Problem/Motivation
Provide two e-mail fields (e-mail and 'confirm e-mail') to ensure accuracy on user registration. The LoginToboggan module does this.
Proposed resolution
Abstracting this to a new property name "#confirm" that can be applied to any Form API element.
Remaining tasks
Review the patch in comment #32.
User interface changes
- New option to enable 'E-mail address confirmation field' in the user accounts settings page (in the 'registration/cancellation' fieldset).
- If that option is enabled, an additional field on the user registration form (user/register) for 'Confirm e-mail address'.
API changes
- Addition of #confirm property to the Form API.
- TBD. Potential removal of the Form API element type 'password_confirm'.
Original feature request by birdmanx35
Part of a series of reforms for the login system, this patch would ideally provide two e-mail fields to ensure accuracy on registration, a feature that has previously been provided by the LoginToboggan module.
The login functionality applies to all Drupal installs, and this usability feature seems to me to be applicable to all Drupal installs and therefore the 6.x-dev core.
NOTE: I have no coding skills whatsoever, however, I hope I can contribute my ideas and hopes to Drupal.
Comments
Comment #1
PasqualleComment #2
bsherwood CreditAttribution: bsherwood commented+1 Subscribing!
Setting this to bug report because I feel this is a security related issue. Almost all CMS systems provide this functionality to make sure users are not creating bad passwords.
Comment #3
karschsp CreditAttribution: karschsp commentedtagging for novice queue
Comment #4
AaronBaumanWhat about abstracting this to a new property name "#confirm" that can be applied to ANY field?
I will take that on, unless there are objections.
edited for terminology
Comment #5
AaronBaumanIn this patch:
Not in this patch:
Feedback welcome -- thanks for reviewing & testing
Comment #6
AaronBaumanComment #8
AaronBaumanComment #10
sun+1, subscribing.
Your coding style needs work - please read http://drupal.org/coding-standards and sub-pages about comment standards.
Comment #11
AaronBaumanrerolled @ HEAD
Comment #12
mcrittenden CreditAttribution: mcrittenden commentedLooks like the intent of this issue has changed. +1 for a #confirm property.
Comment #13
mcrittenden CreditAttribution: mcrittenden commentedBot hasn't finished testing yet but either way it needs a lot of work from the coding standards standpoint, as sun pointed out.
Comment #14
AaronBaumanCan you please be a bit more specific w.r.t coding standards?
I ran it through Coder already.
Comment #15
Pasquallereroll, with code style and translation related changes
Comment #16
yched CreditAttribution: yched commentedChange component. This is not related to the Field API.
Comment #18
AaronBaumanComment #21
mcrittenden CreditAttribution: mcrittenden commentedGuess it's too late for 7.x now.
Comment #22
Aza-dupe CreditAttribution: Aza-dupe commentedIs this feature now available in 6.x or have you given up?
Comment #23
mcrittenden CreditAttribution: mcrittenden commentedAza: this feature won't make it into 6.x...only bug and security fixes go in at this point, and now that 7.x has reached code freeze, it's not making it in there either, so we can only hope for 8.x at this point.
Comment #24
rickmanelius CreditAttribution: rickmanelius commentedIs this still a desired feature? As I understand it, it's a toggle to add in an email confirmation field and test whether both match?
Comment #25
rickmanelius CreditAttribution: rickmanelius commentedPS. What's wrong with leaving in login toboggan? It seems to implement the feature quite well.
Comment #26
pjcdawkins CreditAttribution: pjcdawkins commentedComment #27
pjcdawkins CreditAttribution: pjcdawkins commentedI'm working on this, and it seems to me like a useful addition to the Form API.
The implications of aaronbauman's plan (see #5) are:
confirm_form()
(which does something completely different). But I don't know of any alternatives except something more wordy like #require_duplicateIt seems that there won't be any code bloat in this, if it simply replaces all the code that deals with password_confirm.
I'm having a go at rerolling aaronbauman's patch which looks like it will be relatively simple to update for D8.
(by the way I haven't written D8 core patches before)
Comment #28
pjcdawkins CreditAttribution: pjcdawkins commentedInitial patch, which just rerolls the form.inc, system.module and user.module parts of aaronbauman's patch.
More patches to follow for tests and JS/AJAX changes, and then yet another patch for the (more controversial) removal of password_confirm.
Comment #29
pjcdawkins CreditAttribution: pjcdawkins commentedUpdated patch (no exotic #states stuff, and configuration is now in the right place under Account settings).
Comment #30
pjcdawkins CreditAttribution: pjcdawkins commentedPotential 'title' option for the #confirm property, which aaronbauman suggested in his @todo:
Comment #31
pjcdawkins CreditAttribution: pjcdawkins commentedUpdated patch, including jQuery client-side validation (by aaronbauman, adapted from user.js). Working here with @Mac_Weber at DrupalCon. No tests yet.
Comment #32
pjcdawkins CreditAttribution: pjcdawkins commentedNew complete patch attached (including the PHP, the JavaScript and the tests), doing what aaronbauman describes in #5 above. Patch by @pjcdawkins and @Mac_Weber (novices at DrupalCon Munich).
Note that this patch does not do anything about the password_confirm Form API type (see #5 and #27 above).
Comment #32.0
pjcdawkins CreditAttribution: pjcdawkins commentedWrote an up-to-date summary based on the template.
Comment #32.1
pjcdawkins CreditAttribution: pjcdawkins commentedRemoved "// Text of original report here."
Comment #33
thedavidmeister CreditAttribution: thedavidmeister commentedNeeds reworking.
This is an important part of the patch though, right?
+ '#value' => is_array($value) ? (isset($value['confirm']) ? $value['confirm'] : NULL) : $value,
The legibility of this line could be improved by splitting it across a few lines.
We have drupal_html_id() for this.
Comment #34
lauriiiThis is very old issue so I don't think this is good issue for a novice anymore.