The option to use a custom page in the CMS for login fail is intuitive, but for many implementations, this would cause the additional need to remove that page from search results, etc. The following outlines eliminating that approach completely, and shifting the approach to use form_set_error(). These need not be mutually exclusive approaches, per the setting page.

@@ -125,7 +125,7 @@ function _restrict_by_ip_login(&$user
- drupal_goto(variable_get('restrict_by_ip_error_page', '0'));
+ form_set_error('', variable_get('restrict_by_ip_error_page', 'Invalid IP Range'));
+ return $logonvalid;

@@ -52,7 +52,7 @@ restrict_by_ip_settings(
- '#type' => 'textfield',
- '#title' => t('Login denied page'),
- '#description' => t("This the address of the page to which the user will be redirected if they are not allowed to login. If you don't set this the user will not know why they couldn't login"),
+ '#type' => 'textarea',
+ '#title' => t('Login denied message'),
+ '#description' => t("This the error message shown when attempting to login from outside the acceptable IP range."),

We additionally patched restrict_by_ip.install as follows:

@@ -10,7 +10,7 @@ function restrict_by_ip_install(
variable_set('restrict_by_ip_error_page', 'You are attempting to login from outside an approved IP range. Please use a VPN client, or contact the primary site administrator.');

Comments

rocketeerbkw’s picture

rocketeerbkw commented
Issue summary: View changes
Status: Active » Needs work

I like the idea, but IP checks aren't done just when submitting login forms. You'd have to change to drupal_set_message() to work for all use cases.

rocketeerbkw’s picture

rocketeerbkw commented
Version: 6.x-1.0-beta2 » 8.x-4.x-dev
eanushan’s picture

eanushan commented

We use a similar module internally, and were using drupal_set_message to display the error on the page the ip restriction occurred on. Whether that be the login page or not.