The Request Account Module allows users to request their own accounts, specifying their own preferred username and preferred password. An administrator can then approve or deny pending account requests.
Without this module an administrator must preemptively create a user account, and communicate its password to the intended user.
This module allows users to request their own password, so the administrator doesn't need to know it, and he/she doesn't need to communicate a password to the users, which frequently happens over unsecure email.
The downside of this module is that it stores the users requested password in the database in plain text for a short time. This plain text password is never displayed in the web application, and it is cleared as soon as the account is approved or denied.
In most situations this should be a significant improvement in security, but as administrator you should be aware of the implications.
This security issue could probably be fixed with some more programming (by storing pre-hashed passwords), so if someone wants to tackle that, please let me know. -Darius
Download and install the module. Hopefully the screenshots below are clear enough to not require further instructions.
Click "Sign Up":
Fill out your details:
Wait for approval:
The administration page has a link to an "Approve Accounts" page.
To approve an account, you need to choose which roles the new user should have. You may do this in either of two ways:
Or you may deny an account request:
Requesting an account does not require any privileges (obviously).
Approving/denying accounts requires the "Add Users" privilege
If you want to use this module on 1.4.0-1.4.4, you need this special version of the omod file: Requestaccount-1.0-for-1.4.0.omod