Drupal6: User Access to Deny Login

StackOverflow https://stackoverflow.com/questions/1374600

  •  21-09-2019
  •  | 
  •  

Question

I want a permission that will prevent people from logging in. (So, all users of role X could be temporarily blocked, while keeping their profile pages available.)

Excerpt of the login process from Pro Drupal Development 2nd Edition:

  1. POST from login form
  2. User is blocked?
  3. User is denied by access control?

I want to stop users at step three of the process. I have a module:

/**
 * Implementation of hook_perm().
 */
function odp_perm() {
  return array('log in');
}

/**
 * Implementation of hook_user
 * lock out without the 'log in' permission
 */
function odp_user($op, &$edit, &$account, $category = NULL) {
    if ($op == 'login' && ! user_access('log in')) {
      drupal_set_message("You do not have access to log in.", "error");
      drupal_goto('logout'); //doesn't work
      drupal_goto('content/party-tonight'); //also doesn't work
    }
}

Perhaps I'm using drupal_goto wrong.

Was it helpful?

Solution

I don't have a Drupal instance to test this on ATM, but I think you want this:

/**
 * Implementation of hook_user
 * lock out without the 'log in' permission
 */
function odp_user($op, &$edit, &$account, $category = NULL) {
    if ($op == 'login' && ! user_access('log in')) {
        global $user;
        $user = drupal_anonymous_user();
        drupal_set_message("You don't have permission to log in");

    }
}

That deletes their user info and replaces it with the anonymous user instead.

OTHER TIPS

I believe this accomplishes what you're trying to do.

/**
 * Implementation of hook_user
 * lock out without the 'log in' permission
 */
function odp_user($op, &$edit, &$account, $category = NULL) {
    if ($op == 'login' && ! user_access('log in')) {
        drupal_set_message("You don't have permission to log in");

        //prevent login
        header("Location: http://www.example.com/?q=logout");
        // header("Location: http://www.example.com/logout"); if using clean URLs
    }
}

This logs the user out and displays a message. If I remember right, hook_user with $op login fires AFTER the user logs in, so this would immediately log them right back out - essentially making it so they can't log in.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top