I've written a module that streamlines the registration process for webforms that don't allow anon users to submit.
Before I create a project for it on d.org, I'd like people's opinions on what it does to the login process.
What the module does is this: when an anonymous user goes to the webform node, they are shown the registration form instead. When they first log in, they are taken back to the same webform node. (As far as I can tell, this is not doable with login toboggan or login_destination.)
My concern is this: if the site is set to require email verification, then the user is sent to the webform once they have clicked the 'Login' button. They do not get taken to their edit account page, and so are not prompted to change the password that they were sent via email.
I'd like people's opinions on this -- does it cause an undue problem with security? On the one hand, it means a user will probably not change their password which was sent in a plaintext email. On the other, how many users actually bother to change their password when prompted?
Comments
Re: webform registration - skipping password changing?
Hello Joachim,
I am actually trying to do the same thing you described?
I am curious, did you keep using your module?
May I use your module?
Would you like feedback?