Why is this not done yet?
A user cannot login until he is activated. This is done to prevent spam as well as prove the authenticity of the users' email address.
How to address those issues
The idea is to automatically log the user in after registration, and also allow him to login without activation. However, until he activates his account he will not be able to perform any actions that a) result in public content b) involve his e-mail address.
He will not be able to:
- Create topics, posts, PMs
- Send emails through the board
- <please suggest more>
In order to do this we need to add checks to those relevant parts of code, to make sure the user is activated.
Unactivated users are now registered users. They can view anything a registered user can before activating. I do not see any issues with this.
Did I miss any things that must be denied? Are there any issues I did not address?