conflict at login with legal module

posponed

what about this bug?

Oskar

Here is a patch that fixes it for me in drupal 7.

Note that this won't port directly to drupal 6 as is because the hook_drupal_goto_alter() method of redirecting isn't used in drupal 6 (and can't be as the hook doesn't exist in drupal 6).

It might give someone direction on making a drupal 6 patch though (I haven't looked at the D6 code).

By the way, the drupal 7 symptoms are that the login destination redirect overrides the legal module's drupal_goto(), which means the user isn't sent to the legal page and they are logged out again silently.

@robby. Thank you for your continuous patches. However the root of this problem is a flawed way in which the Legal module handles logins and I will refrain from adding an error-prone hack in LD to fix it:

The problems in Legal module are:

1. It calls drupal_goto in the login process. It has been discussed many times in this queue why it is not a good idea. It should alter the drupal_goto instead, same as LD module does.
2. It logs the user out in user_login, if the terms were not accepted. Of course all modules assume that the user is logged in on this place and perform their actions (which is redirect in case of LD). This should be handled in user_validate instead.

I see your point.
I'll have a look at doing a patch on the legal side of things. It definitely should be doing it's work in the validation stage.

On a side note, this is the first time I've seen the goto alter hook. It's a nice addition.

Definitely! Without this hook there is no way to do login destinations right. That's why it will never work for d6. This thread #761254: not working with content profile module ? has some explanations.

I posted about this bug in the queue of Legal module (#447476: conflict at login with login_destination module).

I think that one of the module should build a hook and the other one check this hook or will not way to resolve this problem.

Oskar

The problem can be solved without a hook and this is really not a time for major changes in API.

FYI the May 2017 Legal update 1.7 breaks the dirty hack/patch (that I was using). To fix, just adjust the if condition to this instead:

if ($path && substr($path, 0, 12) == 'legal_accept')

Basically the security update removes the arguments from the URL, so there is no trailing slash.

Still hoping one or the other modules implements a stable fix to this.

#5 combined with #13 works for me!

Add this to prevent issues with combination TFA//Legal//login_destination

if ($path && substr($path, 0, 10) == 'system/tfa') {
return;
}

Adding exceptions for 'legal_accept', 'legal_accept/' and 'system/tfa'.