If the setting is enabled, email changes initiated by the client should not take effect immediately. Instead the email should be saved to the email_verifications table, maintaining the current email in the contacts table.

On the client profile page in the client interface a notice should be displayed if the email for the current contact has a pending verification. "Your email is currently unverified. A verification email has been sent to %1$s. To resend, click here." Where %1$s is the email pending verification.

Create a new controller client_verify.php

This should include a method that accepts a get parameter token=[emailverificationtoken] and mark the associated verification record as verified. At this time the associated contact should have their email updated to the verified email. It should then redirect using the record's redirect url or to the client dashboard if null.

It should also include a send() method that can be used to send new email verification emails. The date_sent for that email should be updated at this time.

Client payment should be updated to respect the setting for unverified payment prevention and should display a message "Payment is unavailable until email verification is complete. To resend your verification email, click here." This link can point to ClientVerify::send().

On the client in the admin interface a new keyword Validated should be added to the info box under Autosuspension if the setting is enabled. If the client has and pending email verification and the email to be verified is the same as the client's current email, it should show FALSE in red text, else show TRUE in green if the verification is accepted or it is for an email change.

In the client email log we need to not display the activation link
I can think of 3 ways to do this:

1. Don't log the activation email at all
2. Exclude those emails from the client email log (maybe a new bool column on the email_logs table)
3. Filter out activation links (probably when logging rather than when displaying)

#3 is ideal