mirror/php-auth
1
0
Fork 0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-07-31 13:20:11 +02:00
Code Issues Releases Wiki Activity

Explain where usernames may be used to address unconfirmed recipients

Browse Source
This commit is contained in:
Marco
2020-05-11 13:14:14 +02:00
parent 6f933ac560
commit cc6430a83e
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -178,6 +178,8 @@ If you dont want to perform email verification, just omit the last parameter
Need to store additional user information? Read on [here](#additional-user-information).
**Note:** When sending an email to the user, please note that the (optional) username, at this point, has not yet been confirmed as acceptable to the owner of the (new) email address. It could contain offensive or misleading language chosen by someone who is not actually the owner of the address.
### Login (sign in)
```php
@@ -431,6 +433,8 @@ For email verification, you should build an URL with the selector and token and
$url = 'https://www.example.com/verify_email?selector=' . \urlencode($selector) . '&token=' . \urlencode($token);
```
**Note:** When sending an email to the user, please note that the (optional) username, at this point, has not yet been confirmed as acceptable to the owner of the (new) email address. It could contain offensive or misleading language chosen by someone who is not actually the owner of the address.
After the request to change the email address has been made, or even better, after the change has been confirmed by the user, you should send an email to their accounts *previous* email address as an out-of-band notification informing the account owner about this critical change.
**Note:** Changes to a users email address take effect in the local session immediately, as expected. In other sessions (e.g. on other devices), the changes may need up to five minutes to take effect, though. This increases performance and usually poses no problem. If you want to change this behavior, nevertheless, simply decrease (or perhaps increase) the value that you pass to the [`Auth` constructor](#creating-a-new-instance) as the argument named `$sessionResyncInterval`.
@@ -481,6 +485,8 @@ Usually, you should build an URL with the selector and token and send it to the
$url = 'https://www.example.com/verify_email?selector=' . \urlencode($selector) . '&token=' . \urlencode($token);
```
**Note:** When sending an email to the user, please note that the (optional) username, at this point, has not yet been confirmed as acceptable to the owner of the (new) email address. It could contain offensive or misleading language chosen by someone who is not actually the owner of the address.
### Logout
```php