Would this work?
- Upon login, copy the email to email2.
- Then ask if email2 is empty.
- Protect email2 in the user table by using the Roles where current current is current user.
- In case that email2 is empty as for it from user.
- Send email confirmation with link to page were parameter is entered in a field “email confirmed”.
- Use email2 for everything you do.
Is this a correct strategy? or
Custom email confirmation: If this is correct then I would need a unique ID that I can pass but cannot be the user ID, I rather generate a new for that exist only for the email confirmation, correct?