send your confirmation mail. Please check your e-mail address for invalid characters.

which is true, but

Mailer returned: Tried to send e-mail without an e-mail address.

It shouldn't have bothered trying to send e-mail.

BUG: I tried to login with my newly created username, and got a reddish box:

Login error

SPageWiki uses cookies to log in users. You have cookies disabled. Please enable them and try again.

Not true I have them enabled.

BUG: other times I'd try to login and would be bounced back to the new Special:UserSignup form. I think this happens because Special:UserLogin remembers where it came from is the Speciaul:Usersignup, and upon success would redirect there. Look at the request:

 POST http://localhost/wiki/index.php?title=Special:UserLogin&action=submitlogin&type=login&returnto=Special:Usersignup [HTTP/1.1 302 Found 154ms]

BUG: I submitted a form with empty password & retype password. This caused internal PHP error:

 Notice: Undefined variable: valid in /home/spage/projects/core/extensions/SignupAPI/includes/SpecialUserSignup.php on line 501
 Notice: Undefined variable: valid in /home/spage/projects/core/extensions/SignupAPI/includes/SpecialUserSignup.php on line 506
 Non-string key given

BUG?: if the extension believes what you've entered won't work, should it disable the [Create account] button?

BUG: The extension creates a new Special:UserSignup page (probably a good idea, much clearer than having Special:UserLogin do two different things) and somehow Create account links to this new special page. But on my test wiki, the link on this "Already have an account? _Log in_." goes to wiki/index.php?title=Special:UserSignup&type=login , and you don't see the Login form, you're still creating an new account.

if ( $wgSignupAPISourceTracking )

adds a sourcetracking table to the schema

adds a hook on 'Personal URLs' for source tracking

BUG: if wgSignupAPISourceTracking is false, this still attempts to insert into sourcetracking table in initUser().