Issue status update for http://drupal.org/node/24050 Post a follow up: http://drupal.org/project/comments/add/24050 Project: Drupal Version: cvs Component: user system Category: feature requests Priority: normal Assigned to: gordon Reported by: gordon Updated by: jjeff Status: patch Before I saw this thread, I posted another take on this bug at http://drupal.org/node/26659. It explains the problem a little more in-depth. Here's the thing: What makes Drupal sites look like Drupal sites is that they've got a login/password box on every page until the user is logged in. For Drupal to become a mature platform, it's going to need to move away from dependence on this crutch. Drupal should provide the infrastructure to allow the option of a simple "Login/Register" link. However, if a user gets an access denied message, they should be prompted to log in. As it is, the best that you can do after login is direct them back to the node that defines the "Access Denied" message. This is more than just confusing for the user. It's downright wrong! Dries, please reconsider this patch and/or some variation that solves this problem. It is essential for all current versions of Drupal. Thanks, Jeff jjeff Previous comments: ------------------------------------------------------------------------ Wed, 01 Jun 2005 05:51:25 +0000 : gordon Attachment: http://drupal.org/files/issues/denied_login.diff (1.41 KB) If the user is anonymous, then the user will be presented with the login page 'user/login' instead of a the 403 default page. If the user then logins in and has access to the page they will then get redirected to the page they were trying to access. If the user is already logged in then they will get the defined 403 page. With the standard system you cannot just set user/login as the 403 page as you will not be redirected to the page that you were originally requesting, but instead to the user page. ------------------------------------------------------------------------ Sun, 05 Jun 2005 00:22:06 +0000 : gordon Attachment: http://drupal.org/files/issues/denied_login2.patch (3.43 KB) here is a newer version of the patch which adds an option to admin/settings page so this functionality can be turned off and on. ------------------------------------------------------------------------ Sun, 05 Jun 2005 01:38:39 +0000 : moshe weitzman I have been wanting this since i first saw drupal (i.e. a long time). +1 ------------------------------------------------------------------------ Sun, 05 Jun 2005 10:29:05 +0000 : Dries Because the 403 page is configurable, this is already possible. This patch only makes it more convenient. I tempted to say: "Won't commit, but let's extend the form description a bit so it is clear this is possible.". That or we add a link to the login page (without the extra setting), cfr. to what the comment module does. ------------------------------------------------------------------------ Sun, 05 Jun 2005 12:06:40 +0000 : moshe weitzman dries - upon executing the 403 handler, the original $_GET['q'] is lost. That means that we cannot redirect to the destination page after login and thats one of the main benefits of this patch. ------------------------------------------------------------------------ Sun, 05 Jun 2005 12:40:57 +0000 : gordon Yes you can use the user/login link, but once you login you get the user page and not the page you were triing to get to. Also if you are logged in you will still get the user/login page when really you should get the custom access denied page. ------------------------------------------------------------------------ Sun, 05 Jun 2005 20:57:20 +0000 : slower What version of Drupal is this for? I'm using 4.5. ------------------------------------------------------------------------ Sun, 05 Jun 2005 23:47:19 +0000 : gordon It is for cvs (4.7) I would have to rewrite it if I was to port it back to 4.5 ------------------------------------------------------------------------ Mon, 13 Jun 2005 23:49:02 +0000 : gordon Dries, What is the verdict on this patch. I have found no way of prompting anonymous users to login and continue seemlessly without this patch. Please correct me if I am wrong, as this is some functionality that I require. ------------------------------------------------------------------------ Tue, 14 Jun 2005 01:00:12 +0000 : neofactor Glad to see it... I had always just added the following custom pages: http://neofactor.com/error403 (with a login link) http://neofactor.com/error404 (Adding the auto search) My 403's are only for non-members and all members have the same access. I use PHP to control groups differently for lots of different clients, so this works out well form me. The auto redirect function is nice.... keeping the user's initial request in place. hey.... When is Drupal going to add images to pages at core? Visual appeal.... It would be great if menu items and other areas started to do this... then people could just swap them out. Just a wish list. ;) ------------------------------------------------------------------------ Tue, 14 Jun 2005 03:02:01 +0000 : gordon Just adding the pages does work, but does not give the effect that I need. You can always use the login box on the sidebar, which will do the same thing. You said that the 403's aren't used to logged in users as they have the same privledge, But not everyone has the same privledge on your site (unless everyone has the same rights as user 1 ;-)) So what if a user who is already logged in goes to /admin you do not want to tell them that they need to login to get to the admin page, you want to send them to a big go away page.