Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.We need to offer an extended time period for users to verify their account. This module handles already half of the requirements, so I'm planning to extend this module.
The requirements are:
User registers to site
- The account is created and status is active immediately
- Site sends an email-notification to user with link to confirm the registration
- User has 24 hours time to confirm the registration as follows
These are already implemented by User Email Verification.
If no confirmation in 24 hours the account is disabled and:
- Site sends an email-notification to user: “account is disabled” with link to confirm the registration (confirmation still possible for 7 days although the account is disabled)
- Site sends an user removal request –notification to admin (with note “user account disabled after 24 hours of registration”)
My options are:
- Create a project specific module which extends user_email_verification
- Provide a patch which creates a sub module, for example user_email_verification_extend
- Create a patch which adds some options to the main module for extending the period for verification
Which one is the preferred option in maintainer's opinion?
I'm thinking of implementing something in the lines of:
- Rules support for sending emails in a more flexible manner, deactivating user, deleting user.
- New token which can be sent in a different e-mail when the account is deactivated and user has x amount of days or hours to verify account
- Handler for activating and verifying disabled accounts without login (eg. /user/verify-disabled/[token_value])
| Comment | File | Size | Author |
|---|---|---|---|
| #11 | extended_verification-2708969-11.patch | 20.5 KB | merilainen |
| #10 | extended_verification-2708969-10.patch | 20.31 KB | merilainen |
| #9 | extended_verification-2708969-9.patch | 19.87 KB | merilainen |
| #7 | extended_verification-2708969-7.patch | 19.98 KB | merilainen |
| #6 | extended_verification-2708969-6.patch | 19.39 KB | merilainen |
Comments
Comment #2
merilainen commentedComment #3
merilainen commentedHere is a patch for the mentioned functionality, without Rules support.
I have chosen the option 3 from my suggestions, where I patch the main module. Main module functionality should not be affected, because by default the extended verification period is not active. I will continue working on this, but please go ahead and review the patch if you find it useful.
This patch also includes the patch from #2650136: Fix missing token replacement because I needed the tokens working.
I also fixed a variable_get callback which was trying to get a non-existing variable at user_email_verification_verify().
And added a watchdog entry each time user verifies an e-mail address for debugging and monitoring purposes.
Comment #4
merilainen commentedHere is another patch:
- Added subject and body variables for both verification and extended verification mails, so that they can be changed from UI
- Hiding extended verification settings when checkbox is not selected
Comment #5
skek commented@merilainen,
Thank you for the patch. You have selected the right option 3.
I will review it soon and get back to you.
Comment #6
merilainen commentedHere comes yet another patch, providing Rules events support. This would solve #2321837: Add a possibility to assign/remove roles on verification/blocking
Sorry for making such huge changes in this one issue, but we need this working at the end of next week.
Comment #7
merilainen commentedMy colleague found a problem with the cron task. With this new extended verification period, user was receiving email on every cron run until the account was deleted. I fixed this by making sure that this happens only when an active account is being blocked. This will reduce the amount of useless function calls to user_save().
Comment #8
skek commentedWe need new line here.
It is alpha version so there can be some changes in the code.
However changing the function name should be done carefully and we should thinking for backward compatibility.
We can add a function user_email_verification_task() that just call the user_email_verification_block_account().
Your name is actually better than the old one but we should think for the users that already using this module.
$account variable is missing.
We should load the account before passing it to the rules event.
Comment #9
merilainen commentedThank you for review!
Here is an updated patch with the requested changes. Regarding the third problem, the account variable is loaded outside the module_exists check on line 89.
Comment #10
merilainen commentedAh, I was looking at wrong function. This patch now loads the $account from uid before the rules event is invoked.
I also improved the code to use user_cancel instead of user_delete and added a _user_mail_notify() function call so that the normal account cancel mail can be sent when the account is cancelled.
Comment #11
merilainen commentedImproved account cancellation. Batch API was getting sometimes empty user object, making sure account was loaded before trying to cancel it.
Comment #13
skek commented