I did that very thing recently. This will require some hand coding maybe, but you should be able to do all if it with DataAssist, Security Assist & Universal Email.
I made the email address the unique account identifier.
I require at least an email address and a password.
In MySQL I have a user table that looks like this...
CREATE TABLE IF NOT EXISTS `users` (
`UserID` int(11) NOT NULL auto_increment,
`UserName` varchar(50) default NULL,
`UserPassword` varchar(50) default NULL,
`UserEmail` varchar(100) default NULL,
`UserDate` datetime default NULL,
`FirstName` varchar(50) default NULL,
`LastName` varchar(50) default NULL,
`UserIsAdmin` tinyint(1) default NULL,
`BillingName` varchar(50) default NULL,
`BillingAddress1` varchar(50) default NULL,
`BillingAddress2` varchar(50) default NULL,
`BillingCity` varchar(50) default NULL,
`BillingState` varchar(50) default NULL,
`BillingZip` varchar(50) default NULL,
`BillingPhone` varchar(14) default NULL,
`UserValidated` char(1) NOT NULL default 'N',
`UserSessionID` varchar(255) default NULL,
`UserIPAddress` varchar(30) default NULL,
PRIMARY KEY (`UserID`),
UNIQUE KEY `UserEmail` (`UserEmail`);
My registration process only initially populates the UserEmail, Password, UserDate, UserSessionID, UserIPAddress fields. The `UserValidated` has a default value of 'N'. Later in the process that value will change to 'Y' if the user follows the process to completion.
1. Create your standard registration.php, login.php, profile.php, logout.php, forgotpassword.php files using the Security Assist wizard. You'll also want a duplicate_account.php file.
2. The Registration page checks the email address for duplication, if found it redirects to the duplicate page. If not found it inserts a new account in the user table, and using Universal Email sends a welcome message to the new user that has a link embedded in the body of the message. This link includes a SESSION_ID....
3. You will have to create some informational pages to explain the process to your guest users.
4. You will need to create a validate_user.php file that compares the link and the users current session ID and what was written to the user table moments ago. If they match, then you validate (change the 'N' to a 'Y') if not don't validate and redirect to a new page that explains the failure.
The above is a quick summary of the process. I offer this with the hopes that it will point you in the right direction, but there are probably other ways of doing this, but this is a way that I have found to accomplish the task.