In this video, I will show you how to customize Drupal's registration system. We'll add additional validation for the user's email address to prevent them from mistyping their e-mail address, and we'll allow users to create their password during the registration process.

Default Registration Process

In the last video, we briefly saw the registration form. Let's take a quick look at that before we modify it.

  • Go to "/user/register"

Here we see that I am asked to enter a "Username" and "E-mail address". The way Drupal works out of the box is that it will email the user a link that they need to click, and only then can they set their password and log into the site.

For immediate usability, let's allow users to create their password when they create their account, and for future usability, to make sure users can retrieve their password later, by asking them to repeat their email address for verification.

  • Go to "Configuration => System => LoginToboggan" (admin/config/system/logintoboggan)

Modify Registration Process

  • Use two e-mail fields on registration form

    • [x] Enabled (This option will require the user to enter their email address twice when registering on the site. This will confirm that the user entered their email address correctly. If you think about it, many sites require the email address once, and the password twice. In that case, when a user forgets their password, but mistyped their email address, there's no way to reset their password. If we require the email twice, we know their email address is correct, and they can at any time reset their password.)
  • [x] Set password (This option will allow users to enter their desired password when they create their account.)

If you just enable this option and click save, you are opening your site up for spammers to create junk accounts which will bloat your database, and eventually have a negative impact on your site's performance. You can of course, install a module like Captcha, Honeypot, or Mollom to reduce spam accounts, but even then, the more intelligent spammers can get through. So, if you allow users to create their passwords you'll want to create a "Non-authenticated role" and select that in the next option. We'll do that in the next video, but for now, let's save this page and and make one quick change to the welcome email users will get, since they won't need to login to set their password.

  • (Save configuration)

Modify Authentication Link in Email Template

Before we modify the email, let me show you what the default message includes so that you can compare the two.

Note: I'll grant users permission to register without approval.

  • Go to "Configuration => People => Account settings" (admin/config/people/accounts)
  • Who can register accounts?: Visitors (You'll notice that we can't require e-mail verification here. That is because LoginToboggan is overriding this permission by allowing users to set a password. In this case, LoginToboggan requires a different link to verify the account.)

Now, I'll create a test account. When we refresh the registration page, we'll see that there are two email fields, and that users can create their passwords at registration.

Once I've filled out the form, we can check my email and we'll see the welcome email and the link to login and set a password. We've already set a passwrod, so we need to update the message to remove that part, and add the verification link from LoginToboggan. (For more details on this, you can click the "LoginToboggan help" link or go to "admin/help/logintoboggan".)

  • Go to "Configuration => People => Account settings" (admin/config/people/accounts)
  • Scroll down to the "E-mails" section
  • Select "Welcome (no approval required)" in the left sidebar
  • Subject: Please validate your account: [user:name] at [site:name]
  • Body:

    • [user:name],

      Thank you for registering at [site:name].

      You MUST authenticate your account within the next 7 days by clicking the link below. If you do not validate your account within this time, it will be deleted.


      In the future, you can login using your username ([user:name]) or your email address, and the password you chose at registration.

      -- [site:name] team

  • (Save configuration)

I'll create another test account to check out the new email.

  • (Create dummy account)

So, you'll see that I'm automatically logged in (due to another setting that we'll get to in the next video) and that anyone can create an account, and by default, have all of the permissions granted to the "Authenticated user" role. That's not ideal, and luckily Logintoboggan allows you to create a new role, with limited permissions, that will be granted to users created this way, until they verify their account. In the next video, we'll set that up, and also take a look at deleting users who do not verify their account (ie: spammers) after a specified amount of time has passed.