#5524 - Textually log per-member their agreements to the declarations
-
By PDStig
- Added
- 5 views
| Identifier | #5524 |
|---|---|
| Issue type | Feature request or suggestion |
| Title | Textually log per-member their agreements to the declarations |
| Status | Completed |
| Tags |
Roadmap: Over the horizon (custom) Roadmap: v11 partial implementation (custom) Type: Legal compliance / Privacy (custom) |
| Handling member | PDStig |
| Version | 11 beta5 |
| Addon | core_cns |
| Description | With laws like this Ohio one popping up ( https://governor.ohio.gov/administration/lt-governor/071123 ), it is becoming increasingly necessary to have a physical log of one's agreement to a site's rules or Terms and Conditions.
When a site requires a member to declare things via tick boxes before registering, do the following: * Log the status of each tick box and whether or not it was ticked via hidden parameters for the remainder of the form. The value should be empty if the box was not ticked, or the full text of the declaration if it was ticked. * When the member is registered, read the values of these hidden parameters and log them in the database with the member account. This could probably be done through a restricted custom profile field. |
| Steps to reproduce | |
| Additional information | While it's not possible to register an account without ticking all the declarations, I do not simply want the system to assume a registered account = they agreed to all the declarations and just dump the values of the declaration text into the CPF on registration. For better legal compliance, the proper web form submission process with input fields should be followed. That way, the actions are directly tied to the member.
Member registration should also reject itself, possibly with a hack attack, if the necessary hidden inputs for the declarations do not match the configured declaration text. There are only two possible cases where this could happen: * A member physically altered the HTML / form, thus why it might be considered a low-level hack attack * Edge case: The declarations config was modified by an admin after the member passed the rules screen but before submitting their registration. It may be possible to check against this by reading the date/time the config was edited versus a hidden timestamp, however this enables the possibility of the user modifying the timestamp, and we would not necessarily know they did that. |
| Funded? | No |
| Commits |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments
* COPPA should be enabled by default
* When staff are emailed, they are informed to reply with the ToS, the moderation tools used, and general confirmation that this agreement happened.
* Add template support to the email module including a default template for "COPPA" confirmation. Generate it by PHP which includes current rules and the current content moderation tools (every addon that might possibly censor or moderate content / users needs to self-report through another set of hooks similar to privacy).
* Document how all of this is going to work; some users' parents may need to be replied to offline (just copy the generated text from the email module to a word processor).
We will need to document this, and also document it that if doing it offline, you should also keep your own records.
I plan to also implement simple emails of the declarations for v11.0 to ensure legal compliance. E-mail template functionality, which is not necessary for legal compliance but will improve the UI, will probably be a later version.
This commit adds support for automatic e-mails of the rules / declarations agreed to both when a member registers and when a member re-agrees to changes. It includes a full copy of the rules page and the Privacy Policy page.
Issue will remain open as other parts of it have yet to be implemented.