Do you then store the email address after having sent the link to the user? Because I don't think people view it as "giving their email address", but more like "send me the link and forget that you ever saw my email address".

Nah I don't actually. Just have a field in the db to know if they gave one or not, for statistics purposes...

Storing emails would be a convenient way to send the link if the user did not send it from the registration page or lost it in the meantime. As a user I would love seeing this kind of identification and would probably set a email account only used to recover links and avoid sharing my main email account.

Nice work by the way.

Good point, but for something done in 3 days I didn't want to risk having left some SQL injection somewhere somehow and leaking people's email.

But yes that's a good idea.