By IntrepidNewbie on

I'm new at drupal but have been bravely muddling through for about a week now (working nearly around the clock). I have extensive html experience and a goodly amount of css experience, but am a novice when it comes to php and mysql. (I did try mambo and one other site before deciding drupal was the easist to use.) I have searched this site and forum extensively, I have tried various settings and modules, and I have yet to solve this issue to my satisfaction. Anyone useful feedback would be appreciated (and, since I've seen many questions about this issue on the boards, I promise to document my final solution).

Here's the scoop:

I am building a members-only site. I do not want it indexed in the search engines. I want to moderate all new memberships (meaning, I want to be able to approve members before they join). I will be inviting new members to the site and sending them a link to a sign-up page. However, I want them to be able to create their own user name and password (I don't want to have to do this manually for them).

My drupal site has been created in a subdirectory of my main domain's site, so let's refer to my drupal directory as "subdirectory". When potential new members get a link to come sign up, it should have a link to mysite.com/subdirectory (right?). When they get to that page, there should be the "register" and "sign in" and "lost password" options, and *nothing else*. When I tried to apply access blocks, there were still some features that always showed up on that page, such as the logo link in the header, the primary links, and the search bar. Even when signed out, I could access all the site content via any of those links, making the site not secure in the least. (And, yes, I have it set so that: "Visitors can create accounts but administrator approval is required.")

Next thing I tried: I added the "front page" module and created a new front page for unauthenticated users. I had to really manipulate the html code for that front page, in order to make sure there were no breadcrumb links, no header links, *nothing* but the login options. Unfortunately, that still did not work. The code I cut and paste from my original login page included tabs for "register" and "lost password". When clicked, those took me right on in to user pages that had the header links and other items that could be easily used *to access the entire site*. So, still NOT secure. I then removed from that code the tabs for the sign up and lost password options and realized that what looked like a title for the login area was also *a link* that (again) took the unauthenticated user right on into a user page that had content they shouldn't have been able to see. So I got rid of that link, too. Then, just for giggles, I logged out and then tried putting in a bogus user name and password--guess what? It took me to an error page that had, you guessed it, links to stuff that unauthenticated users shouldn't have access to. :(

In addition, I'm having some difficulty formatting the front page module and there isn't enough documentation on it. (I figured out how to create the front page for unauthenticated users, for instance, but now I've lost the content that was on my old page (the one for the authenticated users)--which I think was just "node"--and it was looking gorgeous. Grf. That means I now have to create a brand new home page for authenticated users, as well, I guess...?) In addition, that left no place for new *invited members* to create a user name or request a lost password.

Next, I tried adding the secure site module. I'm not really liking that form of user validation. For one thing, doing that and hiding the user login box means that now I don't know where to put a box for the initial sign-up process or where members should go if they need a new password. Also, when I log out with this module enabled, the http login box immediately pops up, and that's annoying. Plus, it doesn't really even work. Even with *all of the above in place*, I can still log out and access my site by going to: mydomain.com/subdirectory/user. So what's the point?

Those who might try to hack my site aren't nearly as inexperienced as the people that I actually *want* as members. So now I've just made membership super difficult for the people I want to join, and yet anyone with enough skill to use google properly can easily find a way in, authenticated or not. I have to plan for the lowest common denominator--I'm the one who is going to be providing tech support for site access and I'm dealing with a relatively low-tech bunch.

So that's where I'm at. I'm sure there's something I'm missing. So far, I've spent a significant amount of time customizing my site's css and theme layout, I've installed some modules, created a custom menu, used the url alias feature, but I haven't boned up on "taxonomy" yet, nor have I created any static pages.

Has anyone out there found an easy solution for this issue? Programmers, please be gentle (assume that I know *nothing* and can't yet speak the vernacular). I need step-by-step suggestions on how to keep unauthenticated users from accessing *any* of my site content, except for a page that allows new members to sign up, and existing members to sign in and/or to request a new password. I'm pretty confident about jumping in and altering things in my theme's css and xtmpl files. Throw anything else at me and you'll need to be very specific. ;-)

Thanks.

Categories: Drupal 4.6.x

Comments

shane birley’s picture

shane birley commented

Using the front_page.module will allow you to create a "splash page" with information regarding login, etc - while blocking all other content.

Off the top of my head:

1. install and enable the front_page.module. (which you have already done)
2. block access to anonymous users (no check boxes on at all).
3. set the user registration process to something that is suitable.

This will provide you a place to put in a custom HTML while displaying the login blocks to tell users they need to request and account, etc. An example of this is http://www.kumonfranchisee.com

It sounds like you have tried several options, but the front page module is the easiest and you have had issues with that. But don't worry, there are several cool people on this site that can get you up and running.

---
Shane Birley
Vicious Bunny Creative
http://www.vbcreative.com

---
Shane Birley
Left Right Minds
https://www.leftrightminds.com

IntrepidNewbie’s picture

IntrepidNewbie commented

Shane,

Thanks. Nice site. I checked it out and tried to get in without registering. It seems much tighter than what I've been able to create so far. ;-)

As I stated in my post, I have the front page module and I have it enabled. There must be some setting that I don't have set correctly.

Here's my questions:

1) When you say "block access to anonymous users", can you be more specific?

Under "admin>access control", I have nothing checked for "anonymous user". That should block them.

On the page "admin>settings>front page" I have added html content in the "anonymous users" box and have chosen "full" as that setting. Below that, I have nothing in the authenticated users box and have tried various settings, including redirect. What should that be set to, and what is the correct name for the site's home page for authenticated users (which could also be created in the url alias as well, right? and, if so, what link do I use for "home" in my custom menu?).

Under "site settings", I have it set to "front_page".

2) I like that every link I clicked on your site took me only to that message saying I need to sign in. I assume that once I registered, I'd go to a different home page, with all the content, like latest articles, etc., correct? That's what I'm trying to. But I need all my settings, including url alias, page redirects, etc., to function together. More help would be appreciated.

Thanks,

~Christine (IntrepidNewbie)

IntrepidNewbie’s picture

IntrepidNewbie commented

Ok, hours later and I haven't gotten any answers. Continue to learn via trial and error (slow going but I am starting to make some progress).

I finally just created a custom html page for unauthenticated users and entered it into the front page module area for this. On that page, there are no links to anything and everything for logging in or registering or requesting a new password is on one page (still testing it).

Next question: does anyone know how to set the page authenticated users enter on? After logging in via the front page module, I now automatically enter onto the user profile page. I don't want that. I want to log in and enter directly into my site's "home page" (which is actually "node").

And, while we're on the subject, I haven't gotten a clear understanding of this from other board posts. What is the best way to set up a "home" or "main" page in drupal? (And don't give me a link to the handbook--I'm not asking *how*, I'm asking, from a useability standpoint, which way the programmers think is best.) For instance, do I just leave it as "node", do I create a url alias for "node" that is "home" and then link to "home", or should I create a static (or some other kind) of page and name it "home"...? See what I'm asking?

I want one page that everyone lands on once they sign in and that they can return to via the "home" links. It should contain latest news and stories, etc. Right now, I have "node" set up that way and it looks good, but I'm not sure if I've used the correct procedure (I've created a url alias to it called "home", mostly so I'd remember it). And I can't seem to make front page send users to it once they've logged in.

Thanks. Now for more coffee...

~SlightlyLessIntrepidThanBefore

stephenhendry’s picture

stephenhendry commented

I am just about to create a site similar to what you wan.t A login about us page for non members and the full site for members.

I am not planning on using front page module but instead will place logic into my theme (php template)

So some example code for page.tpl.php would be (please not I have not tested this!):

global $user;
if (!$user->uid) {
    include('non_member.tpl.php');
    return;
} else {
    include('member.tpl.php');
    return;
}

non_member.tpl.php would have the register option and a link to login.

member.tpl.php will be the normal page.tpl.php. So if a member is logged in they will see the site as normal when they go to each page. IF they log out then it will go the non_member.tpl.php.

I think this should work.....

--------------------------------------
http://www.stephenhendry.net

shane birley’s picture

shane birley commented

---
Shane Birley
Vicious Bunny Creative
http://www.vbcreative.com

---
Shane Birley
Left Right Minds
https://www.leftrightminds.com

AntonioMartos’s picture

AntonioMartos commented

I have the same problem. I need a site only for members user and a "page" with login for non members.

I tested front_page module and don't work well.

Where put de this code in my page.tpl.php template? Or only this code in that file?

My english is bad, bat i need this help to setup my site.

Thanks.

Nidhi Anarkat’s picture

Nidhi Anarkat commented

There is a very nice option of roles on the block configure page which allows you to chose ppl with only specified roles can see the block.Solves all problems.No need to use front_module or anything else.Life is so simple with Drupal 7.Its amazingness.