Create a module to prevent complete loss of access to a hacked user account
completed by: dmitrig01
mentors: Karoly Negyesi
If someone guesses your password, steals your cookies from an unsecured wireless network, uses a computer you're logged into, or otherwise gains unauthorized access to your account, they can change your password and email address, and you will be unable to regain access to your account. To prevent this, we would like a module that can make it so that email addresses cannot be modified, only added. This way, if your account is hacked, you can still use the "password reset" feature and use the one-time login link to regain control of your account.
To do this, email addresses will need to turn into a multi-value field, with only the current email address the one typically used, except in the case of password resets. This should be done by a contributed module - please see the module developers guide for details. This module should probably:
a) Add a multi-value text field to users that will hold old email addresses.
b) Make sure in the field validate callback that this can only get new items - old items can never be removed.
c) Add a widget that only displays the emails does not allow any changes.
d) When the user email is changed, then add the original one to this new field.
e) Amend the user password reset functionality to send emails to the past emails as well. Also, invalidating all sessions on password change looks logical -- just make sure the current session is not dropped.
The deliverable should be a contributed module for Drupal 7 that does what the description above indicates.
chx, either on drupal.org or on IRC.
Please post all your work to the drupal.org issue, http://drupal.org/node/998440. Thanks!