Account Guide¶

Manage your profile, email, password, sessions, and preferences.

Registration Lifecycle¶

Becoming a full user requires three steps:

1. Register — Create an account with username, nickname, email, and password
2. Confirm email — Click the confirmation link sent to your email
3. Admin approval — An admin approves your account and assigns you to a group

While waiting for admin approval, you see a "Registration Pending" page. If declined, a reason is shown. If deactivated later, an "Account Deactivated" page is displayed.

See Getting Started for the full walkthrough.

Registration Requirements¶

Registration includes bot protection (Cloudflare Turnstile CAPTCHA + honeypot field). Disposable email domains are blocked.

Email Confirmation¶

The confirmation link is sent to your email. Clicking it confirms your address. If the link expires, you can request a resend from the login page — attempting to log in with an unconfirmed email automatically resends the confirmation.

Unconfirmed registrations receive a warning email before expiry and are automatically declined after the expiry period.

Admin Approval¶

An admin reviews pending users and either approves (assigns to a group) or declines (with a reason). You cannot use the application until approved.

Profile¶

Nickname and Language¶

Change your nickname or toggle between English and Czech from the Profile section. Language changes take effect immediately via the i18n system.

Avatar¶

Upload a profile picture from the Profile section. The upload follows the same flow as marker images:

1. Select a file (accepted types and size limits are configurable)
2. Crop the image to your preferred framing
3. Image is compressed and uploaded to R2 via presigned URL
4. Backend confirms the upload

Replacing your avatar uploads a new image — the old one is replaced. You can also delete your avatar entirely.

Email¶

Changing Your Email¶

1. Enter the new email address
2. A confirmation email is sent to the new address
3. Your email status changes to "Change Pending"
4. Click the confirmation link to finalize the change

While a change is pending, the current email remains active. You can resend the confirmation if needed.

Confirmation States¶

Password¶

Changing While Logged In¶

Enter your current password, then the new password (with confirmation). Same complexity rules as registration. After changing, all your sessions are revoked — you must log in again on all devices.

Resetting via Forgot Password¶

1. Enter your email or username on the Forgot Password page
2. If the account exists, a reset link is sent by email
3. Click the link and enter a new password

The endpoint always returns 204 to prevent email enumeration. The reset link expires after a configurable period. After resetting, all sessions are revoked.

Sessions¶

Every login creates a session. View all active sessions from the Account page:

• Device name and type icon (mobile, tablet, browser, computer)
• IP address and last activity time
• Created date

The current session is highlighted. You can:

• Revoke individual sessions (other devices)
• Revoke all other sessions at once
• Sessions are revoked automatically on password change

Admin User Management¶

Admins manage users from the Administration page. Available actions:

Admins are configured via environment variable only (comma-separated usernames). Admin status cannot be changed through the UI.

Decline Reasons¶

• Unknown Person
• Duplicate Account
• Spam / Bot
• Email Not Confirmed (auto-set on expiry)
• Other (requires custom text, max 500 chars)

Related¶

• Getting Started — Account creation and setup
• Authentication — JWT tokens, login flow, token refresh
• Authorization — Roles, groups, registration statuses
• API Endpoints — Account endpoints