If I create a separate file on the server for registration (accessed via a web link button on a webpage to WebDirect)
I can then review and import that record to the main file.
At the point of that first registration I can ask them to use their email as a user name (password of their choice), then once I move them over to the main database require a password reset, but their user name, the email address, remains the same.
Just prior to import I can set their access / security level using their email / user name and adding them to a group.
Can anybody see a problem with this?
Does it make it too easy for a hacker, as everybody knows somebodies email address is their username, leaving only the password as unique.