Allowing anonymous users to see and edit their existing Profile form data

2012-09-23 09:52
Written by

The following new functionality has been suggested. If you have any thoughts on this please take a look and add some comments to the Blog post.


When Contacts with no user record or non logged in users view a Profile form they would have the option to enter their email address and the system will check if this email exists for any contacts in the system. If it does, an authenticate link (checksum) is sent via email to the contact. When the link is selected the Profile form is then reopened with the contacts existing field details.

For a full description with Mockups please see

Filed under


We tried something like this for a whole different type of system once and found that all it ended up doing was trading one problem for another, i.e. username/password tech support  vs. "I didn't get the email" / future expanded offerings not being compatible (and then requiring username/password anyway) / user wanting to view their own history / etc .


I'm not saying it won't work since this is a different domain, just passing on what happened in our situation.

I like the idea of having a prompt on profiles so that existing users don't re-enter info we already have but instead of sending a link to edit just that profile I think it would be better to prompt them to log in. 

So the text at the top of the profile might be:

Do we already have your information? Log in now to edit your current information

username or email address



Can't remember if we have your information or can't remember you password? Enter your email address to check.

Email address 




I am also not sure about the response:  "Thank you, if your email address is found you will receive an email with the link allowing you to update your existing data".

The standard (drupal ?) response to a request for an new password is:  "Sorry, abc @xyz is not recognized as a user name or an e-mail address". For our use, letting the person know immediately that we don't already have their details would be important, so we would want that standard response.

If you are concerned about the security implications of "Sorry, abc @xyz is not recognized as a user name or an e-mail address" then perhaps you should be trying to have your security conscious response set up as a tick box alternative to the standard response when a new password request is submitted.


Finally, I am not sure of the purpose served by  * This email address may receive multiple copies of this email, intended for different contacts, if your email address is used for a number of different contacts in the {} database."  

The system you propose will only work if each contact has an unique email address.  Otherwise, how will Civi know which contact details to display and then edit in the pre-filled profile form?