This is a module thats allows registration without a mail address. No mail will be requested during registration, the users can't see or change the mail address. Instead, a timestamp will be combined with a customisable domain and a customisable top level domain to be a unique (fake) mail address and stored in the database.

The module is necessary, if you want to avoid storing mail addresses. Reasons can be more anonymity or laws that prohibit e.g. the collection of personal data of adolescent pupils without permission of their parents. It is written for Indymedia linksunten but apparently some teachers need this module to use drupal for school related websites.

This module obviously depends on noreqnewpass. We suggest to merge the two modules and call the new module no_mail. We can be contacted via
imc-linksunten-technik at lists dot indymedia dot org.

CommentFileSizeAuthor
#4 09-01-13-no_mail.tar_.gz8.24 KBlinksunten
09-01-03-no_mail_registration.tar_.gz7.04 KBlinksunten

Comments

-Anti-’s picture

-Anti- commented

This sounds great.

> This module obviously depends on noreqnewpass

How does 'no_mail_registration' affect the contact module?
will the contact module degrade gracefully, or will it just try to send email to the fake address?

Thanks for your work on this, and for releasing it.

linksunten’s picture

linksunten commented
Issue tags: +contact module

This module is really simple:

(1) It suppresses the mail address field during registration.
(2) It fills in some fake mail address.
(3) It suppresses the mail address in the users contact page.

That's it. So yes, if some module tries to send e-mail it will do so to the fake address.

pedrofaria’s picture

pedrofaria commented

I really don't know if will be good merge this functionality to No request new password... i think the purpose of your module are different.

IMHO, is more better create a new, related and referenced on description page, project... but i really want read all opinions about it and i will consider all of them.

About emails, there is a way to treat it.... with hook_mail_alter

linksunten’s picture

linksunten commented
Title: No Mail Registration » No Mail
StatusFileSize
new 09-01-13-no_mail.tar_.gz8.24 KB

There is a big security hole in the no_mail_registration module, so
DO NOT USE IT!

The user module always sends a mail when a new account is registered by a user (and when it's pending for admin approval and when a new account is created by an admin). We found no option to turn it off without hacking core.

We implemented a series of security checks for no_mail. The module can't be enabled if an invalid (i.e. insecure) configuration is chosen. Drupal still sends emails but the module can only be enabled if some standard text is filled in (without login or password). We admit this is ugly but it works.

If /admin/user/settings is changed after the module is enabled, there will be a warning only at admin/settings/no_mail. We strongly encourage to leave /admin/user/settings alone after enabling no_mail or at least to have a look at admin/settings/no_mail after changing something to the worse. ;-)

The module allows to set a mail catch-all for the whole site with hook_mail_alter, thanks, pedrofaria!

When posting a comment, it is now possible for users to provide a name without a mail address. The module provides an option to unset the mail form.

We decided to integrate noreqnewpass in our no_mail module and noted that on the help page.

There was a problem with noreqnewpass in hook_menu_alter:

function noreqnewpass_menu_alter(&$callback) {
  if (variable_get('noreqnewpass_disabled', true)) {    
    $callback['user/password'] = array('access arguments' => array(FALSE));
  }
}

This caused a fatal error at /user/password.

We changed it to:

function no_mail_menu() {
  $items = array();

   if (variable_get('no_mail_password_request', FALSE))
     $items['user/password'] = array();

  return $items;
}

Feedback is welcome!

IMC linksunten

pedrofaria’s picture

pedrofaria commented
Status: Needs review » Closed (fixed)