By mhopson on
We want to ensure that no one is allowed to login from external ips (the internet) to change any content in our site. The changes will only be allowed from a private ip range and as such we will only allow logins from a private ip range.
How can this be done?
Thanks
Mike
Comments
Don't turn the site on so it
Don't turn the site on so it displays to the outside. This seems more like a firewall issue than a Drupal configuration issue. Unless you are meaning to allow outside users to view the site, just not login/edit the site. If that is the case, then you could always set it up so that users need to have their account validated by an admin prior to being able to login. Then, you could authorize users that would be valid. I guess, if your site is available outside, then the user would be able to login while they were off of your network.
- Shane
Thanks for reply ... I have a solution working
For this phase of the release we wanted to ensure that no one from the public IP could login until we better understand Drupal security. For this I decided to theme the login page.
Step 1: Registered a theme template with template.php
function mytheme_theme(){
return array(
'user_login' => array(
'arguments' => array('form' => NULL),
'template' => 'user-login',
),
);
}
Step 2: Registered a preprocess function (I don't know if this is really necessary in my case but it can be useful to set up custom html mark up)
function mytheme_preprocess_user_login(&$vars) {
$vars['form_markup'] = drupal_render($vars['form']);
}
Step 3: Created a user-login.tpl.php file
In here based on the source ip, I display the login form or a message to indicate that they are not allowed to login.
Using template files are considered slower than calling a theme function directly. I have to try that technique one day. Since we won't be having a lot of people logging in, this solution is good for now.