My use of Pro Dada is as a circulation system in which users subscribe, cancel or change their address -- all infrequent operations in which a password to a profile page would be (as they like to tell me) a nuisance. In some cases, there have been 10 years between log-ins, for example.
So I've been thinking about what a secure but non-password-based change of address form would look like (since subscribing and canceling work well already). And I've looked at the Pro Dada code to see how I might hook into it. But there's always one piece of the puzzle missing.
Here's what I would like to implement:
1) An HTML form that asks for no more than the current email address and the new one.
2) On submit, a new HTML page is displayed telling the subscriber they're new address must be confirmed to complete the change from the old address.
3) A confirmation email is sent to the new address just as if it were, in fact a new address.
4) When confirmed, the new address is activated and the old address is deleted. An email to that effect is sent to the subscriber at the new address.
That seems both a) secure and b) painless to the subscriber. And while I've been able to write a Perl CGI to process the new address and delete the old one, I haven't been able to either link the operations (make the deletion dependent on the confirmation) or return an HTML page for the change (rather than the standard ones for a new sub and a cancellation).