Extension:EmailAuth/Hooks/EmailAuthRequireToken

The hook will be called on every login that would be successful. When  is changed to true, an extra step is added to the login: a six-letter verification code is emailed to the user, and must be entered for the login to succeed.

The meaning of the parameters:
 * (User): The user trying to log in.
 * : (bool) Change this to true to enable verification.
 * : (Message) Message telling the user they need to do an extra verification step.
 * : (Message) subject of the email with the verification code
 * : (Message) body of the email with the verification code; last parameter must be the token and will be set later

The Message parameters have sensible defaults.

An example that will force email verification for all admins who do not use OATH: