By kevinsmith on

I'm running a Drupal-based social network for only my family. I don't want anyone who's not logged in to be able to see any of the content. The ideal solution would be for an anonymous visitor to only see a login box, and any links to content on the website would take anonymous users to this box (I like the way the login box looks for Wordpress administration.)

I've searched all over the place, and as powerful as Drupal is, there is just a lot of (what I would consider) common sense missing from the core. (For example, I had to install a module just so Drupal would email users once I approved their account. Otherwise, I guess they were just supposed to keep trying to login until it worked with no indication of account approval?)

Sorry, rant over. Back to the problem. Does anyone know how to do this?

Categories: Drupal 5.x

Comments

crookednumber’s picture

crookednumber commented

I'd suggest you edit the page.tpl.php of your theme, to see if the user is logged in. (Assumes some level of theming knowledge.) Something like:

<?php
global $user;

if ($user->uid){
  //output the normal page
}

else {
  //print just the log-in box
}
?>

http://CrookedNumber.com

kevinsmith’s picture

kevinsmith commented

Yes, I can see that now. Alrighty, I'll try that.

gpk’s picture

gpk commented

Or just clear the "access content" permission for anonymous users on the admin -> users -> access control page (under the section node.module).

gpk
----
www.alexoria.co.uk

gpk
----
www.alexoria.co.uk

kevinsmith’s picture

kevinsmith commented

Yeah, but if you do that, folks who aren't logged in see that "Welcome to your new Drupal website!" message. No thanks.

joachim’s picture

joachim commented

That sounds a bit screwy to me.
File a bug!

crookednumber’s picture

crookednumber commented

Though, if you tweak the theme, you have full control over what the anonymous user sees, i.e., a page with just a log-in, no menus, no nothing else. Or something a little friendlier.

Or is there a way to customize the text on the "Access denied" page? Anyone know?

http://CrookedNumber.com

dman’s picture

dman commented

Admin - User Management - Access Control:
Anonymous user : Access content = FALSE

Admin - User Management - User settings:
Only site administrators can create new user accounts.

done?

.dan.
How to troubleshoot Drupal | http://www.coders.co.nz/

.dan. is the New Zealand Drupal Developer working on Government Web Standards

kevinsmith’s picture

kevinsmith commented

As far as the site administrator creating accounts... even thought it's just my family, that's still a lot of work. I'll just let them create their own. That's not a problem, so much.

The problem I have is that if I do deny content access to those visitors who aren't logged in, they see the "Welcome to Drupal!" message, and while my family might not care, I have other clients that would be less understanding.

yelvington’s picture

yelvington commented

Set your default homepage as 'user.' Administer -> Settings -> Site information. If permissions are properly configured, anonymous visitors will get a login box in the content area.

If you want different homepages for anonymous and authenticated users, install the front page module.

Also, it is not necessary to install a third-party module for Drupal to send registration email to users. Drupal uses the PHP mail() function, and if that doesn't work, the proper fix is at the operating system/PHP configuration level.

Rowanw’s picture

Rowanw commented

There is no need to set the front page to the user login page, see my other comment.

dman’s picture

dman commented

However, if you leave registration open and unmoderated, any robot can come in and become a registered user.
And if your authentication relies on that ... you've got no protection at all.

I've had a few mock-up sites crawled and invaded like that before I got in the habit of securing it.

You can't tell who is allowed to see things until they identify themselves. To identify them, somebody has to agree to who they are. And that somebody must be you.

.dan.
How to troubleshoot Drupal | http://www.coders.co.nz/

.dan. is the New Zealand Drupal Developer working on Government Web Standards

Rowanw’s picture

Rowanw commented

First disable access to content for anonymous users.

Then go to Administer > Site configuration > Error reporting - and for the "Default 403 (access denied) page" field add the word "user". This directs anonymous users directly to the user login page.

crookednumber’s picture

crookednumber commented

His is the cleanest and easiest way. If you want even more control, theme just the /user page.

http://CrookedNumber.com

kevinsmith’s picture

kevinsmith commented

Awesome. Took me like 2 seconds and anyone linking to any kind of content is brought to the login screen. Excellent. That's all I needed, thanks folks!

kevinsmith’s picture

kevinsmith commented

Except... now that's it's been a little while, I can see that this might not be a solution. I'm using Pingdom to keep track of the uptime of my websites, and since this method uses a 403 error to redirect users to a login page, it makes the any uptime monitoring service think that the website is down. Which is a problem with this website especially, because I've been getting complaints from the users that this website is down all the time. It's hard to prove that to my host who claims it's not down when the results are skewed by 403 errors everytime.

I'll have to find some other way to do this.

gpk’s picture

gpk commented

There are probably other/better ways, but you could implement hook_init() a very small custom module - something like (untested):

function mymodule_init() {
  // Check if current user is logged in, and if not, redirect to login page.
  global $user;
  if (!$user->uid && $_GET['q'] != 'user') {
    drupal_goto('user');
  }
}

However this will send a 302 redirect to the browser, so maybe the uptime monitoring service won't like that either? Can't actually see why a 403 response code should necessarily cause it a problem in the first place though.

A better option might therefore be just to set your home page to be the login screen... Hmm but then you probably want the home page to display content when you are logged in ...

OK maybe this (untested) will work then:

function mymodule_init() {
  // Check if current user is logged in, and if not, force Drupal to show login page regardless.
  global $user;
  if (!$user->uid && $_GET['q'] != 'user') { // Replace $_GET['q'] by arg(0) to allow access to user/register and user/password
    $_GET['q'] = 'user';
  }
}

Maybe that will give some ideas? N.B. this may cause problems if cacheing is turned on.

gpk
----
www.alexoria.co.uk

gpk
----
www.alexoria.co.uk

rgs’s picture

rgs
he/him
commented

Here's another: try using the Advanced front page settings module, there is a setting for anonomous users. You can set up an html page with a link to the user login page.

jscoble’s picture

jscoble commented

Rgs' suggestion is spot on. This is the method I use for these situations. It is the easiest cleanest method.

Restricting the site access to authenticated users only and redirecting anon users to access forbidden is kind of messy. When famliy members first go to the site, they will see the same message. I prefer using the advanced front page module because there can be a friendly welcome page for anonymous users.

If you don't want to go through the hassle of creating user accounts for the family and other people you wish to provide access to, use the invite module and request invite module. That way you can email them an invite and they can create their own account.

The advanced front page module also provides really granular front page options, i.e. per user or per role, if you want to take advantage of those features.

crookednumber’s picture

crookednumber commented

Have you seen this?

http://drupal.org/project/r4032login

"Redirect the HTTP 403 error page to the Drupal /user/login page with a message that reads:

'Access denied! You must login to view this page.'

Also, the desired page is appended in the url query string so that, once login is successful, the user is taken directly where they were originally trying to go.

Makes for a much more user-friendly Drupal."

http://CrookedNumber.com

omnyx’s picture

omnyx commented

but where does one find this 'advanced front page module' ?
do you mean the 'front page module' ?

Rowanw’s picture

Rowanw commented

I believe so.

omnyx’s picture

omnyx commented

but it seems that front page module isn't very well supported. I read about people's concerns that it doesn't have an assigned developer/support person. Could anyone enlighten me on this one?

thanks!