This can be accomplished using a combination of:
Data Assist
Security Assist
Cookies Toolkit
Universal Email.
First you would need to create 2 new columns in the database table that holds the users email address and other information when the sign up. one to indicate whether the email address has been verified (You will need to determine how to indicate verified or not, you could use 1 and 0) and the other to hold a random string.
On the registration page, go to the bindings Tab and click the plus button and select Security Assist -> Random Password. On the Server behaviors tab click the Plus button and select WA Cookies Toolkit -> Set Session Value server behavior. This will produce the random string to insert into the database. These steps are outlined in the Security Assist Solution Recipe on the security Assist product detail page in the Updating Send Password section.
When the form is submitted, you will store the entered information in the database using the Data Assist Insert record server behavior. Set the Verified column to 0 (Unverified) and insert the random string (Or random password generated ion the previous step) in the column that you set up to hold the random string.
In the Data Assist Insert Record UI There is a section For setting the session variable. Set the Key Column to the Primary Key and Chose a memorable name for the session variable. This will be used in the email.
Then add Universal email to send an email to the address entered to ask them to verify the address. you will include a link in the email address that will go to another page that you create to look up the address and if found, update the record to be verified.
Lets assume that your domain is www.mydomain.com and the page you created is verify.php. the email will send a link to that page and pass the ID of the record that was created by Data Assist Insert Record and the random string:
<a href="http://www.mydomain.com?verify.php?id=<?php echo($_SESSION['IDSessionVar'])?>&rand=<?php echo['RandomPasswordSessionVar']?>">Please Verify your Email</a>
On the verify page, you would create a recordset to lookup the record by filtering the ID column on the "id" Querystring parameter and the random column on the "rand" querystring parameter in the link. If the email address is found, then use the WA Update Record server behavior to set the Verified column to 1 to indicate that the email has been verified.
On the login page, double click the authenticate user server behavior. On the second page, add another condition to log in. Select the verified column and set the value to one.
This will restrict login to only allow if the Verified column is set to 1.
