bsdmike wrote:I wonder how hard this would be just to make a quick modification to the php code.
All that is really needed is just a tag in the activation email saying this is an email change...
and perhaps the new email address of the user.
This would be a step, but really, it's ludicrous to sell this as a 'security feature'. We LOSE members due to this draconian setting, because you can't even set it to a lower activation threshold than initial registration. Why should changing my email trigger a complete reactivation? If the account was compromised, it was compromised before the profile details changed. We have NEVER had an account be compromised in that fashion, but I can't tell you how many times we have lost members due to the wait to get admin activation done a second time (we get dozens of new users a day, many of which need to be skipped as spammers).