- Managing authentication
- Manual accounts
- No login
- Email-based self-registration
- CAS server (SSO)
- External database
- No authentication
- PAM (Pluggable Authentication Modules)
- POP3 server
- Authentication FAQ
The email-based self-registration authentication method enables users to create their own accounts via the 'Create new account' button on the login page. They then receive an email at the address they specified in their account profile to confirm their account.
- 1 Enabling email-based self-registration
- 2 Enable reCAPTCHA element
- 3 Email confirmation message
- 4 Support contact
- 5 Tips
- 6 See also
Enabling email-based self-registration
- Go to Administration > Site administration > Plugins > Authentication > Manage authentication and click the crossed-out-eye icon opposite email-based self-registration
- Select email-based self-registration from the self registration drop-down menu in the common settings (further down the same page, underneath the authentication plugins)
- Click the 'Save changes' button
Warning: Enabling self registration results in the possibility of spammers creating accounts in order to use forum posts, blog entries etc. for spam. This risk can be minimized by limiting self registration to particular email domains with the allowed email domains setting in Administration > Site administration > Plugins> Authentication > Manage authentication. Alternatively, self registration may be enabled for a short period of time to allow users to create accounts, and then later disabled.
Note: The Email-based self-registration authentication plugin must be enabled to allow users who previously self-registered to login. Selecting Email-based self-registration as the self registration method allows potential users to self register.
You may change the text that appears under "Is this your first time here?" in two ways:
- Add text in the Instructions box found in Site administration ... Plugins ... Authentication ... Manage authentication or,
- Use the Language Customization tool to edit the language string 'loginsteps' found in moodle.php. Note, this string is different from 'loginstepsnone', which is the string used for No Authentication registration.
Enable reCAPTCHA element
A CAPTCHA is a program that can tell whether its user is a human or a computer. CAPTCHAs are used by many websites to prevent abuse from bots, or automated programs usually written to generate spam. No computer program can read distorted text as well as humans can, so bots cannot navigate sites protected by CAPTCHAs.
Spam protection may be added to the email-based self-registration new account form with a CAPTCHA element - a challenge-response test used to determine whether the user is human.
In addition to enabling the reCAPTCHA element, email-based self-registration should be set as the self registration authentication plugin and reCAPTCHA keys should be set in the manage authentication common settings.
Email confirmation message
An automated email confirmation message is sent to the user using the support contact email address.
We can change this text in Administration > Site administration > Language > Language customization by choosing the appropriate language pack. selecting 'moodle.php' from 'core' and searching for the string identifier name 'emailconfirmation' and editing it with a local customization.
An administrator can specify a support name, email and/or support page in 'Support contact' in the Site administration for including in the confirmation email.
- Check your user list regularly for spammy/suspect names/emails and/or users in the system but not enrolled in the course
- Disable Blogs unless actually using them; some spambots know how to post there
- Enable some sort of login failure notification in Administration > Site administration > Security > Notifications so we can see who is having login issues
- Check Administration > Site administration > Reports > Spam cleaner from time to time
- Potential users may not receive the account confirmation email due to it ending up in the spam folder, being refused by the remote server, an invalid email address entered etc. Such accounts may be confirmed manually by an admin.
Using Moodle forum discussions:
- Admin approving self registrations?
- Sending the email confirmation again
- Self registration with validation
- "Password Reset" email blocked by email servers
- Email-Based Self-Registration not sending emails: things to know
- Confirmation emails being blocked/trashed