Extension:EmailAuth/Hooks/EmailAuthRequireToken

The hook will be called on every login that would be successful. When  is changed to true, an extra step is added to the login: a six-letter verification code is emailed to the user, and must be entered for the login to succeed.

The meaning of the parameters:
 * (User): The user trying to log in.
 * : (bool) Change this to true to enable verification.
 * : (Message) Message telling the user they need to do an extra verification step.
 * : (Message) subject of the email with the verification code
 * : (Message) body of the email with the verification code; last parameter must be the token and will be set later

An example that will force email verification for all admins who do not use OATH: