I am putting togeather a system where I require admin approval of
all users, and I want to provide random passwords for users who loose
theirs. I have the following settings in Main Site Parameters:
EmailForgottenPasswordP 1
EmailChangedPasswordP 0 (only applies to admin changing password)
UseCustomQuestionForPasswordReset 1
EmailRandomPasswordWhenForgottenP 1
RegistrationProvidesRandomPasswordP 1
RegistrationRequiresEmailVerificationP 1
RegistrationRequiresApprovalP 1
EmailRegistrationConfirmationToUserP 1
With this setup, I have discovered a number of bugs, which I have
fixed, and a few which are just annoyances, which I have not fixed.
The first problem, I reported as a bug in SDM, has to do with
user-new skipping the password and password_confirmation form vars in
the case of RegistrationProvidesRandomPasswordP being 1, while
non-null values are required to submit the form to user-new-2. I
simply added different dummy values for these as hidded fields.
The second problem was that apparently NULL used to represent the
'needs approval' state. When a user registers with the current system,
'needs approval' gets inserted into the member_state field. Later
pages in the logic assume NULL as the member_state value, and so
nothing works.
The annoyances are that when you finish registering, you get an
email to verify your address, but once verified, you still do not have
a random password to login. You have to first try to login and then
have the system send you a new random password.
My main question is: how do I provide a single patch for the 4-5
files I needed to change to fix the problem? Also any suggestions on
the best way to fix the annoyance?