I like the whole idea, but we need to fully describe the actions that will take place for each of User Registration methods (Instant, Pending, Email Activation). Otherwise, it will become confusing.
I believe this functionality has to be activated if:
a. Email is required field
b. EmailAddressVerification setting is enabled (new one under Configuration->Users->General)?
New User Registration:
- Instant Registration - additional text needed to be added to the Registration Email Event which will say please click here to validate your Email address OR should be send this email as a separate Email Event asking to validate that Email?
- Pending - additional text needed to be added to the Pending Registration Email Event which will say please click here to validate your Email address OR should be send this email as a separate Email Event once the account is actually Activated by Admin?
- Email Activation - automatically should mark the Email as verified once account is activated. Makes sense right?
User Updated Email address:
1. Reset EmailValidated check-box
2. Send 2 emails:
- to OLD email address - saying that an email on account has been changed - click here to UNDO the change if it's wasn't you.
- to NEW email address - asking to click "here" to Verify the Email. However, NEW email will be UNDONE to old one if in case if User has clicked on UNDO the change + will be marked back as Verified.
The question is what do we do with accounts that don't have Email Verified and sitting there for some time?
a. Do nothing and let Admin to manage these via Admin Console (ie. filter out and delete)
b. Create a button (or Agent) to "Prune" the Accounts with Unverified Emails
Also, I believe none of this Email Verification should trigger ANY sort of Disabling / Activating the account. What we can do is to ask Users to verify their Email (if it has not been) once they logged on Front-End.
What you think on above?
I think that it's a little different since and there is NO need to