By zeebo on

This seems simple but after some time searching I'm still not sure how to do it.

I want to block all anonymous access from my site, with the one exception of my Login page which has the User Login block in it. If I simply disable the "access content" permission for anonymous users I get an undesirable "Access Denied" type message on the Login page.

How is this commonly done?

thanks

Categories: Drupal 6.x

Comments

nevets’s picture

nevets commented

Visit Site Configuration >> Error reporting

Set "Default 403 (access denied) page" to the path for the login page.

zeebo’s picture

zeebo commented

Thanks, I tried this, however I still get a "You are not authorized to access this page" message on my login page, since I've turned off the "access content" permission for anonymous users. That's fine for redirects, however for legitimate users going to the login page they should not be greeted with an error message.

So I'm still looking for a simple way to give anonymous users permission to view only the login page. I think I saw somewhere that you can create a special content type for the login page, then use something like Content Access module to give anonymous users permission to view only that content type. But I'm thinking maybe there's some simpler way for what is probably a common requirement?

nevets’s picture

nevets commented

I if visit admin/settings/error-reporting and set 'Default 403 (access denied) page' to user/login while not logged in trying to access the site takes me to the login page. Do you have another module that handles 403 errors?

zeebo’s picture

zeebo commented

Hi thanks for trying to help me. The redirect like you suggest works fine, and if not logged in I get redirected to my login page. I'm not using any other 403 handler.

* Note this is not the default drupal "mysite/user/login" page, it's my own page/node and themed login block.

* I have my permissions set up so that anonymous users do not have the "access content" privilege.

So, the problem is, when a legitimate user goes to my login page, although they will see the login block, they'll also see the " You are not authorized to access this page" error. However I want to somehow authorize anonymous users for just that one page, so they can instead see a message like "Welcome, please login". And of course for any other page, if not logged in, they'll either get an error or be redirected back to the login page.

nevets’s picture

nevets commented

Two thoughts

a) Use a custom module instead of a node for your custom login form.

b) Use a module like Content Access. Set all content types so that are only viewable by people logged in. For the login node, either all per node settings for that type and allow viewing by anonymous or use a custom content type that can be viewed by anonymous.

zeebo’s picture

zeebo commented

Very simple to do, now that I get it. I just used Content Access as you suggested like this:

1 - Set all content types accessible only to Authenticated users.
2 - Enabled "Per content node access control settings" for Page content type.
3 - On my login page node only I enabled access for Anonymous users.

I also use Login Destination to redirect users to my home page after logging in.

Thanks so much for sticking with me on this issue and helping me figure it out!

best,
zeebo

ppc.coder’s picture

ppc.coder commented

Hi,

I am looking to do the same thing. I think it's helpful to clarify that you need to give anonymous users: View published content (drupal 7) or access content (drupal 6) permission or else Content Access won't work.

emilkarl’s picture

emilkarl commented

I'm having the exact same problem.

1. Anonymous users does _not_ have "View published content" permission
2. I have Content Access enabled
3. Created a page with custom path "login" as I want some custom easily editable text for the login page
4. Set view content on the "login"-page node to anonymous
5. Set 403 (access denied) page to "login"
6. Added login block to display on "login" page
7. Logout, and go to start
8. Get "Access Denied...." with login block

Anyone have a solution? I want the page content to be editable so a custom theme for the login is not an option. I would also be able to let guests view a couple of other pages...

nevets’s picture

nevets commented

(1) "Anonymous users does _not_ have "View published content" permission" prevents anonymous users from seeing any content. So you first need to grant them permission to see content then use content access to limit what they can see. If it really only a few pages set content access to allow per node settings, set content access permissions so anonymous users can not see any content and then enable viewing for the select pages.

Kloo-1’s picture

Kloo-1 commented

You can also use Role Theme Switcher Module. Add separate theme only for login/register and pick this theme as for 'anonymous users'. It works for me.

dahousecat’s picture

dahousecat commented

I think setting the "Default 403 (access denied) page" to the login page is a bad idea because just because someone has access denied does not mean they are not logged in - they may just not have permission to view that particular page.

A better method is to put a little code in your themes template.php:

function YOUR_THEME_NAME_preprocess_page(&$variables) {
	if(!$variables['user']->uid && arg(0)!='user' && arg(1)!='login') {
		drupal_goto('user/login');
	}
}
Whitestar’s picture

Whitestar commented

Thanks Felix. This is a simple, elegant solution and solved my problem exactly.

kwoxer’s picture

kwoxer commented

That drupal_goto saved me. Thanks man.

TanvirAhmad’s picture

TanvirAhmad commented

That is perfect and make sense.

t@n

omrmankar’s picture

omrmankar
Primary language English
Location Mumbai, Maharashtra
commented

When the anonymous user hit front page I want to show login page and other pages are accessible

Best regards,

Omprakash Mankar
Senior Drupal Developer

omrmankar’s picture

omrmankar
Primary language English
Location Mumbai, Maharashtra
commented 
function YOUR_THEME_NAME_preprocess_page(&$variables) {
    global $base_url;
    global $user;
    if(isset($base_url) && $user->uid==0 && arg(0)=='node') {
		drupal_goto('user/login');
	}
}

Best regards,

Omprakash Mankar
Senior Drupal Developer

jatf2’s picture

jatf2 commented

Thank you dahousecat.