Rule to redirect on login, except on one-time login and password reset

Subscribe

Perhaps we could add an event to an event when "user" requests new password. Since they wouldn't be logged in when this happens, it would have to be based on the submitted user name. This way, you could add the user to another role that tracks their status in your registration workflow.

Would this do the trick?

I am having the same issue.

My website requires users to be approved. When the user clicks on the one-time login link and is asked to change their password, they are giving a message at the top of the content body to go fill out their profile (per my rule which is triggered on login).

Another solution for me would be to show the message on a particular page but only once a day -- not every time the user visits the page.

I had the same issue, and searched for an answer for a while (even trying other modules for redirecting on logon). Finally I found this solution that works for Rules.
What you do is add a condition for your redirect rule, with the following php-evaluation:

if (arg(0) == 'user' && arg(1) == 'reset') {
return false;
} else {
return true;
}

This checks if the user is using a one-time password, if that is the case the redirect rule is not triggered.
Hope this helps!

Brilliant! Thanks for the tip!

@BlackD Thanks for the tip in #5, works great.

I hope no-one minds me changing the title of this issue. I think this might help people find what they might be looking for.

Izzy

I just wanted to thank BlackD for the tip in #5, exactly what I was looking for!

Wow! Thanks, BlackD.

My users were being re-directed to a role-specific home page when they used the one-time login, so they could never set or change their password. Your snippet saved me! Thanks so much!!! (FYI, it works in Drupal 7, as well.)

#5 does not work for me.
I was unable to find a doc on how URL arguments are passed, e.g.
- should arguements above not be $argv or $arg (why no dollar)
- in a multi-lang site with lang prefix, the lag will be in position zero? e.g. I tried

// Accept all pages, except
// ignore http://SITE/LANG/user/reset/xxxx
if (arg(1) == 'user' && arg(2) == 'reset') {
return false;
} else {
return true;
}

Nice one, #5 just saved my bacon.

I know this is closed but does anyone care to comment about the concerns raised in #12? Is it possible for anything else to be used as the first arg and get around the PHP condition?

I wonder if its possible to use Rules to redirect to Front page after reset password,
instead of redirect to Login page.
Any ideas ?

Thanks

For #12: to add php conditions, just ensure that your PHP filter module is on.

Yea!

For the record, rules in D7 seems to have a data value for [account:one-time-login-url], so you can set a condition on that.

It is STRONGLY recommended that you do not bother with #5 as that requires turning on the php filter module, which can be a horrible security risk for any site for which it is enabled.

What's left to do here? This appears to be a docs issue.

A backport of https://drupal.org/project/rules_url_argument might be something worth checking into as well.

If the solution in #5 is strongly not recommended it would be nice, if not essential, to have some other solution. Thanks.

Thanks, stephen.colson, but I can't figure out how to get the condition working in D7. Sorry if I'm hijacking the thread, but it seems relevant.

I've added the condition "Path has URL alias" and used [account:one-time-login-url]. I also checked "negate" because I want the redirect to execute only if the user is NOT using the one time login link.

Any ideas why it's not working? More specifically, the rule doesn't redirect at all.

Re #19, if there is no other suitable d6 version still, then I would recommend exporting the rule using features, and modify the php code there. If you are using PHP, it should be in code and not the database anyway.

Re #20, I know this isn't the best answer but I have no idea why it wouldn't work for you. It has worked well enough on every d7 site I have worked with, so I couldn't really begin to tell you what wasn't working right on your site.

Does this try to differentiate
- users logging in for the first time
from
- users resetting their password ?

It's what I am trying to achieve, but it seems that this thread only discusses ways to differentiate:
- users logging in for the first time or resetting their password
from
- users logging in "normally".

Can you confirm that the this discussion is about the latter?

@Louis Bob #23 - yes.

RE #20 - I too can not get it to work with D7 ... here is export of my rule:

{ "rules_home_page_redirect_user" : {
"LABEL" : "AM Redirect logged in user to their home page",
"PLUGIN" : "reaction rule",
"TAGS" : [ "user activity" ],
"REQUIRES" : [ "rules", "path" ],
"ON" : [ "user_login" ],
"IF" : [
{ "NOT path_has_alias" : { "source" : "[account:one-time-login-url]" } }
],
"DO" : [ { "redirect" : { "url" : "user-home" } } ]
}
}
Still not sure why it isn't working ... Thanks for any suggestions.

EDIT: Further research (http://drupal.org/node/1045964#comment-6016904) revealed that all I had to do was to change my condition to ... NOT Text Compare -- site:current-page:path -- contains user/reset
And all works as intended
FYI here is my rule export:
{ "rules_am_redirect_user_logins" : {
"LABEL" : "AM redirect user logins",
"PLUGIN" : "reaction rule",
"REQUIRES" : [ "rules" ],
"ON" : [ "user_login" ],
"IF" : [
{ "NOT text_matches" : { "text" : [ "site:current-page:path" ], "match" : "user\/reset" } }
],
"DO" : [ { "redirect" : { "url" : "user-home" } } ]
}
}

Was small code but very powerful.

Thanks mate !

Re #5 what event is needed for redirection. I know the conditions, but not event.

Thank you for reply
Adrian

Thanks "amccoy" your #25 comment has been extremely useful, specially your edit since I was facing exactly the same problem and my first impression was to create your exact first condition! Thanks a lot!! :-)

Amccoy...this was Extremely helpful!

Can't thank you enough!!!

Hello! I have tried #5 and those not work for me. I am using drupal 7

My rule goes like that:

Event: user logged in
Condition: data to check: site:current-cart-order:commerce-line-items:0
2nd Condition: #25 solution
Action: page redirect

#25 IT DOES WORK is not "user\/reset" is "user/reset" OBVIOUSLY :D HAHA

RE#30 when you enter the text into the field on the form it is in fact "user/reset"
but when you export the rules, that line of code becomes:
{ "NOT text_matches" : { "text" : [ "site:current-page:path" ], "match" : "user\/reset" } }
... and the extra "\" before the "/" is called "escaping a special character"
google "escaping a special character" and you will understand what I mean :-)

Related #1079018: React upon user logging in the first time

Thanks mucho amccoy, I was banging my head for a while on this, and a quick search here led me to your solution!

You can also fix this problem just using rules, no coding.

In my case I wanted to redirect people to their workbench after they login.
But people that forgot their password would also get redirected to their workbench and wouldn't be able to change their password. They had to navigate to their own profile page but they had to reenter their password again: the onetime logging didn't work anymore.

So this is the rule I added:

Events
Event: User logged in.

Conditions
Elements: Text comparison.
Parameter: Tekst: [site:current-page:path], Matching text: user, Comparison operation: ends with

Actions
Elements: Page redirect
Parameter: URL: admin/workbench, Force redirect: false

Cool! Thanks!

Correction: comment added where summary should have been

Very helpful code, it saved my time, thanks

We used a slight variation on # 34:

Events
Event: User logged in.

Conditions
Elements: NOT Text comparison.
Parameter: Text: [site:current-page:path], Matching text: ^user/reset/, Comparison operation: regular expression

Actions
Elements: Page redirect
Parameter: URL: admin/workbench, Force redirect: True

So we re-direct if the path is not ^user/reset/

Just a different way to accomplish the same thing.

#37 is working perfect, thanks!

thanks. #37 worked for me. #5 wasn't an option due to having php disabled for security.

#25 worked for me. I imported the code and modified slightly. Thanks!

#25 worked for me!

hi @amccoy #25 is still helpful - worked for me.
thx!

Thanks a ton man..... this helps a lot

Looking for a D8 solution to this issue.

Hello @amccoy, #25 is also working for me. Thank you!!!

Does anyone have a D8 rules example for this?

See for D8: https://www.drupal.org/project/rules/issues/2973934

Thank you so much !!

I used solution #37 and it worked for me. Thank you!
Also solution #25 thanks for explaining why the condition needs to use 'text compare' as method.
And #17 for notifying that using php in a condition is a security risk, as my first idea was to compare the path with regex in php, as I had not understood that the 'text compare' option in Rules condition could also do the trick.

Is there any way to do this in Drupal 8?
I have a rule to redirect on login, but when I click on the URL in the email to reset my password I am redirected to the URL instead of being taken to edit/add a new password.
So I created a condition that does a text comparison on the node URL path, but this also fails.
https://imgur.com/a/rzyTGTP
Here is the config for the Condition:
https://imgur.com/a/SClurtO

So when I save this, log out of my test account in a different browser, and open the subsequent email that is sent to me, I get this:
https://imgur.com/a/shWLXZM
https://imgur.com/a/8X7nflX

Because I cannot find any documentation that explains how this is supposed to work I am completely lost. I feel like I am close, but could also be 2,000 miles away from shore.

UPDATE: I tried a direct input based off #37 above, and still not working...
https://imgur.com/a/e9B8UHq

Please always search the issue queue first - this is discussed in #2975452: Redirect users to profile edit page after one-time login . The "Path contains text" condition given in that issue is now part of the D8 Rules Essentials module, which adds many other useful things as well.

(Removed the phpcs tag which was added in #21, because #21 seems to be posted in the wrong thread. This issue has nothing to do with phpcs.)