I just finished figuring out out to do this for a site... and then I found this nice module. Am amazed that Drupal did not have a prior one that handles this case... thanks!

In looking at the code, I noticed you missed a couple of possible issues.

First, the test to see if it's a cron.php call does not account for sites that are not installed at the web server's root. You need to use the $base_path to construct this URL.

Second, it might be possible to access user information using the /user/ URLs prior to login on. The test for URLs that are valid prior to login should be tightened to include just the /user, /user/password, and /user/register URLs.

Finally, users should be re-directed to the URL they requested after logging on. E.g., use the destination= query option.

Here's some code that does all this:

  global $user, $base_path;
  if ( !isset($_SESSION['openid']['service']['uri']) && 
       !isset($_SESSION['openid']['claimed_id'])) {
    if (request_uri() != $base_path .'cron.php' && !$user->uid && !(arg(0) == 'user' &&
       ( !arg(1) || arg(1) == 'password' || arg(1) == 'register'))) {
      drupal_set_message(t('You must login to use this site.'));
      $querystring = $_GET;
      unset($querystring['q'], $querystring['destination']);
      $destination = drupal_get_destination() . 
                       urlencode('?' . drupal_query_string_encode($querystring));
      drupal_goto('user', $destination);
    }
  }

Comments

bobooon’s picture

Status: Active » Closed (fixed)

Thanks! Committed.