Closed (duplicate)
Project:
Drupal core
Version:
4.6.0
Component:
user system
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
14 Jul 2005 at 02:12 UTC
Updated:
11 Aug 2005 at 22:33 UTC
The usability problem: If a user is not logged in, the "access denied" message really ought to be accompanied by a login form.
The easy solution for this is to point Drupal to a PHP node as the custom 403 page. It might look something like this:
global $user;
if ($user->uid > 0) {
// if they're logged in, but access is denied
$output = "<strong>You do not have permission to view this page.</strong><br />This page is only accessible to certain users.";
}
else {
// if they're not logged in, send 'em to the login, then bring 'em back to where they were going...
drupal_set_message("The page you requested is only accessible to certain users. Please log in so that we may determine your permission.");
drupal_goto('user/login', drupal_get_destination());
}
print $output;
Here's the problem with this:
When Drupal serves up the custom 403, even though there is no url redirect to the 403 node (that's good), the $_GET['q'] value becomes that of the 403 node. So when the user submits the login, they are redirected back to the node that contains the custom 403 code and not to the page that they were originally requesting.
This is kind of confusing without actually seeing it in action, so here it is from the user prospective:
User is not logged in. User requests "www.example.com/special_access_page".
User gets a message that says, "You should probably log in if you want any chance to see this page." User logs in. Note: user should now have permission to view the 'special_access_page' node.
But, user is (incorrectly) redirected to: "www.example.com/access_denied_node" where they get a message saying "You do not have access permissions for this page."
There are several culprits contributing to this problem. I would say that the main issue lies in the way that the custom 403 page is called in for display. But maybe there is a better solution so I'll leave it open for suggestions.
-Jeff Robbins
p.s. I also tried to solve this problem by just calling in print user_login() instead of drupal_goto(), but this gets basically the same result.
Comments
Comment #1
jjeff commentedI'm going to call this a usability bug.
Comment #2
jjeff commentedActually, I think this is essentially a duplicate of http://drupal.org/node/24050
Comment #3
tostinni commentedAs told jjeff, that's a duplicate.