
*******************************************************
    INSTALL.txt for logintoboggan.module for Drupal
*******************************************************

INSTALLATION:

Place entire loggintoboggan module folder into
  (a) your /modules/contrib directory
  (b) your sites/[my site]/modules directory.

Enable the module at Administration » Modules

Configure logintoboggan settings at
Administration » Configuration » People » LoginToboggan

The module provides an alternative login block to core AND provides a
LoginToboggan logged in block'.

Configure each block at Administration » Structure » Blocks as follows...

1. Configure the 'Logintoboggan login' block for LoginToboggan functionality:

Change title if required; using <none> can make for a very neat login system,
when combined with the javascript functionality: clicking upon "Login/register"
reveals the login form in sliding fashion. To select this functionality, select
'Collapsible form' under "Block type". Selecting 'Link' under "Block type"
sends user to a login form, returning them to original page after successful
login.

2. Configure 'LoginToboggan logged in block'

Tip: by leaving the title blank, the 'LoginToboggan logged in block' is slim
and neat.

Done!

CAVEATS:

1. Use the 'Delete unvalidated users after' feature with extreme caution!

   This feature can be handy, but if misconfigured can cause unexpected damage
   to your user data -- specifically deleting users!  Three things to guard
   against:

     a. Be very careful when editing the 'trusted role' setting.
        If you set it to anything other than the 'authenticated user' role,
        LoginToboggan will happily start deleting any users that don't have that
        role and were created prior to the purge interval. If you want to
        avoid problems, it's best to never change that setting after you've
        initially set it up.

     b. LoginToboggan provides a trusted role that is assigned in addition to
        the authenticated user role. In Drupal 7, it worked the other way round
        in that it removed the authenticated role under a user validated via email.
        However, that's not possible in Drupal 8 because the authenticated role is
        automatically assumed for all logged-in users. Be aware that other contrib modules
        may want to assign permissions to authenticated users so it will be your
        ongoing responsibility as a site manager to remove unwanted permissions from
        the authenticated role, if you have adopted the trusted role approach.

     c. If you are using the trusted role approach, and subsequently decide to stop letting
        users set a password on registration, you should set the trusted role back to authenticated
        before removing the password setting. That will mean the trusted role logic is ignored.
