Check if user requesting password recovery is validated; if not, send new validation link
|Reported by:||dpk||Owned by:|
Users who do not validate their new account often do not realize this is why they can't log in. (Since they are temporarily allowed in after registering, this feeds their assumption that the registration process is done.) They will then use the password recovery feature, go through that process, and find they cannot log in. They should not be put through this process, but there is no way for a user who has not received (or lost) their validation link to acquire a new one themselves, and admins can't send them one either.
Unvalidated users requesting new passwords should be redirected, advised of their actual problem, and given the option to have a new validation link sent to them with advice about their need to check spam filters. Admin notification might also be a helpful option.
Adding Ralf Fuhrmann's extended admin features plugin to Elgg has the benefit of creating a failsafe alternative where unvalidated users can be validated by admins.