modules/role_login/role_login.module

<?php
// $Id$

/**
 * @file
 *  Restricts user login by role.
 */

/**
 * Implementation of hook_help().
 */
function role_login_help($section) {
  switch ($section) {
    case 'admin/modules#description':
      return t('Restricts user login by role.');
  
    case 'admin/user/roles/role_login':
      return t('Role Login enables login to be restricted by role. The module was developed to enable a user table to be shared between multiple instances, but still maintain control over which users can login, for example, on a dev instance versus a live site.');
  }
}

/**
 * Implementation of hook_menu().
 */
function role_login_menu($may_cache) {
  $items = array();
  if ($may_cache) {
    $items[] = array(
      'path' => 'admin/user/roles/role_login',
      'title' => 'Role login',
      'description' => t('Restricts user login by role.'),
      'callback' => 'drupal_get_form',
      'callback arguments' => 'role_login_admin_settings',
      'type' => MENU_NORMAL_ITEM,
	    'access' => user_access('administer site configuration'), //do we *really* need yet another permission??
    );
  }
  return $items;
}

/**
 * Menu callback
 *
 * @return
 *   array of form content.
 */
function role_login_admin_settings() {
  $role_names = array();
  $sql = "SELECT * FROM {role} r WHERE r.rid > 2 ORDER BY name";
  $results = db_query($sql);
  while ($result = db_fetch_object($results)) {
    $role_names[$result->rid] = $result->name;
  }

  $form['role_login_roles'] = array(
    '#type' => 'select',
    '#title' => t('Role Login enabled for'),
    '#options' => $role_names,
    '#default_value' => variable_get('role_login_roles', NULL),
    '#description' => t('Select roles that can login. If no roles are selected, then the role login check will be bypassed. The superuser (account 1) can never be locked out regardless of role setting.'),
    '#multiple' => TRUE,
  );

  $form['role_login_link'] = array(
    '#type' => 'textfield',
    '#title' => t('Role Login link'),
    '#size' => 80,
    '#default_value' => variable_get('role_login_link', NULL),
    '#description' => t('Enter a fully qualified URL to display an alternate login location in the form error message.'),
  );
  return system_settings_form($form);
}

/**
 * Implementation of hook_form_alter().
 */
function role_login_form_alter($form_id, &$form) {
  switch ($form_id) {
    case 'user_login':
    case 'user_login_block':
	    $form['#validate'] = array('role_login_validate' => array()) + (array)$form['#validate'];
      break;
  }  
}

/**
 * Custom validation function for user login form.
 */
function role_login_validate($form_id, $form_values, $form) {
  $login_roles = array_keys((array)variable_get('role_login_roles', NULL));
  if (!sizeof($login_roles)) return;

  $name = $form_values['name'];
  $pass = trim($form_values['pass']);
  if ($name && $pass) {
    // We could use user_authenticate here but do not want to duplicate 
    // user_login_validate or step on any other validation. The downside is 
    // role_login will only support local users.
    if ($account = user_load(array('name' => $name, 'pass' => $pass, 'status' => 1))) {
      // Never lock out superuser
      if ($account->uid == 1) return;

      foreach (array_keys((array)$account->roles) as $rid) {
        if ($rid && in_array($rid, $login_roles)) {
          return;
        }
      }

      // User form does not honor form_set_error so we clear $form['name'] to 
      // ensure no login can proceed.
      form_set_value($form['name'], '');

      if ($url = variable_get('role_login_link', NULL)) {
        $alternate_link = ' ' . l(t('You should login here.'), $url);
      }
      form_set_error('name', t('Sorry, your account does not have the proper role to login to this site.') . $alternate_link);
      watchdog('user', t('Login attempt failed for %user due to improper role.', array('%user' => $form_values['name'])));

    }
  }
}
1	<?php
2	// $Id$
3
4	/**
5	* @file
6	* Restricts user login by role.
7	*/
8
9	/**
10	* Implementation of hook_help().
11	*/
12	function role_login_help($section) {
13	switch ($section) {
14	case 'admin/modules#description':
15	return t('Restricts user login by role.');
16
17	case 'admin/user/roles/role_login':
18	return t('Role Login enables login to be restricted by role. The module was developed to enable a user table to be shared between multiple instances, but still maintain control over which users can login, for example, on a dev instance versus a live site.');
19	}
20	}
21
22	/**
23	* Implementation of hook_menu().
24	*/
25	function role_login_menu($may_cache) {
26	$items = array();
27	if ($may_cache) {
28	$items[] = array(
29	'path' => 'admin/user/roles/role_login',
30	'title' => 'Role login',
31	'description' => t('Restricts user login by role.'),
32	'callback' => 'drupal_get_form',
33	'callback arguments' => 'role_login_admin_settings',
34	'type' => MENU_NORMAL_ITEM,
35	'access' => user_access('administer site configuration'), //do we really need yet another permission??
36	);
37	}
38	return $items;
39	}
40
41	/**
42	* Menu callback
43	*
44	* @return
45	* array of form content.
46	*/
47	function role_login_admin_settings() {
48	$role_names = array();
49	$sql = "SELECT * FROM {role} r WHERE r.rid > 2 ORDER BY name";
50	$results = db_query($sql);
51	while ($result = db_fetch_object($results)) {
52	$role_names[$result->rid] = $result->name;
53	}
54
55	$form['role_login_roles'] = array(
56	'#type' => 'select',
57	'#title' => t('Role Login enabled for'),
58	'#options' => $role_names,
59	'#default_value' => variable_get('role_login_roles', NULL),
60	'#description' => t('Select roles that can login. If no roles are selected, then the role login check will be bypassed. The superuser (account 1) can never be locked out regardless of role setting.'),
61	'#multiple' => TRUE,
62	);
63
64	$form['role_login_link'] = array(
65	'#type' => 'textfield',
66	'#title' => t('Role Login link'),
67	'#size' => 80,
68	'#default_value' => variable_get('role_login_link', NULL),
69	'#description' => t('Enter a fully qualified URL to display an alternate login location in the form error message.'),
70	);
71	return system_settings_form($form);
72	}
73
74	/**
75	* Implementation of hook_form_alter().
76	*/
77	function role_login_form_alter($form_id, &$form) {
78	switch ($form_id) {
79	case 'user_login':
80	case 'user_login_block':
81	$form['#validate'] = array('role_login_validate' => array()) + (array)$form['#validate'];
82	break;
83	}
84	}
85
86	/**
87	* Custom validation function for user login form.
88	*/
89	function role_login_validate($form_id, $form_values, $form) {
90	$login_roles = array_keys((array)variable_get('role_login_roles', NULL));
91	if (!sizeof($login_roles)) return;
92
93	$name = $form_values['name'];
94	$pass = trim($form_values['pass']);
95	if ($name && $pass) {
96	// We could use user_authenticate here but do not want to duplicate
97	// user_login_validate or step on any other validation. The downside is
98	// role_login will only support local users.
99	if ($account = user_load(array('name' => $name, 'pass' => $pass, 'status' => 1))) {
100	// Never lock out superuser
101	if ($account->uid == 1) return;
102
103	foreach (array_keys((array)$account->roles) as $rid) {
104	if ($rid && in_array($rid, $login_roles)) {
105	return;
106	}
107	}
108
109	// User form does not honor form_set_error so we clear $form['name'] to
110	// ensure no login can proceed.
111	form_set_value($form['name'], '');
112
113	if ($url = variable_get('role_login_link', NULL)) {
114	$alternate_link = ' ' . l(t('You should login here.'), $url);
115	}
116	form_set_error('name', t('Sorry, your account does not have the proper role to login to this site.') . $alternate_link);
117	watchdog('user', t('Login attempt failed for %user due to improper role.', array('%user' => $form_values['name'])));
118
119	}
120	}
121	}