User requests to register for access to a page(s) in a certain directory. Requirements: [first name, last name, phone, email address, and personal password] and a checkbox requiring an "Terms and Agreement "Accept" "Decline" option ->
An Email is then sent to user ->
User verifies their [first name, last name, phone, email address] ->
User then enters the password they originally created before clicking "send" ->
An email is then sent to one or many individuals (Admins) for review and approval/disapproval ->
If approved, the account activated and an email is automatically generated advising the user access has been granted. This email includes a link to the login page ->
If disapproved, the account IS NOT activated and an email is automatically generated advising the person that their registration has been denied. This email includes a link to a "customer support" page that allows the registrant to appeal.
Script must have the administrative ability to manage sending alerts to users requiring that they change their passwords within 48 hours. ->
If their password isn't changed, their account is automatically disabled. ->
If disabled, the user will receive a message advising them their account has been disabled and will include a link to a page where an account reactivation request can be made. ->
Password security should be facilitated using hash everytime a user logs in. Both client and server-side hash must agree before granting login access.
Additional Front-End Requirements:
A single page to view users with check boxes or radio buttons to easily enable/disable accounts on an individual basis.
Admin Issued Single Password Changes: This page should also have an option to press a "password reset" button, which automatically emails the user a link to a page with the following fields [ first name | last name | email address | previous password | new password | confirm new password ]. If a password reset is issued by an Admin, this forces a comparative analysis between first and last name, email address, and previous password entered before accepting new password.
User Requested Password Changes: Existing authorized users want to make a change for personal reasons, or have lost their password. In this case, they would enter their [ first name | last name | email address | phone number | current password | new password | confirm new password ]. ->
A password change request would be received by one or many individuals (Admins) for approval. ->
If approved, an email is automatically generated/sent to user advising him/her their password change was accepted and