By beekerstudios on

I know it seems a bit strange, but here's the deal.

I am attempting to create an alternate "known" anonymous, and it works. I can assign a visitor to a user by using this:

$GLOBALS['user']->uid = "69";

The user is a "known" anonymous because I know their IP address will be within a specific range, if it isn't they just get "logged into" the anonymous username.

Nothing is different from this user account "Known anonymous" except that it's part of a role that I can give specific access to certain nodes via the nodeaccess module. Which in effect creates an "intranet" where some content is only available to certain "known anonymous" users or logged in accounts.

The problem breaks when I want to allow the "known anonymous" users (like myself even to login and manage the website) to login to their authenticated accounts. Since I am am automatically forcing users into anonymous or "known anonymous" I want them to be able to login still.

Is there anyway to allow this?

Categories: Drupal 5.x

Comments

scrypter’s picture

scrypter commented

The access level for showing user/login in function user_menu() is !$user->uid, so once there is a logged in user, you cannot login again. This is past the point of displaying the login block. I just tried mysite.com/user/login when logged in and got access denied as expected. Logout tidys up session stuff, so is probably necessary before a new login. You could create your own module with a menu path /kalogin which does not insist on a null $user->uid and then calls the "normal" login form, but without a logout, things could go bad. Maybe a call to session_destroy() etc (see function user_logout()) would solve that.

Getting a menu or other link to this new url should be relatively easy.

www.purpleoar.co.nz/scryptik - Javascript editor with syntax error checking
www.purpleoar.co.nz - Web development, Drupal consultancy

www.purpleoar.co.nz/scryptik - Javascript editor with syntax error checking
www.purpleoar.co.nz - Web development, Drupal consultancy

beekerstudios’s picture

beekerstudios commented

What if someone like myself has multiple logins for a website. Not sure I understand why I can't just have a logout "function" run before the login page is displayed, in effect resetting the visitors session instead of getting an access denied page.

How is the anonymous user assigned? at what point does a "visitor" get assigned to the "anonymous" user.

Perhaps I am going about this all wrong, and I should be looking at how to create a "second anonymous user" that has the same behavior login wise that the default anonymous user has. This is basically more or less what I am trying to do. In a round about and kludgy kind of way.

I am sure I am not the only one out there wrangling with this.

beekerstudios’s picture

beekerstudios commented

Okay so the php code below will in laymans terms auto-login a user based on a "known" ip. In the case below, the range is 192.168.1.1 to 192.168.255.255 (theoretically this should be a public ip range unless your network is nat'ed). If you only owned 192.168.23.1 to 192.167.23.255 you would need to include on more bit onto the $ip_subnet_check and then include .23 for the if statement.

Include this at the top of your page.tpl.php (the very top):

global $ip_subnet_check_arr,$ip_subnet_check;
$ip_subnet_check_arr = explode(".",$GLOBALS['user']->hostname);
// depending on how big your subnet is you will need to include different bits, obviously if you have any clue 
//what I am talking about you probably know more than I do about this anyways so here goes
$ip_subnet_check = $ip_subnet_check_arr[0].".".$ip_subnet_check_arr[1];
//node/357 is basically a blank page node that destroys the session and redirects to the login page
if ($_GET['q'] != "user/login" and $_GET['q'] != "node/357" and $GLOBALS['user']->uid == "0" and $GLOBALS['user']->hostname == "192.168") {
	$GLOBALS['user']->uid = "29";
}

UID 29 is an "anonymous known" user account (which I created) with the same privileges as anonymous (which is pretty much nothing). The benefit of this is now you can put this "anonymous known" user into a role and give access to specific nodes with the nodeaccess module.

So the node/357 page (just an example node/page but you have to use the node ID filter above or else it goes into a loop and can't use the clean url equivalent, which in my case is /login) has this in it with a PHP code input format:

session_destroy();
header( 'Location: http://www.yourwebsite.com/user/login/');

So for me I would have a link to "login" for anyone who is not already logged in and is an "anonymous" or "anonymous known" visitor that linked to: http://www.yourwebsite.com/login/ . This in effect kills the visitors "anonymous" or "anonymous known" session, and redirects them to the actual login page http://www.yourwebsite.com/user/login/

If anybody has a better way of doing this, or has some idea's about how to integrate this into a module or something I am all ears. But as far as I can tell this as close to an "intranet" module as I have seen around here.

beekerstudios’s picture

beekerstudios commented

Hmmm killing that "Access Denied" error if/when you are already logged in (which is in effect what I asked for at the beginning of this thread).

if ($title == 'Access Denied') { header( 'Location: http://www.yourwebsite.com/login/?destination=' . substr($_SERVER['REQUEST_URI'],1) ); exit; }

I have that right below the php above in my page.tpl.php.

It's a little roundabout but it accomplishes exactly what I wanted.

Any help, idea's, gripes, etc. about what I am doing here would be great.

beekerstudios’s picture

beekerstudios commented

Whoops screwed this up:
This....

global $ip_subnet_check_arr,$ip_subnet_check;
$ip_subnet_check_arr = explode(".",$GLOBALS['user']->hostname);
$ip_subnet_check = $ip_subnet_check_arr[0].".".$ip_subnet_check_arr[1];
if ($_GET['q'] != "user/login" and $_GET['q'] != "node/357" and $GLOBALS['user']->uid == "0" and $GLOBALS['user']->hostname == "192.168") {
$GLOBALS['user']->uid = "29";
}

Should be this....

global $ip_subnet_check_arr,$ip_subnet_check;
$ip_subnet_check_arr = explode(".",$GLOBALS['user']->hostname);
$ip_subnet_check = $ip_subnet_check_arr[0].".".$ip_subnet_check_arr[1];
if ($_GET['q'] != "user/login" and $_GET['q'] != "node/357" and $GLOBALS['user']->uid == "0" and $ip_subnet_check == "192.168") {
$GLOBALS['user']->uid = "29";
}
litmusdesigns’s picture

litmusdesigns commented

I found a simpler solution to the original problem is just to place this at the top of page.tpl.php:

<?php
if (($title == 'Access denied') && (strpos($_SERVER['QUERY_STRING'], 'q=user/login&destination=') !== false)) {
	session_destroy();
	header( 'Location: http://'.$_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] ); exit;
}
?>
beekerstudios’s picture

beekerstudios commented

there is also a module called ipauthenticator: http://drupal.org/project/ipAuthenticator

The maintainer of that module, has possibly implemented some benefits of my kludged solution. I haven't upgraded at this point myself, but I am using that module as opposed to this hacked solution.