[TO CLARIFY] Account Re-Verification on Email Change #705
Description
I was thinking...
If we use email verification for an account on creation, why would we not do the same when a user changes their email?
To me this only makes sense. It could go something like this...
- User changes email and is logged out
- User DB status changes back to inactive
- Email resent to verify
- Link clicked to reactivate
Obviously there should be some sort of notification shown to the user alerting them that their account will be set back to inactive.
Thoughts?
Here is a quick setup for the function (Not tested)
public static function saveNewEmailAddress($user_id, $new_user_email)
{
$database = DatabaseFactory::getFactory()->getConnection();
$user_activation_hash = sha1(uniqid(mt_rand(), true));
$query = $database->prepare("UPDATE users SET user_email = :user_email, user_active = :user_active, user_activation_hash = :user_activation_hash WHERE user_id = :user_id LIMIT 1");
$query->execute(array(':user_email' => $new_user_email, ':user_active' => 0, ':user_activation_hash' => $user_activation_hash, ':user_id' => $user_id));
$count = $query->rowCount();
if ($count == 1) {
if(RegistrationModel::sendVerificationEmail($user_id, $new_user_email, $user_activation_hash, true)){
LoginModel::logout();
Redirect::home();
}
}
return false;
}