Forum OpenACS Q&A: Response to Yet another OpenACS 4 website...

Posted by Gilbert Wong on

I only made a few changes in the acs-subsite user pages.  Most of the changes are HTML layout changes.  The major change in the TCL/SQL code is the addition of a random token (and column to track it) to supplement the user email verification process.  The reason I modified it was because the oid/rowid is a constant in the database and when people change their email addresses, there is no easy way to verify that the email address is still valid.  So I added the random token and changed the basic-info-update page to check for a change in the email address.  If it was changed, I toggle the user verified column (can't remember the exact column name) to false, log out the user, generate a secret token, and email the confirmation link.  So a smart user cannot easily fool the email verification system.  I also had to change the registration end too.