Sending a triggered email to them to say if you didn’t just register to the site, let me know was my first thought. However, the limitations to the trigger email system means some has to manually field the response and then block the account. Then what if the person who owns the address tries to register…
Not pretty.
After looking at all the code options I have possibly discovered a path to do it right:
- Custom registration page, gets email and password minimum
- Validate input (proper email, pwd length minimum)
- Call backend code to process registration
- backend code encrypts the data, creates a url link that points back to an html function in the backend, then puts the link into an html email body, and sends the email via a 3rd party emailer to the registering user.
- User gets the email, clicks the link to verify
- Html function is called, decrypts the user data, re-validates it, then registers the user, then forwards them to a welcome page.