Last updated 13 August 2015. Created on 23 September 2011.
Edited by bjlewis2, dooug, scflmark, jasom. Log in to edit this page.

LoginToboggan is one of the top 100 modules for Drupal by usage. It offers many frequently requested modifications to the standard Drupal registration and login functionality.

To view the list of features the module provides or to download the module, visit the project page at

There's a video series covering this module on Check out the into video below:


  • Download the appropriate module for your Drupal release and extract the compressed files.
  • Place the entire LoginToboggan module folder into either: [your site]/modules directory, or [your site]/sites/all/modules directory.
  • Enable the module at:

Drupal 6: admin > build > modules
Drupal 7: administration > modules


Configure LoginToboggan by selecting the "configure" link for LoginToboggan on Drupal's "Modules" page, or select from:

Drupal 6: admin > user > logintoboggan
Drupal 7: administration > configuration > system > logintoboggan

The configuration options are summarized below:


You can enable the 'login with email address' feature. This doesn't prevent users from logging in as usual with their username, it simply adds the extra functionality that the user can choose to log in using their email address instead. For many users this is easier to remember and can provide a better overall user experience.


LoginToboggan provides several improvements to the user registration process.

Use two email fields on registration form

If this option is enabled, the user will be required to enter their email address twice when registering on the site. This can help prevent problems caused by users typing their email address wrongly. LoginToboggan will verify that both fields are the same, and prompt the user to correct it if not. Set this to disabled for the default Drupal behavior without verification.

Set password

Checking this will allow users to enter their desired password when they set up their user account. Leaving it unchecked will use the default Drupal behavior; e-mailing the user a link they must click and returning them to the site to set their password. If you enable this feature you're advised to edit the text of the 'Welcome, no approval required' email (see note under Configure other settings below).

Non-authenticated role

Before you enable the 'Set Password' feature, it's highly recommended that you setup a new role expressly for non-authenticated users. These are users who have registered an account on your site, but not yet verified their email address by clicking on the link in the welcome email. The new user will automatically be assigned a role on the site, so it is critical to be able to designate the proper permissions.

To create a new role:

  • Go to Drupal 6: admin > user > permissions, or Drupal 7: administration > people >permissions > roles and setup a new role, such as 'Unverified user' or 'New user'.
  • Set up suitable permissions for this role.  For example, you may not want unverified users to be able to create new content.

Note: This new non-authenticated role will not automatically inherit permissions of either the authenticated role or the anonymous role. If additional permissions are required (such as view published content), they must be added here. You may want to create a role with the same permissions as the anonymous user if you wish the newly created user to only have anonymous permissions.

  • Return to the LoginToboggan configuration screen and select this new role from the dropdown box labelled 'Non-authenticated role'.
Delete unvalidated users after

You can select a value from this menu option to control how long the site will allow new users before following the link provided in the welcome message. This can be helpful to prevent registration spam by removing users who do not promptly configure their account information.


LoginToboggan provides the ability to select two temporary redirect paths: one for initial registration and another for immediately after authenticating.  This can be useful when additional information regarding the registration process would be helpful. The information provided in this configuration section can provide any additional details regarding path redirection options available.

Configure other settings

Authenticate link in e-mail template "Welcome (no approval required)"

If you checked the set password option, you should modify the Welcome (no approval required) email message to reflect the correct approval link and email body text. The message can be modified at:

Drupal 6: admin > user > settings or
Drupal 7: administration > configuration > people > account settings

The appropriate message can be found under the E-mail tabs on the Left sidebar. Change the token from [user:one-time-login-url] to [user:validate-url]. Remember to change e-mail body text as appropriate.

The confirmation link in this email will now have the effect of confirming the user as an 'authenticated user' on the site. Until the new user follows this link, they will have the non-authenticated role defined by the earlier step on this configuration form.

The set password option mirrors the 'require email verification under administration > configuration > people > account settings, so checking this setting, will uncheck that setting, and vice versa.

Configuring blocks

LoginToboggan will function after initial configuration for controlling new user registration, but also adds a block to the site structure which can be further customized. You can configure each block at:

Drupal 6: admin >build > block
Drupal 7: administration > structure > block

Configure the 'User login' block for LoginToboggan functionality

Change title if required; using can make for a very neat login system, when combined with the javascript functionality: clicking upon "Login/register" reveals the login form in sliding fashion. To select this functionality, select 'Collapsible form' under "Block type". Selecting 'Link' under "Block type" sends user to a login form, returning them to original page after successful login.

Configure 'LoginToboggan logged in block'

Tip: by leaving the title blank, the 'LoginToboggan logged in block' is slim and neat.

Other options

Other configuration options for LoginToboggan are available and include the following:

  • Delete unvalidated users after
  • Display login successful message
  • Minimum password length
LoginTobogganIntro.jpg55.68 KB

Looking for support? Visit the forums, or join #drupal-support in IRC.