I begin to start to understand.
I added some URL parameter to the "Security Assist Authenticate user" and now I can show an error message when the user enters wrong credentials.
Now I need to show a message that warn the user that try to login without having activated his account before.
But how can I build an access rule for this?
In the "Security Assist Authenticate user" dialog box I check both email, password and activation together.
Is this right?
I could easily add a message that says that the user entered wrong credentials or he has not activated his account yet, but I don't thing this is a polite solution (even if it works).
Have I to do something else to manage this kind of access rule?
Here is the complete steps the user do:
1- the user registers in the registration page; it will be redirected to a succesfull registered user page where he can read a message says he need to check the email to activate his account;
2- the user click the email contained in the email and he is redirected to a specific activation page; here the user table is updated and then the user can click a link to go to the login page.
3- but what to do with a user that try to login without having activated his account yet?