In reply to various issues above. - The user clicks on a link, a "GET" query string. They do not have to re-enter information.
- The data does not have to be stored *before* verification because the data will be sent back when the user clicks the email link, and the key tells us if it's correct. - Upon successful verification the email and any other data has been stored, so you have the data to unsub an email address. Just look it up by supplying the storage page. - This also works for email subscription only sign-ups to newsletters or Notify, for users without accounts. It should not require a username and password. - Unsubscribing uses the same mechanism. The email is again hashed with a secret. The user clicks the link, the key is checked, voila!, verified or not. - You can verify any info like this. It is not only against spammers, but also hijacking. Only the real user has access to their email account.That is the second reason for sending emails. - The sign-up system could allow the admin, or other cookbooks, full control. They specify which fields, only email is mandatory. They specify where to write the verified data, and the separator. fields: email, user, password storagePage: SiteAdmin.Whatever separator: ',' Marcus _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
