Warn user when security question does not have an answer

What is this for? To cater for sites with existing users who haven't previously set their password_reset question? Would it not be better to force them to do it by redirecting them to the user edit page until they have done so?

What is the query change in your patch for?

Thanks,
-K

Seeing as to how this module forces this process on new users, I don't see this as being unusable. I'd personally find the nag message or as an admin, lots of reset requests, a lot more annoying.

Why the query change? Please also check your patch for coding standards issues ...

-K

As far as I can see,
* existing user accounts get initialised with question number 1 and a hash value generated from the user's password and some salt.
* New users have to choose a question and a answer, when they sign up.

Nontheless, using modules like ucreate [1] produces users without question/answer, and creating users via ?q=admin/user/user/create produces users with questions and answers they probably don't know about.

I think a possible way to go could be
* Do not initialize existing users with q/a they don't know
* Instead _force_ them to choose a q/a after their next/first login
* Display a message above the request password q/a form to contact the administrator (optional contact form) if the answer is unknown

Any thoughts?

[1] http://drupal.org/project/ucreate

Redirect + Message feature added.

Cheers,
-K