293 Modules match your search

Extend and customize Drupal functionality with contributed modules. If a module doesn't quite do what you want it to do, if you find a bug or have a suggestion, then join forces and help the module maintainer. Or, share your own by starting a new module.

CAPTCHA

Image CAPTCHA example

A CAPTCHA is a challenge-response test most often placed within web forms to determine whether the user is human. The purpose of CAPTCHA is to block form submissions by spambots, which are automated scripts that post spam content everywhere they can. The CAPTCHA module provides this feature to virtually any user facing web form on a Drupal site.

Co-maintainer wanted

We do this our spare time, which is unfortunately almost nonexistent at the moment due to real life obligations. To give the CAPTCHA module the required level of maintenance, an extra co-maintainer would be welcome. If you're interested in helping with this very popular module, please contact me or open an issue in the CAPTCHA module issue tracker.

Downloads

reCAPTCHA

reCAPTCHA 2.x widget (with JavaScript)

Uses the reCAPTCHA web service to improve the CAPTCHA system and protect email addresses.

Downloads

OAuth

oauth_logo.png

This module implements the OAuth 1.0 standard for use with Drupal and acts as a support module for other modules that wish to use OAuth.

Downloads

ACL

The ACL module, short for Access Control Lists, is an API for other modules to create lists of users and give them access to nodes. It has no UI of its own and will not do anything by itself; install this module only if some other module tells you to.

We're aware of the following modules using ACL (let us know if you know of others):

Downloads

Search configuration

Combining both search forms, hiding fields, changed labels & reducing node types

This module has five main functions.

  1. Alter the appearance of the core node search form
  2. Group content types for more meaningful searching
  3. Restrict search results by the content type.
    This is a role based restriction.
  4. Restrict search results from showing individual items.
  5. Alter the pager limit (aka number search item results per page).

Admin user (uid 1) is exempt from restrictions.

Downloads

SpamSpan filter

The SpamSpan module obfuscates email addresses to help prevent spambots from collecting them. It implements the technique at the SpamSpan website (a German version is also available). The problem with most email address obfuscators is that they rely upon JavaScript being enabled on the client side. This makes the technique inaccessible to people with screen readers. SpamSpan however will produce clickable links if JavaScript is enabled, and will show the email address as example [at] example [dot] com if the browser does not support JavaScript or if JavaScript is disabled.

This technique is unlikely to be absolutely foolproof. It is possible in theory for a determined spambot to harvest addresses from your site no matter how you disguise them. But research suggests that the by far the great majority of spambots do not bother to attempt to collect addresses which have been hidden using JavaScript. Indeed, most spambots cannot currently read JavaScript at all.

Here are a links to the results of a few experiments into the efficacy of JavaScript obfuscation. Let me know if you know of any more.

http://www.cdt.org/speech/spam/030319spamreport.shtml (2003)

Downloads

Lightweight Directory Access Protocol (LDAP)

Overview

The Lightweight Directory Access Protocol (LDAP) project provides integration with LDAP for authentication, user provisioning, authorization, feeds, and views. It also provides apis and building blocks (query and server configuration storage) for other modules.

Downloads

Menu Admin per Menu

By default, Drupal allows only users with "administrer menu permission" to add, modify or delete menu items.
In case you want for instance to let certain users manage primary links or secondary links but not navigation menu, this module provides this functionality.

Try out a demonstration
Watch a screencast

Downloads

Password policy

This module provides a way to enforce restrictions on user passwords by defining password policies.

Overview

A password policy can be defined with a set of constraints which must be met before a user password change will be accepted. Each constraint has a parameter allowing for the minimum number of valid conditions which must be met before the constraint is satisfied.

Downloads

Spamicide

The purpose of Spamicide is to prevent spam submission to any form on your Drupal web site. Spamicide adds an input field to each form then hides it with css, when spam bots fill in the field the form is discarded. The field, and matching .css file, are named in such a way as to not let on that it is a spam defeating device, and can be set by admins to almost anything they like(machine readable please). If logging is set, the log will show if and when a particular form has been compromised, and the admin can change the form's field name (and corresponding .css file) to something else.

Downloads

Taxonomy Access Control

Access control for user roles based on taxonomy categories (vocabulary, terms).

Downloads

Secure Login

Secure Login

Secure Login module enables the user login and other forms to be submitted securely via HTTPS, thus preventing passwords and other private user data from being transmitted in clear text. Secure Login module locks down not just the user/login page but also any page containing the user login block (or other forms that you configure to be secured).

Downloads

Image CAPTCHA Refresh

Image CAPTCHA Refresh

Description

This module adds the link for refreshing image into very popular module for widget image_captcha.

If you're interested in helping with this or have problems with this module, please contact me or open an issue in the Image Captcha Refresh module issue tracker.

Downloads

Security Kit

Screenshot

SecKit provides Drupal with various security-hardening options. This lets your mitigate the risks of exploitation of different web application vulnerabilities.

SecKit facilitates certain mitigations for Cross-site Scripting, Cross-site Request Forgery, and Clickjacking, among other issues.

Downloads

Administer Users by Role

This module allows site builders to set up fine-grained permissions for allowing "sub-admin" users to edit and delete other users — more specific than Drupal Core's all-or-nothing 'administer users' permission. It also provides and enforces a 'create users' permission.

See the README.txt file for a full explanation of the permissions.

Downloads

MimeDetect

MimeDetect provides an API for consistent server side mime detection using the PHP FileInfo extension, the UNIX 'file' command, user supplied mime data, or file extension lookups. It is distributed with its own magic library for use with the PHP FileInfo extension to make mime detection more consistent in different environments.

Downloads

User registration password

Administration settings D7

Let users register with a password on the registration form when verification mail is required.

Downloads

AES encryption

In short, here's what this module does:

For site owners:
This module can provide you with readable passwords. Some users will be able to see other users passwords in plain text if they have a role with the permission to do so.

For developers:
This module can provide you with a very simple and easy to use encryption API. Just check out the aes_encrypt and aes_decrypt functions. It really can't get any simpler.

In a nutshell:

$encrypted_data = aes_encrypt("mydata");
$decrypted_to_plain_text = aes_decrypt($encrypted_data);

Note: This module requires an AES implementation, which can be either the PHP Mcrypt extension or the PHP Secure Communications Library.

The Mcrypt extension needs to be installed on the web server, so if you're on a shared host you probably can't use this if it's not already installed (you'll find out if you have it or not when installing this module).

If you don't have Mcrypt, then grab a copy of PHP Secure Communications Library (phpseclib) from here: http://phpseclib.sourceforge.net/

Just extract that zip into a directory called "phpseclib" inside the aes module directory and you should be good to go.

Downloads

Paranoia

The Paranoia module attempts to identify all the places that a user can evaluate PHP via Drupal's web interface and then block those. It reduces the potential impact of an attacker gaining elevated permission on a Drupal site.

Downloads

Username Enumeration Prevention

What Is Username Enumeration Prevention

By default Drupal is very secure (especially Drupal 7). However, there is a way to exploit the system by using a technique called username enumeration. Both Drupal 6 and 7 have this issue, but it is much worse for people using Drupal 6. This is because Drupal 6 does not have any built in brute force prevention. When an attacker knows a username they can start a brute force attack to gain access with that user. To help prevent this, it is best if usernames on the system are not easy to find out.

Attackers can easily find usernames that exist by using the forgot password form and a technique called “username enumeration”. The attacker can enter a username that does not exist and they will get a response from Drupal saying so. All the attacker needs to do is keep trying usernames on this form until they find a valid user.

This module will stop this from happening. When the module is enabled, the error message will be replaced for the same message as a valid user and they will be redirected back to the login form. If the user does not exist, no password reset email will be sent, but the attacker will not know this is the case.

Downloads

Captcha Riddler

Captcha Riddler form

Overview

Captcha Riddler is a sub module of Captcha that lets site administrators create their own questions to foil automated spam bots.

Downloads

Node access user reference

Node access user reference settings added to user reference fields.

Gives content access permissions to users for content that references the users with User reference or Entity reference.

Downloads

Taxonomy Access Control Lite

This node_access module governs access to nodes based on the taxonomy terms applied to the nodes. A simple scheme based on taxonomy, roles and users controls which content is visible.

Downloads

Secure Pages Hijack Prevention

#D7CX: This functionality is in Drupal 7 core so this module will not be ported. Please stay tuned for the securepages port.

This is an add-on to the Secure Pages module that will prevent hijacked sessions from accessing SSL pages, yet still allow users to stay logged in when browsing non-SSL pages.

Downloads

simpleSAMLphp Authentication

simpleSAMLphp fish logo

This module integrates Drupal with SimpleSAMLphp, the most robust and complete implementation of SAML in PHP. It makes it possible for Drupal to communicate with SAML or Shibboleth identity providers (IdP) for authenticating users. The resulting Drupal site can effectively act as a SAML or Shibboleth service provider (SP).

Prerequisites

  • SimpleSAMLphp - you must have SimpleSAMLphp version 1.6 or newer installed and configured to operate as a service provider (SP).

NOTE: Your SimpleSAMLphp SP must be configured to use something other than "phpsession" (the default) for session storage. The alternatives are memcache or sql. The sql option was added in SimpleSAMLphp version 1.7. The simplest solution for folks running SimpleSAMLphp version 1.7 or higher is to edit the SimpleSAMLphp config/config.php by setting store.type => 'sql' and 'store.sql.dsn' => 'sqlite:/path/to/sqlitedatabase.sq3'

Features

  • Just-in-time provisioning of Drupal user accounts based on SAML attributes (configurable).
  • Automatic role assignment based on SAML attributes (configurable).
  • Dual mode - support for traditional Drupal accounts and SAML-authenticated accounts at the same time (configurable).

Downloads

Pages