This is the only idea I can think of immediately.
If your server (whatever it is) could dynamically add the MACs of these users to something when they enter their email, it strikes me you might be able to add mac-auth to the same VAP that's in use. Then leave all your other rules as is on the controller, but set a mac-auth role of whatever the portal authenticated one is.
The result would be that previously seen MACs would be fully auth'd. Either that or define a totally new role which delivers a reduced captive portal for previous users missing out the acceptance page bit?
The complexity will be getting the MACs into a database from the original user auth (via captive portal). The controller would definately know the client MAC, but with offloaded captive portals, I'm not sure if the controller sends the MAC to the other server as well as the HTTP content? Need to do some sniffing or see if anybody knows!
I'm not an Amigopod expert, but maybe that product could do it?