I'm using the user login features and it appears to work great, nice job!
A couple of suggestions with security as a concern:
- Mask the SMTP password on the User Login settings page.
- Do not send the newly registered password in the admin notification e-mail since this is clear text. I don't want to know the user's password, and more importantly if audited I don't want the gov't to find out it was ever possible. Applying encryption hides it in the database so no worries there.
Thanks,
Wayne