Email confirmation of anonymous content through Rules and Flag

We regularly need to create workflows that enable anonymous users to add content to one of our Drupal sites. Often it is desirable to make anonymous users confirm the nodes they post by following a generated 'secret' link they have received by email.

Thanks to the indispensable Rules and Flag modules this can be accomplished without ever leaving the administration area of a Drupal site. Now don't misunderstand me. I love to code. But the Rules module often offers a faster and more easily maintainable way to create complex processes. It also keeps Drupal installs relatively clean, since Rules is able to sit in for a whole bunch of contrib modules.

But let's get back to work on the anonymous email confirmation process! I do assume some basic experience with Rules. For a first introduction I can do no better then refer you to the great series of Rules tutorials by Johan Falk at Node One.

My screencasts below are of a Drupal 6 install. I had to recreate the rules for D7 last week, follows the same logic as the D6 version *. An export of both D6 and D7 rules are attached. Both have been exported using a content type called "Complaint" (machine name "complaint") - different from the content type name seen in the screencasts.

A. Prerequisites

1. Download and enable the necessary modules

Download and enable the following modules:

- cck
- email (for the email field)
- flag
- token
- rules
- rules_forms (only necessary for D7)
- pathrules (only necessary for D6)

2. Create the Content Type you want anonymous users to submit

Create the relevant Content Type.

Add a regular text field to the Content Type named "random" (do not hide this field under the "Manage Display" tab, this would mess with the first rule we will create - I will hide the Random form field later on using a form rule).

Add an e-mail field called "email".

Set the permissions for the content type, anonymous users should be able to create this particular content type, the "random" field should be editable and viewable by anonymous users.

3. Add a new node Flag

Add a new Flag at the flag administration page. Make it of type "nodes", set it to "global" and assign it to the Content Type created in step 2.

B. Rules

It's as easy as one, two, three!

5. First rule: Send e-mail on submit IF anonymous user

The first rule checks if someone who tries to submit a the relevant content type is an anonymous visitor of the site. If that is the case, it will generate a random string (borrowing the Drupal function user_password()), add it to the "random" field, save the content type and mail the user (who entered an e-mail address in the form) a link that is a combination of the content type's URL and the generated string.

Relevant code :
return array(0 => array('value' =>  user_password()));

6. Second rule: Flag content as visible when correct URL from mail

The second rule checks if the value contained in the link received by the anonymous user conforms to the hidden saved value of the random field.

Relevant code:

7. Third rule: If content NOT flagged hide for anonymous user

The third rule is simple: if an anonymous user tries to view content that is not flagged visible, redirect the user to the front page.

9. The proof of the pudding

If everything went well, an anonymous user should receive the following mail on submitting our specially prepared content type:

Click the link - and our previously hidden content is visible! It worked!

The fourth rule makes sure that content added by logged in users is automatically be made visible. The fifth hides the random entry field on the submit page of our content type. These last two rules are complementary, so I did not include screencasts for them. All rules for both D6 and D7 versions of Rules are attached below (remember: content type "Complaint", machine name "complaint").

* Though I had to remember to set the correct user for my flag rule to make it fire for anon users - the user "on whose behalf to flag" does not need to be the currently logged in or acting user in D7 Rules. You can specify any existing user that has sufficient rights to flag. Just switch to "direct data selection" and enter a uid of a user with sufficient rights to set a flag.

complaint_rules_export_d7.zip2.38 KB
complaint_rules_export_d6.zip2.25 KB


Sam's picture

Perhaps I'm missing

Perhaps I'm missing something, but I don't understand why you are using flag to mark content as visible instead of the 'Published' attribute that is already included in core. Would you care to enlighten me?

admin's picture

Hi Sam, good point! Making

Hi Sam, good point! Making use of the 'published' attribute works great in the first rule - but since unpublished nodes cannot be accessed, the second rule won't work. Perhaps a module like could fix that, but I like the flexibility of Flag. Especially in more complex workflow scenarios. It always makes me happy if I am able to do more with fewer modules!

Sam's picture

That clears things up, thanks

That clears things up, thanks very much!

aditya menon's picture

Thank you for the informative

Thank you for the informative post. Kindly treat it is a polite request when I say it would be nicer if you could also create the screen-casts for the final 2 steps also :)

Eventually however, I had to go back and write a custom module for this functionality, as it was irking my peace of mind that I had somewhat unnecessary fields in my content type - fields that are actually only useful for internal processing and validation... but what you wrote here was extremely useful during a time of emergency. I thank you for that :)

Mike's picture

Thank you very much for your

Thank you very much for your introduction. That has solved my similar problem. Thx

Jens's picture

Thanks so much for your help

Thanks so much for your help here, Robin. But that doesn't really work for me.
I am using Drupal 7.10 and my necessary modules which are activated have the version:

Rules, Rules Scheduler, Rules UI (7.x-2.0)
Rules Forms support (7.x-1.0-beta6)
Flag, Flag actions (7.x-2.0-beta6)
Entity API, Entity tokens (7.x-1.0-rc1

I tried so much but i didn't get it work. When i try to import your rules for Drupal7 ( i get some errors:

complaint_rules_export_1.txt says ERROR

"Integrity check for the imported configuratoin failed. Error message: Data selector node:field-random for parameter data is invalid.."

complaint_rules_export_2.txt says OK

complaint_rules_export_3.txt says ERROR

"Integrity check for the imported configuratoin failed. Error message: Missing configuration for parameter form_state.."

complaint_rules_export_4.txt says ERROR

"Integrity check for the imported configuratoin failed. Error message: Data selector node:field-random for parameter data is invalid.."

complaint_rules_export_5.txt says ERROR

"Integrity check for the imported configuratoin failed. Error message: Unknown action rules_forms_access.."

i would really appreciate any suggestions.

Robin's picture

Hi Jens, Have you been able

Hi Jens,
Have you been able to resolve this problem since February? Maybe there has been some change in the module since the time I wrote this small tutorial? I will see if I can find some time to test and update the export files.

Emil's picture

I got these same errors while

I got these same errors while importing the rules today. Obviously what I need to do is get better at using rules, but I was hoping for a quick fix ;) Big thanks anyway, you definitely put me on the right path! Much appreciated.

admin's picture

Thanks! I guess the

Thanks! I guess the export/import format must have changed since November 2011 - but I am glad this post could still be of help to you!

Cibson's picture

Thank you so much!!! That was

Thank you so much!!! That was exactly what i was searching for!

Emil's picture

Exactly what I was looking

Exactly what I was looking for! Thank you for writing this post, kinda saved my a** for an upcoming project :)

Ian Tresman's picture

As a help to anyone else

As a help to anyone else implementing this in Drupal 6:

1. In addition to the Rules module, you also need the "Rules Forms support" sub-module enabled (it comes with Rules). Otherwise the "Hide random field" rule will be disable because "event_complaint_node_form_form_built" does not exist because it can not be found.

2. In the exported rules "", you need to change the default content type called "complaint" to the content type that you use. For example, I wanted to use it with a content type called "Reviews", so I changed all occurrences of of "complaint" to "reviews", and, "Complaint" to "Reviews".

3. After importing "" into Rules via its Export/Import option, it's also worth going through the Rules to see whether anything else needs editing. For example, the email from-address, and email subject line.

Thanks Robin, great post!

Ian Tresman's picture

Also worth noting the flag

Also worth noting the flag created in step 3 is called "visible".