Like the topic suggests, it'll be great if a user's account is temporarily disabled when he changes his email (probably set to "awaiting confirmation"), while an email confirmation is sent to him to be re-authenticated. SMF has a function like this.
That would be a great core option, but I wonder if it could be possible via user actions in a plugin, like...
onBeforeUserUpdate:
get the current e-mail value...
store as a state...
onAfterUserUpdate:
if the new e-mail field value <> the old one...
$user->confirmed = 0;
CB core e-mail approval function.
Joomlapolitan zealot and a somewhat stealthy, rather passive CB3PD developer. www.constructionlounge.com
Construction Lounge: Online resource and networking portal for the construction and remodeling industries.
yes, but this would have as effect that a user changing email can't re-login next time he needs to. It is a problem that really needs to be addressed in CB core. Suggestions welcome.
What we plan is that old email stays active as long as new is not confirmed, so user can continue logging in.
Same effect could be done with a plugin of course.
Seems like it could:
1) change the email address
2) Set the user to Not Confirmed (make sure it fires the onUserActive or similar event so that plugins can work on as needed)... may also need to set to Not Approved to disable site access until re-confirmed
3) Add a DB record similar to what happens when registering
4) Send them an e-mail confirmation e-mail same as when registering
Seems like the catch here might be if admin approval is turned on it may require re-approval by admin if using the exisiting core checks...
With that difficulty in mind it might be better to have a similar but different set of code handle e-mail change confirmations