Hello, and thank you for contributing this wonderful framework!
I am interested in making the forum invite-only, and I am willing to volunteer some development time to do this. Just wondering what would be the simplest way to approach this. I was thinking along the lines of removing the registration page, and moving it to the administration page. Am I on the right track?
The simplest possible way would be to generate a token/secret and make it very similar to the email change feature, then protect the registration page so it checks if the token is valid.
The check can be done by decrypting the secret and checking it contains the same email the user is trying to register. But you would have to know the email to generate and send the secret/invitation.
If you want to share the invitation through other means or don't know the user email, then you would have to keep track of the valid tokens by storing them in the database and removing them after they are used.
IMHO, the first option is quite better, so in the administration you could just hit a button and send the invite to someone's email. Or even let regular users to send invitations.
It's currently possible to make the forum private, so it can be access by users only if you want that as well.
Making the admin create the users by hand is not the same as making the forum invitation-only, I think. But you can do that if you want to. You would just disable registrations and add a user creation view in the admin panel. The regular registration would display something like "this forum is invitation-only" when disabled.