Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Drupal's built-in user/regisiter correctly does not allow regisgtration while in maintenance, but logintoboggan's unified login/register form still shows the register tab when in maintenance mode and allows its use. After submitting the register form the user is shown the maintenance page but the new account is created.
I've patched logintoboggan.module by simply returning the login form if in maintenance mode:
/**
* Builds a unified login form.
*
* @param $active_form
* Which form to display, should be 'login' or 'register'.
*/
function logintoboggan_unified_login_form($active_form = 'login') {
$login_form = drupal_get_form('user_login');
// Don't allow register in maintenance mode
if (variable_get('maintenance_mode', 0)) {
return $login_form;
}
// ETC.....
I'm not sure if there are any other cases to cover e.g. blocks.
Comment | File | Size | Author |
---|---|---|---|
#2 | logintoboggan-2296927-prevent_registration_in_maintenance_mode-2.patch | 964 bytes | dooug |
Comments
Comment #1
dooug CreditAttribution: dooug at Promet Source commentedThis sounds like a major issue in expected behavior. Can someone roll a patch for this and test to confirm?
Comment #2
dooug CreditAttribution: dooug at Promet Source commentedI rolled the patch and tested. It is a simple enough solution.
However, I'd like to welcome any feedback for other solutions other than simply not showing the unified log-in.
Comment #3
robcarrThis is also a problem if the 'Who can register accounts? Administrators only' option is selected (Admin > Config > People > Account settings).
The unified login form allows other users to register for an account.
Although the patch you've written addresses the issue you've described, the root problem is that LoginToboggan bypasses relevant permissions on user registration.