Securing Drupal for authenticated users
melsawy - November 25, 2007 - 10:16
| Project: | Secure Pages |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | melsawy |
| Status: | needs review |
Description
This patch allow drupal to do the following:
* Access the entire web-site over http (non-secure) for anonymous users .
* Access only over secure https for authenticated user.
This patch add (Show on for authenticated user only) in securepages setting
use hook_form_alter to fix user_login_block,user_login and user_pass_reset
also use hook_user to handle logout case.
| Attachment | Size |
|---|---|
| securepages_authenticated_user.patch | 2.88 KB |
#1
I'd much appreciate it if this patch was applied! The current behaviour of securepages does not allow secure logins through the login block.
The patch above doesn't apply cleanly anymore, so I've made a new one that applies to the latest version of the secure pages module. I didn't bother to add the extra option to make pages secure only for authenticated users, though (so my patch only adds secure login).