I just finished figuring out out to do this for a site... and then I found this nice module. Am amazed that Drupal did not have a prior one that handles this case... thanks!
In looking at the code, I noticed you missed a couple of possible issues.
First, the test to see if it's a cron.php call does not account for sites that are not installed at the web server's root. You need to use the $base_path to construct this URL.
Second, it might be possible to access user information using the /user/ URLs prior to login on. The test for URLs that are valid prior to login should be tightened to include just the /user, /user/password, and /user/register URLs.
Finally, users should be re-directed to the URL they requested after logging on. E.g., use the destination= query option.
Here's some code that does all this:
global $user, $base_path;
if ( !isset($_SESSION['openid']['service']['uri']) &&
!isset($_SESSION['openid']['claimed_id'])) {
if (request_uri() != $base_path .'cron.php' && !$user->uid && !(arg(0) == 'user' &&
( !arg(1) || arg(1) == 'password' || arg(1) == 'register'))) {
drupal_set_message(t('You must login to use this site.'));
$querystring = $_GET;
unset($querystring['q'], $querystring['destination']);
$destination = drupal_get_destination() .
urlencode('?' . drupal_query_string_encode($querystring));
drupal_goto('user', $destination);
}
}
Comments
Comment #1
bobooon commentedThanks! Committed.