Include error message in form_set_error instead

The option to use a custom page in the CMS for login fail is intuitive, but for many implementations, this would cause the additional need to remove that page from search results, etc. The following outlines eliminating that approach completely, and shifting the approach to use form_set_error(). These need not be mutually exclusive approaches, per the setting page.

@@ -125,7 +125,7 @@ function _restrict_by_ip_login(&$user
- drupal_goto(variable_get('restrict_by_ip_error_page', '0'));
+ form_set_error('', variable_get('restrict_by_ip_error_page', 'Invalid IP Range'));
+ return $logonvalid;

@@ -52,7 +52,7 @@ restrict_by_ip_settings(
- '#type' => 'textfield',
- '#title' => t('Login denied page'),
- '#description' => t("This the address of the page to which the user will be redirected if they are not allowed to login. If you don't set this the user will not know why they couldn't login"),
+ '#type' => 'textarea',
+ '#title' => t('Login denied message'),
+ '#description' => t("This the error message shown when attempting to login from outside the acceptable IP range."),

We additionally patched restrict_by_ip.install as follows:

@@ -10,7 +10,7 @@ function restrict_by_ip_install(
variable_set('restrict_by_ip_error_page', 'You are attempting to login from outside an approved IP range. Please use a VPN client, or contact the primary site administrator.');