User Access
wsmgrant - December 18, 2008 - 23:58
Hi,
I'm wanting to create a drupal site that has controlled access to it using a single passcode that is provided to people instead of a Username/Login access system.
Is this possible? I have studied the different authentication modules available but don't see anything that obviously fits a solution to this
Thanks to anyone who might be able to help me with this
wsmgrant
Anything like this is
Anything like this is possible and if there is no current contrib module for it, then it can be created.
Passing Phase Web Development
Can you describe the difference?
I'm unclear of the exact difference between the existing user/pass system that Drupal uses and your proposed passcode system. Would each user have their own passcode that functioned as a username and password, so that they entered the passcode into a single field instead of the two fields for user/pass, or are you wanting to have all your users share a single passcode?
Doug Gough
ImageX Media
User Access
I'm wanting to assign a single login passcode field to each specific user. Users don't create the passcode - I would email them the passcode so they could then go to the site and login using the passcode. I'm intending to set it up so that each user would then have access to specific content belonging to them.
I hope this makes sense and thanks for your reply - any help/ideas would be greatly appreciated
If the passcode is just the
If the passcode is just the password for their user account then you could create a custom module that modifies the user login block using hook_form_alter() to hide the username field and add a custom validate routine. Somehow need to get it to run before the default validator in user.module. It could do a lookup on the password and find the username field that matches, populating the field accordingly. Then Drupal will happily log the user in.
Might even be easier to create a custom login from, based heavily on the code for the existing login block or page (user.module).
There may even be a module that already does something like this http://drupal.org/node/206666#DRUPAL-6.
gpk
----
www.alexoria.co.uk
Your solution to this would
Your solution to this would need to do the following:
1. Intervene with the reg system so that you can assign your password and mail it out
2. Hide the password field in all edit forms so the user cannot change their password
3. Associate the user with their content either through roles or using their id
Passing Phase Web Development
would this work?
Thaks for your ideas - a thought I had would be to assign complex passcodes to the username field and leave the password field blank - then when I email out the passcode once the user enters this in then drupal would validate the user account as normal as the password field is blank and I would have it hidden. Do you guys think this is a feasible and reasonably secure and quick way of solving this?
>reasonably secure and quick
>reasonably secure and quick way of solving this
To make it quick we need to dovetail with Drupal's default user handling as far as possible. By default users have a username, password and email address. So I'd probably equate passcode to password, let the username be meaningful, and use the real email address (possibly you don't need this for these users, tho' Drupal requires it by default). I wouldn't want the passcode to correspond to username in case it got displayed somewhere.
I'd create a custom login form based on the main user login page's login form http://api.drupal.org/api/function/user_login/6 (in which it looks to be as tho' the by-ref $form_state argument is redundant), or based on the user login block (see http://api.drupal.org/api/function/user_block/6 case delta = 0, and http://api.drupal.org/api/function/user_login_block/6).
I'd make the username field hidden and add an additional validator which looked up the username corresponding to the passcode/password and populated the field accordingly. Obviously it would be crucial to keep the passcodes unique. You might want to do additional checking e.g. would you want to be able to log in to your own account with password only?
I'd leave the normal login page available so that you can use it for yourself. You'd probably want to do something to the "lost password" page to fit with what you want.
Probably a bit more fiddling would be needed as suggested by NewZeal.
[update]
This may be useful: "No request new password" http://drupal.org/project/noreqnewpass
Also http://drupal.org/project/alt_login module may give you some ideas .. the code can be accessed here. The module doesn't implement new login forms but alters the existing ones to populate Drupal's "real" username field, just as you might need to.
gpk
----
www.alexoria.co.uk
thanks for very helpful ideas
I understand your logic and reasoning behind this and it makes good sense. Many thanks for your thoughts. I'll have a look into it and see how far I get with modifying the login script to suit the requirements as I haven't done this before.
>modifying the login
>modifying the login script
Just to clarify, I'd recommend creating a small custom module to do this rather than modifying Drupal's user.module etc.
http://drupal.org/node/231276
You just need a .info file for the module and the .module file with the function mymodule_form_alter() http://api.drupal.org/api/function/hook_form_alter/6 to get you started... Also look at the form_alter implementations in core to get some ideas. http://api.drupal.org/api/search/6/form_alter Also see the forms documentation (2 links at the bottom here http://api.drupal.org/api). Hope this isn't too overwhelming!
gpk
----
www.alexoria.co.uk