08-29-2016, 08:46 PM
Sorry to be a nay-sayer, but is blocking the user (users.active=false) really what you want to do?
Let's say I'm just a normal (non-malicious) user and I decide I would rather have my personal email used for this web-site rather than my work address. Oh, look - I can change my own email. That's convenient. Then - poof - next time I try to log in I'm told that I've been blocked?! What?! Now I have to try to contact the admin to get them to unblock me - it would have been easier to ask the admin to change my email address for me...
I think the flag that needs to be changed is users.email_verified.
The challenge is that you need to generate a new verify email... Maybe the easiest thing to do would be to make an informative "$successes[]" message which included a link for them to go and generate their own verification email? If they don't see it they're kind of stuck, but at least you've given them a pretty good chance...
Let's say I'm just a normal (non-malicious) user and I decide I would rather have my personal email used for this web-site rather than my work address. Oh, look - I can change my own email. That's convenient. Then - poof - next time I try to log in I'm told that I've been blocked?! What?! Now I have to try to contact the admin to get them to unblock me - it would have been easier to ask the admin to change my email address for me...
I think the flag that needs to be changed is users.email_verified.
The challenge is that you need to generate a new verify email... Maybe the easiest thing to do would be to make an informative "$successes[]" message which included a link for them to go and generate their own verification email? If they don't see it they're kind of stuck, but at least you've given them a pretty good chance...