I'd like to add features to help administrators to manage multi-users instances. I'm currently working on an "email verification" feature but I'm facing an annoying problem.

Context: I need to send emails via SMTP and not using localhost. The only built-in function in PHP to send emails is mail, which needs to be configured via the php.ini file and needs sendmail to be configured. I'm not even sure we can pass credentials (some say no, some others say yes but not documented).

Almost everyone recommends to use PHPMailer and I think we should go with it. Problem: PHPMailer only supports PHP 5.5+, while FreshRSS works with PHP 5.3+ (according to our travis.yml file). My questions are:

• should we re-evaluate our minimal requirements? Even if some distributions still support these old versions, maybe it's time to move on? (it doesn't mean we will break everything without proper warning to the administrators)
• if the answer to the previous question is "no", is a solution with "no email validation feature" for the older PHP versions would be ok for you?
• or maybe we can use "PHPMailer" for PHP 5.5+ and mail for older versions? (but it means more work for me)

Follow-up of my progress:

• add an email field on the profile page and the CLI (reuse the existing mail_login config element)
• add a force_email_validation element to system config (false by default) and add a field to the system config page
• ask for email during registration if force_email_validation is true
• create a page to validate the user email address (params: username and token)
• send an email with the URL of the validation page when email is changed (or user create its account)
• block access to FreshRSS if the email_validation_token is not null
• allow user to resend the validation email
• allow user to change its email while she's blocked
• document the feature
• (nice to have) improve the look of the "validation feedback page" (maybe using Allow to change the view layout #2467)

(more elements to come while I'm working on it)