Users are currently placed in the Members group upon registration with an activated boolean and activationCode in their database record. The boolean is flipped to true when the user activates their account.
Instead, place new users in a "Pending Activation" group and maintain a separate activation code table with codes and expiration dates (much like the password reset table). When users activate, move them to the new users group and delete the activation code.
Don't forget to modify the e-mail update form in the account section, which deactivates the user's account and requires reactivation to validate the e-mail address.
Users are currently placed in the Members group upon registration with an
activatedboolean andactivationCodein their database record. The boolean is flipped to true when the user activates their account.Instead, place new users in a "Pending Activation" group and maintain a separate activation code table with codes and expiration dates (much like the password reset table). When users activate, move them to the new users group and delete the activation code.
Don't forget to modify the e-mail update form in the account section, which deactivates the user's account and requires reactivation to validate the e-mail address.