I followed the recent "user registration without email" thread closely, as I'm about to start working on a related issue. Prior to moving my site over to Drupal, I had implemented a password-less registration system [1] for our downloads area that was based on the user's email address. It basically worked like this: 1. When a user requested access to a 'protected' resource, we would first check for a registration cookie. If the cookie is present, we would send them on to the requested resource. 2. If no cookie is present we would throw up a registration lookup form requesting their email address. When submit, we'd look for their email address. If found, we'd set the cookie and forward them to the requested resource. 3. If the email address isn't found, they would be asked to 'register', by providing an email address along with personal info such as company name, address, phone, etc. Upon successful registration we'd set a cookie and forward them to the requested resource. I'd like to implement a similar scheme for my Drupal-based site. One option is to port over my existing code and tables and keep the registration stuff separate from the Drupal system. However, it seems like a more flexible approach would be to make each of these registrants "users" in Drupal, allowing me to use Drupal features and contrib modules for managing the resources and controlling access to them. I'm currently thinking I can accomplish most, if not all, of this by hacking/patching the LoginToboggan module. I would need to modify it to use an empty string for the password, customize the login form, and suppress the confirmation email. I would use the it's Immediate Login feature to create the users and put them into a "non-authenticated role" I'd create called "registrant". My intention would be to leave them there permanently. I'd also need to implement the ability to forward the new user to the requested page. I'm looking for an any thoughts on this approach, and any pointers if it has been done already. If there are any gotchas I'll likely run into, or if--for some reason that isn't yet apparent to me--this is just a Bad Idea, I'd like to know that as well. Also, if there is any broader interest in this type of functionality let me know. I'm happy to work as closely with the LoginToboggan maintainers as they would like, and would appreciate any help or guidance they can offer. Thanks, Sam [1] The use case here is a corporate/brochureware site where the security of the resources is not a major concern, as they are typically marketing materials. (Site security is still a concern, of course.) It is desirable to avoid requiring users to create/manage a password, yet we'd like to somehow accomodate the repeat visitor.