Thoughts on the activation email. The simplest solution is to not allow logging in until the account has been activated. The problem with this approach is that we automatically log in the user during the registration process, to allow him/her access to the birth details forms.
We can allow access to an un-activated account, until an activation email has been sent out. From that point on, the account is locked out until the activation URL has been clicked on.
For a new registration, we allow the logon (as it happens away from the normal log on code). Then in prefilter, we need to check if we are activated, and if we aren't, depending on request URI, redirect to a message about account activation.
The basic email activation is in place, with handling of the odd situations where the account isn't activated, but we need to be logged on (setting birth details.)
Investigating how to send HTML mail from php.
The handling of a user clicking on the activate link in the email is done. Now, after sorting out some fundamental differences between isset and is_null, the activation code seems to work just fine.
Between the logging on process and the activation process, the prefilter code has got quite cumbersome. I'll spend some time this weekend having a look at a better way of streamlining the code somewhat.
Friday, February 13, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment