generate a password and e-mail it to the user. That way, they are guaranteed
to give you a valid address as they can't get in without one... It also
covers the uniqueness angle as an e-mail address is unique.
Once the user is logged in then we let them change their password as often
as they want..
If the user changes their e-mail address however, we go back to the auto
generation of a new password, log them out as a security measure and send
out the new password to them to make sure that they have changed their
e-mail address to something that is once again valid.
If they mess up and they need the service, they'll re-register (if its free)
or contact tech support to fix their details up so they can login again if
it's a subscribtion based service :)
Paul
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
