User Registration & Authentication

CoinTrail provides a complete authentication system including registration, login, password recovery, email verification, and social login. This section covers all user-facing authentication features.

Registration Process

Users can create an account through the standard registration form:

Registration Form Fields

Field	Type	Validation	Description
Name	Text	Required, max 255	User's display name
Email	Email	Required, unique, valid email	Used for login and notifications
Password	Password	Required, min 8 chars	Must include mixed case and numbers (configurable)
Confirm Password	Password	Must match password	Password confirmation
Terms Agreement	Checkbox	Required	Accept Terms of Service and Privacy Policy
Newsletter	Checkbox	Optional	Subscribe to newsletter (opt-in)
reCAPTCHA	CAPTCHA	If enabled	Spam protection

Registration Flow

Screenshot: User registration form with name, email, password fields frontend/registration-form.png

The registration form with all required fields and validation

User Fills Form

User provides name, email, and creates a password. They must agree to the Terms of Service.

Validation

Server validates all fields. Email uniqueness is checked, password strength is verified.

Account Created

User record is created with Free tier subscription and unverified email status.

Verification Email

If email verification is enabled, a verification email is sent with a unique link.

Welcome Email

A welcome email is sent with account information and getting started tips.

Default Account

New users are automatically assigned the Free tier subscription. They can upgrade to Premium or Pro from their account settings.

Email Verification

Email verification ensures users provide a valid email address:

Verification Process

After registration, user receives an email with a verification link
The link contains a unique, time-limited token
User clicks the link to verify their email
Account is marked as verified and full access is granted

Verification Settings

Setting	Location	Description
`email_verification_required`	Admin Settings	Require verification before login
`verification_token_expiry`	config/auth.php	Token expiration time (default: 60 minutes)

Resend Verification

Users can request a new verification email if:

The original email was not received
The verification link has expired
The user changed their email address

Registered users can log in using their credentials:

Screenshot: User login form with email, password, and remember me option frontend/login-form.png

The login form with authentication options

Login Form Fields

Field	Type	Description
Email	Email	Registered email address
Password	Password	Account password
Remember Me	Checkbox	Keep user logged in (extends session)
reCAPTCHA	CAPTCHA	Shown after failed attempts (if enabled)

Login Security Features

Rate Limiting

After 5 failed attempts, account is temporarily locked for 15 minutes.

Two-Factor Auth

If 2FA is enabled, user must enter TOTP code after password.

Login Notifications

Optional email notification for logins from new devices/locations.

Session Management

Users can view and revoke active sessions from security settings.

Users can register and login using social media accounts:

Supported Providers

Screenshot: Social login buttons for Google, Facebook, and Twitter frontend/social-login-buttons.png

Social login options displayed on the login and registration pages

Facebook

One-click login with Facebook. Retrieves name, email, and profile picture.

Twitter/X

Google

Social Login Flow

User Clicks Social Button

User clicks "Login with Facebook/Google/Twitter" button on login or register page.

OAuth Authorization

User is redirected to the social provider to authorize access.

Callback Processing

Provider redirects back with user data. System checks if account exists.

Account Handling

If new: Account is created with social data, email auto-verified.
If existing: Social account is linked and user is logged in.

Email Matching

If a user registers with social login and their email matches an existing account, they will be prompted to link accounts or use a different method. This prevents duplicate accounts.

Password Recovery

Users who forget their password can reset it via email:

Recovery Process

Request Reset

User enters their email on the "Forgot Password" page.

Email Sent

If email exists, a password reset link is sent. Link expires in 60 minutes.

Reset Password

User clicks link and enters a new password (with confirmation).

Confirmation

Password is updated, user receives confirmation email, and all other sessions are invalidated.

Security Note

The system does not reveal whether an email exists in the database. Users always see the same message: "If your email is registered, you will receive a reset link."

Profile Management

Users can manage their profile from the account dashboard:

Access Path

User Dashboard → Profile Settings (/user/profile)

Profile Fields

Screenshot: User profile settings page with editable fields frontend/profile-settings.png

Profile management page where users can update their information

Basic Information

Name - Display name shown on profile
Username - Unique username for profile URL
Avatar - Profile picture (upload or Gravatar)
Bio - Short biography or description
Website - Personal or company website

Location & Preferences

Country - Country of residence
Timezone - For accurate time display
Preferred Currency - Display currency for prices (USD, EUR, etc.)
Language - Interface language preference

Social Links

Twitter/X - Twitter handle
Telegram - Telegram username
Discord - Discord username
LinkedIn - LinkedIn profile URL

Account Settings