6. Multiple email addresses and user account recovery


You can allow users to enter multiple email addresses.

Multiple email addresses may be needed to allow to create multiple contact forms or to offer better account recovery options in case if something happens to one of the user's email addresses.

Every new email address needs verifying (validating) in the same way as the first email address, which was provided, when a visitor registered a new user account.

To add a new email address, the user should go to URL [path-to-your-site]/user/add-email-address.
Or for editing later to URL [path-to-your-site]/user/edit-email-address/[email-id].
In addition to the email address form field, there are following form fields on these email managing pages:
Memorable word question
Memorable word.

If you leave these form fields empty, then they will not be used as an additional security measure by recovering your account. If these form fields will be let empty, then there will be delays between every attempt to recover your account password later. By providing here a memorable word, such delays could be avoided.

Such delays are preventing following possible spamming attack ...
When someone finds out, that a certain email address is used as some account email address on a website, which uses Allmice CMS, then that person may try to use the email address for a sort of spam attacking attempts. Such person may use such email address by attempting to force the website system to send many recovery emails.
The memorable word would make such attempts complicated, either by asking an additional confirmation - the memorable word - for every recovery attempt or by making time delays between such recovery attempts.

There is a config item, where you can determine the delay intervals for emails, which are not used with a memorable word.
Go to URL [path-to-your-site]/admin/list-config,
Select module: User,
Select type: recoverAccount.
In the table is row, where uri is passwordRequestPeriod. Click Edit in this row to change the delay period, which is measured in seconds.

In case if a user forgets his/her password, the method, which such user could use to recover the user account is available on URL [path-to-your-site]/user/recover-account.
Don't forget to allow for role anonymous access right for this method, if you wish that the users of your website would be able to ask new password or reminder of their username for their account.

You can also customize Log in block to have link to this recovery URL, which will be explained later.

Previous: 5. Registering new users | Next: 7. Manage contact forms and emails
Users and messages
1. Modules for managing users and messages
2. Sending automatic emails
2.1. Configure email authentication details
2.2. Manage message templates
3. Authenticating
4. Adjust the website for authenticated users
4.1. Access rights for unauthenticated visitors
4.2. Adjustable links on user block
4.3. Change labels and other language phrases
4.4. Prepare content for authenticated visitors
4.5. Give access rights for authenticated users
5. Registering new users
6. Multiple email addresses and user account recovery
7. Manage contact forms and emails
8. Manage postal addresses
9. User profile