by Alexv » Mon Apr 23, 2007 1:23 am
This is a feature which is very convenient, and is omnipresent amongst Coranto's competitors. This has been discussed in the past, and every time the conclusion was that it's best to do it in core (not with an addon). The reason behind it is (or was anyway, perhaps the policy has changed since) to make sure no addons are loaded until the user is logged-in. There are simply no addon hooks in that area (there was at one time, when Lawrence accidentally added one, but was quickly removed in a subsequent release). The fear was that a rogue addon could bypass Coranto's security by adding a backdoor or something. Of course one must realize that even if we don't load addons until a user is authenticated, once a user is in, an addon can do absolutely anything. That is, any addon could just modify the code in crcore.pl or coranto.cgi and insert a permanent backdoor.
The toughest challenge would probably be figuring out how to send the e-mail. Some server's don't have sendmail, some force you to authenticate, some users will be overwhelmed by the complex terminology, etc... Perhaps it's best to have an option to enable/disable e-mail features (similar to the way Coranto currently enables/disables features depending on whether the install is "Private" or "Public").
aka on ctus: alexv, aerosoul, billgates