XML/XSLT CWP or PHP CWP?
Are the e-mail addresses stored in a database? Or accessible through a directory server (AD or LDAP)?
This is not straightforward. The usual way goes through web sessions, and you should read the corresponding CWP Guide sections. Whatever technology you use, you need to think about your security model: What security measures must be taken so that
- user data can't be read out from your database by tweaking the URL?
- sessions can not be circumvented by tweaking the session cookie?
- login can be gained by tweaking the input strings (e-mail and password)?
- if IP ranges are to be considered as well, what if somebody fiddles with them?
- e-mail/pw combinations can't be read out through man-in-the-middle attacks?
I programmed login/logout procedures twice with XML/XSLT CWP. For both cases I had to start from scratch. There is no standard procedure, it all depends on your security requirements.
I recommend also to read Sverre H. Huseby, Innocent code : a security wake-up call for web programmers, Wiley, Chichester (2004), ISBN 0-470-85744-7.