How can I temporarily prevent any logins?
https://drupal.stackexchange.com/questions/294801
-
25-02-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianDomanda
I've a high visitor website in Drupal 6. For performance reasons I've removed Captcha on all pages.
I don't want anybody to log in and we don't logout.
Can I rename any Drupal file related to login-functionality? I have SSH access and also use drush. When I want to enable login functionality I've move the file back.
Soluzione
create a simple custom module, by getting the help of hook_form_FORM_ID_alter to disable login form by the following snippet.
solution A:
function hook_form_user_login_alter(&$form, &$form_state) {
unset($form);
$form = array();
// or disable it with the following
//$form['#access'] = false;
}
solution B:
function hook_form_user_login_alter(&$form, &$form_state) {
$form['#access'] = false;
}
solution C: disable submit button
function hook_form_user_login_alter(&$form, &$form_state) {
$form['submit']['#access'] = false;
}
Altri suggerimenti
The correct way to avoid users can access the login form is changing the access callback of the route used for the login form and removing the login block from any page.
Altering the form with hook_form_alter() or hook_form_FORM_ID_alter() and setting $form['#access'] to FALSE would just hide the form to the users, who would just see a blank page.
Altering the access callback, users would see an access denied error page if they try to access the login page entering directly the login path in the address bar of the browser (http://example.com/user/login, if clear URLs are enabled, or http://example.com/?q=user/login, in the case clear URLs aren't enabled) which would make clear the login page is not accessible to them. Plus, Drupal wouldn't show any link pointing to the login page, if users don't have access to that route. This means that, if you have a module that adds a link to the login page, that link would not be shown to the users who cannot access the login page.
Since the User module is already using an access callback for user/login, it's sufficient to change it, for example with the following code.
function mymodule_menu_alter(&$items) {
if (isset($items['user/login']) {
$items['user/login']['access callback'] = FALSE;
}
}
Setting the access callback to FALSE makes user/login not accessible from any user.
I would not use that code, if I am not totally sure users aren't automatically logged off, for example because the session cookie has expired, or because there is a module that logs them off when their session lasted too long.
