After trolling through the forums on this topic and plenty of ideas I have successfully implemented a self - registration with Admin approval without altering too many core / library files and introducing any security risks(!). I thought I would share this with the community. Please note you will need to have access to the core / library files possibly through ftp.
Here's how the code works:
1. Prospective user requests an account (login/signup.php)
2. User is greeted with a custom message saying their request has been sent to administrator (login/signup.php). No email is sent to the user.
3. An email is sent to administrator about the new account request. Its achieved by redirecting the email to the admin instead of the user (lib/moodlelib.php).
4. Administrator views the user (admin/user.php) and manually confirms the account. On clicking ‘confirm’ the new function send_confirmation_email_to_user gets triggered and sends an email to the user. The email only contains a message stating their account has been confirmed and no activation links are sent.
Procedure:
The main idea is to not send the activation links during the email exchange. So the only way to confirm someone's account is by the administrator's doing this manually (which requires admin rights). Here are the changes I made to the three files:
1. lib/moodlelib.php [changes made to send_confirmation_email($user) function]
- Removed activation / confirmation links from being generated - line 5939
- Email sent to $supportuser instead of $user - line 5947
- Made necessary changes to library files for the custom messages sent to site administrator.
2. lang/en/moodle.php
- added two new strings emailconfirmation_user and emailconfirmationsubject_user on line 562
3. admin/user.php
- Added a new function send_confirmation_email_to_user($user) - line 3
- changed strings emailconfirmationsubject_user and emailconfirmation_user
- Added send_confirmation_email_to_user($user); line 101 to call the function when account is manually confirmed.
Please do fully test this before implementing on a live server. Any suggestions to make this better would be greatly received.