Perhaps other monks have wider experience/knowledge of ready-made software.
As for me, I don't know the code currently you're using... but I probably wouldn't tackle the issue using third party software, anyway. Rather, IMO, the process several of us are advocating -- integrated email verification -- is one I would tackle from scratch, whether as additional code for your extant package or as a module.
Many of the details here can be modified to suit your preferences and requirements, but here's a possible workflow:
- The user submits your registration form
- your cgi (the form's action)
- assigns the request a unique ID
- stores that and the user's email (and other data?)
- sends an email with the ID to the address supplied.
The email (and, preferably, the registration page as well) explains that the user must reply (within a short time limit -- definition of "short time" left to you) to an email account you control to confirm the account request.
- A second script (or, for a really low intensity operation, a human) monitors incoming mail on the specified account, intercepting those with whatever subject line you assign to your initial outgoing mail.
- The second script compares the ID (plus address, name, etc, as your please) in the incoming email with the data stored by the cgi.
- If they match, the second script blesses (creates, calls a creator script, whatever) a new account.
} else {
- ...if there is no match, second script takes no action...
} but {
periodically, second script reviews aging account request info (as stored in step 2) and kills those which have timed out.
Updated formatting for clarity
| [reply] |
| [reply] |