Html code for validating username and password
You generally want to prevent new users from posting any data to your web site before they have a confirmed email.
The default code logs in a user after they register.
Suppose the user accidentally registered as "[email protected]" and hadn't noticed the misspelling of "yli," they wouldn't be able to use password recovery because the app doesn't have their correct email.
Email confirmation provides only limited protection from bots and doesn't provide protection from determined spammers who have many working email aliases they can use to register.
Later in the tutorial, we'll change this so new users cannot log in until their email has been validated. You might want to use this email again in the next step when the app sends a confirmation email. Deleting the email alias now will make it easier in the following steps. It's a best practice to confirm the email of a new user registration to verify they are not impersonating someone else (that is, they haven't registered with someone else's email).
Suppose you had a discussion forum, and you wanted to prevent "[email protected]" from registering as "[email protected]" Without email confirmation, "[email protected]" could get unwanted email from your app.