domain_integration_login_restrict.module in Domain Integration (Drupal 7) 7
Same filename and directory in other branches
Domain Integration Login Restrict.
This can be done with Rules, but then it is impossible to show a nice message to the user who is not allowed to login. Therefore this separate module that adds validation on login forms.
@see: http://stackoverflow.com/questions/14674017/how-to-logout-and-display-me...
File
modules/domain_integration_login_restrict/domain_integration_login_restrict.moduleView source
<?php
/**
* @file
* Domain Integration Login Restrict.
*
* This can be done with Rules, but then it is impossible to show a nice message
* to the user who is not allowed to login. Therefore this separate module that
* adds validation on login forms.
*
* @see: http://stackoverflow.com/questions/14674017/how-to-logout-and-display-message-after-login-under-certain-condition
*/
/**
* Implements hook_form_alter().
*/
function domain_integration_login_restrict_form_alter(&$form, &$form_state, $form_id) {
switch ($form_id) {
// Login forms.
case 'user_login':
case 'user_login_block':
case 'user_pass':
array_unshift($form['#validate'], '_domain_integration_login_restrict_validate_user_login');
break;
}
}
/**
* Validates if the user is assigned to the current domain.
*
* If validation fails the error message will show valid domains for a user
* by default. To show Drupal's default error message, without 'leaking' domains
* you can toggle variable 'domain_integration_login_restrict_form_error_hide_domains'
* to TRUE.
*/
function _domain_integration_login_restrict_validate_user_login($form, &$form_state) {
// Load user domains and return if it fails.
$values = $form_state['values'];
$user = user_load_by_name($values['name']);
if (!$user || $user->uid == 0) {
// Try to load the user by email.
$user = user_load_by_mail($values['name']);
}
if (!$user || $user->uid == 0) {
// Validation is handled by Drupal core.
return;
}
// Check if user is admin.
$admin_role = variable_get('user_admin_role', 0);
if ($user->uid == 1 || in_array($admin_role, array_keys($user->roles))) {
// Validation is handled by Drupal core.
return;
}
// Check if user is assigned to current domain.
$current_domain = domain_get_domain();
$user_domains = $user->domain_user;
$user_is_assigned_to_current_domain = in_array($current_domain['domain_id'], $user_domains);
// Set errors if validation failed.
if (!$user_is_assigned_to_current_domain) {
// Drupal's default form error.
if (variable_get('domain_integration_login_restrict_form_error_hide_domains')) {
// This is exactly the same error that user.module will show when a login
// attempt fails.
form_set_error('name', t('Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>', array(
'@password' => url('user/password', array(
'query' => array(
'name' => $form_state['values']['name'],
),
)),
)));
}
else {
$error_message = t('Sorry, you cannot log in on this domain. You username is assigned to: ');
$counter = 0;
foreach ($user_domains as &$domain) {
$counter = $counter + 1;
$domain = domain_load($domain);
if ($counter > 1) {
$error_message .= ", ";
}
$error_message .= "<a href='" . $domain['path'] . "'>" . $domain['sitename'] . "</a>";
}
$error_message .= ".";
form_set_error('name', $error_message);
}
// The watchdog message does contain extra info about the domain.
watchdog('domain_integration_login_restrict', 'Login attempt failed for %user on domain %domain_sitename.', array(
'%user' => $form_state['values']['name'],
'%domain_sitename' => $current_domain['sitename'],
));
}
}
/**
* Implements hook_user_login.
*/
function domain_integration_login_restrict_user_login(&$edit, $account) {
// Check if user is assigned to current domain.
$current_domain = domain_get_domain();
$user_domains = $account->domain_user;
$user_is_assigned_to_current_domain = in_array($current_domain['domain_id'], $user_domains);
// Log the user out if they are not assigned to the current domain.
if (!$user_is_assigned_to_current_domain) {
module_load_include('inc', 'user', 'user.pages');
user_logout_current_user();
watchdog('domain_integration_login_restrict', 'An unauthorised user tried to log in on an domain she did not have access to. IP: %ip Domain: %domain UserId: %uid', array(
'%ip' => '',
'%domain' => '',
'%uid' => $account->uid,
), WATCHDOG_ERROR);
drupal_set_message(t('Sorry, you cannot log in on this domain.'), 'error');
drupal_goto('<front>');
}
}
Functions
Name | Description |
---|---|
domain_integration_login_restrict_form_alter | Implements hook_form_alter(). |
domain_integration_login_restrict_user_login | Implements hook_user_login. |
_domain_integration_login_restrict_validate_user_login | Validates if the user is assigned to the current domain. |