I'm not sure whether this is a bug, or by design, but I find it puzzling either way:
I have a Drupal 5.15 site with logintoboggan 5.x-1.3 installed. On the admin/user/settings screen, if I choose the registration option:
* Visitors can create accounts and no administrator approval is required.
and leave the
"Require e-mail verification when a visitor creates an account"
box UNchecked,
I find on the /admin/user/logintoboggan form that "Set password & Immediate login" is checked; the user gets logged in immediately, but they still have to verify their email address, which is clearly not what I want if I unchecked the e-mail verification box on the User Settings form.
The inverse is also true; if I uncheck "set password and immediate login" box on the Logintoboggan form and switch back to the user settings form, I find that the "Require e-mail verification" box is checked again.
Is this by design? Does logintoboggan completely remove the ability to allow users to register and set their own passwords without e-mail verification?
Comments
Comment #1
tbartels CreditAttribution: tbartels commentedThe description under the Logintoboggan "Set Password & Immediate Login" tells you that the checkbox is merely a mirror of the email verification box on the User Settings form. So yes, checking one is going to alter the other.
I believe what you are looking for is just underneath where it says: Non-authenticated Role. If you set the non-authenticated role to "authenticated user" you essentially bypass the verification process, I guess you would still have to deal with the welcome email not being sent(if that's what you want), but that shouldn't be too hard.
Comment #2
nextpulse CreditAttribution: nextpulse commentedI had the same issue on D6. I think this is actually a bug.
If the email verification box is unchecked for registration - it means NO verification is needed.
The role in Logintoboggan is set to 'authenticated'.
BUT Logintoboggan still displays the re-send validation-email info on the my account page: this is incorrect - since the user is already verified/activated and has the role 'authenticated'.
the offending piece of code:
if (!variable_get('user_email_verification', TRUE) && array_key_exists(logintoboggan_validating_id(), $user_edit->roles) && variable_get('user_register', 1) == 1) {
....
}
I changed the:
if (!variable_get('user_email_verification', TRUE)
to
if (variable_get('user_email_verification', TRUE) //so if email verification is needed - then display the links
Comment #3
tbartels CreditAttribution: tbartels commentedYah, I actually have a fix for that:
line 891:
and if you are picky you may want to set the perms on the re-send url as well
line 469:
I can make a patch if anybody really wants it, but you can just as easily hide it in your theme as I'm not really sure Logintoboggan was intended to be used in this fashion. /shrug
Comment #4
SocialNicheGuru CreditAttribution: SocialNicheGuru commenteda patch would be great.
are #2 and #3 needed to solve this issue or either or?
Chris
Comment #5
nextpulse CreditAttribution: nextpulse commentedmine (#2) was a quick and simple one line fix - it resolved the issue for me - not sure if there are side effects.
Comment #6
hunmonk CreditAttribution: hunmonk commentedi though the logic there was ok, but i'll have another look at it.
Comment #7
hunmonk CreditAttribution: hunmonk commentedthis is not the correct fix -- we want to display the re-send validation link if that variable is set to false. false means no core email verification, which means they're setting their own password and receiving a validation email. confusing, i know... ;) core's idea of email verification and LT's idea of email validation are very different, but because we leverage the core user login block, we have to use that setting so we know what's going on.
the real problem here is that we should also be checking to make to see if the non-auth role is set to authenticated user, and skipping the link display if so.
Comment #8
hunmonk CreditAttribution: hunmonk commentedcommitted a fix to 5.x-1.x-dev, 6.x-1.x-dev, and HEAD.