I want to limit a block to only being on the a users account page. In the section "Show block on specific pages" I used users/[user-name] (did not work) then I tried users/[user-id] (did not work).
Are tokens allowed here? Is there a way to do this?
TIA
You can use PHP to get the result you want. I dont know if tokens are allowed here. If you have PHP filter enabled you may use the following:
<?php
global $user;
if (arg(0) == 'user' && $user->uid == arg(1)){
return True;
}else{
return False;
}
?>
Get the current user with global $user, than get the url arguments with arg():
The first argument should be "user", so arg(0) == 'user'.
The second should be the current user uid, so arg(1) == $user->uid.
Everything else returns false.
Hope it helps.
Try using the * wildcard in place of a token. So you would have:
users/*
Related
I have kind of a unique issue. I have migrated a website and rebuilt it on wordpress. Some of the users that were migrated over the passwords were not migrated with them. So for all the old users I added an advanced custom field named "password_reset" and set it to true for all the older users.
What I am trying to do is show a custom message for these users that says something like "we have updated our website please rest your password with a link to reset".
I have added the below code to a function in the functions.php file
//if migrated user needs to reset password
$username = $_POST['username'];
if (username_exists( $username ) && get_field( 'password_reset', 'user_'.$uid ) ) {
$error= 'Please reset your password. To reset your password click here.';
}
return $error;
since the user isn't logged in quite yet when they are to recieve this error, I am trying to use the username_exists(username). Basically I need to identify is the user name exists already and if that username has the acf field "password_reset" checked. So far I have had no luck, any help would be much appreciated.
UPDATE: here is my lates version: the messages for invalid username and incorrect password are working, Just can't get it to work with the usernames that hold the acf value
function my_custom_error_messages() {
global $errors;
$err_codes = $errors->get_error_codes();
// Invalid username.
if ( in_array( 'invalid_username', $err_codes ) ) {
$error = '<strong>ERROR</strong>: Invalid username.';
}
// Incorrect password.
if ( in_array( 'incorrect_password', $err_codes ) ) {
$error = '<strong>ERROR</strong>: The password you entered is incorrect.';
if (username_exists( $username ) && get_field( 'password_reset', 'user_'.$uid ) ) {
$error= 'Please reset your password. To reset your password click here.';
}
}
return $error;
}
add_filter( 'login_errors', 'my_custom_error_messages');
I believe the issue is that the username is not passed to the login_errors filter. The only data available within that filter is the error message that is passed (no definitive data about user accounts at all).
I have found a different reference that may shed some light on a way to provide a customized error message without using that filter. Try using the wp_authenticate_user filter, instead:
WordPress codex reference
https://codex.wordpress.org/Plugin_API/Filter_Reference/wp_authenticate_user
Reference for application of code
https://backups.nl/internet/wordpress-revealing-username-login-trial-error/
I have a module that creates (and updates) Drupal 7 nodes programmatically.
Since the content of the body these nodes is changed by a program at random intervals I do not want anyone, including the administrator, to be able to edit them. Is there a way way to completely "turn-off" the interface that allows a administrator to edit a node?
If it's a standard user with an administrator role you can implement hook_node_access() in your custom module:
function MYMODULE_node_access($node, $op, $account) {
$type = is_string($node) ? $node : $node->type;
if ($type == 'the_type' && $op == 'update') {
return NODE_ACCESS_DENY;
}
return NODE_ACCESS_IGNORE;
}
If it's the 'super user' (user 1) you need to get a bit more creative as a lot of access checks are bypassed for that user.
You can implement hook_menu_alter() to override the access callback for the node edit page, and provide your own instead:
function MYMODULE_menu_alter(&$items) {
$items['node/%node/edit']['access callback'] = 'MYMODULE_node_edit_form_access';
}
function MYMODULE_node_edit_form_access($node) {
$type = is_string($node) ? $node : $node->type;
if ($type == 'my_type') {
return FALSE;
}
return node_access('update', $node);
}
I like both of Clive's suggestions, but one more option is to simply disable the fields using HOOK_form_alter. This will work for the User 1 account too. I've used this recently to disable a specific field that I don't want anyone modifying.
function YOURMODULE_form_alter(&$form, &$form_state, $form_id) {
if ($form_id == 'your_form_id') {
$form['body_field']['body']['#disabled'] = TRUE;
$form['body_field']['body']['#value'] = $form['body_field']['body']['#default_value'];
}
}
Admittedly, this solution isn't ideal if you're using the built-in body field because of the teaser. But it works great if you want to disable editing of certain fields while leaving other aspects of the node editable and the page intact.
I'm not sure why you need them to be an administrator. That role, honestly, should be reserved for people with absolute control -- and even those people should not use it as their "main" account due to the potential for destroying things. Why not just make an "editor" role or something similar, and give all the permissions you need?
How can I force Drupal 7 to redirect the user to a certain page (which contains a form) wherever the user clicks on the site, after they logged in, until they fill out that form?
Eg.: Anon User arrives to the site, they can browse around no problem.
Once they login/register, I would like to show a page (with a form) and not allow
them to go anywhere else until they fill that form out.
This solution has to work with cached pages so hook_init() can't be used.
hook_boot() seemed a good idea, but it is loading too early and lots of required includes won't load.
Also, the solution has to check if the page request is the actual form submit (otherwise they won't be able to submit the form)
Any ideas, suggestions?
Ok, so it seems that hook_init() is the solution and the problem was caused by the $user object. The trick is, that you have to reload the $user object, as the global doesn't contain the field values.
Very simple example code:
function mymodule_init(){
global $user;
if($user->uid && $user->uid != 1){
$account = user_load($user->uid);
$account = entity_metadata_wrapper('user', $account);
$destination = drupal_get_destination();
if(!$account->field_setup_completed->value()){
drupal_set_message('Setup incomplete.', 'error');
if($destination['destination'] != 'setup-page' && $destination['destination'] != 'user/logout'){
drupal_set_message('Redirecting to setup', 'error');
drupal_goto('setup-page');
}
}
}
}
I would like to redirect a user that logged in over the user login block. What I have is a module that contains the following code:
Appendix, 3.9.2011, 15:30h: Changed code according to the advice of kiamlaluno.
Appendix, 3.9.2011, 17:08h: Small Fix: Changed node/admin to admin.
Appendix, 3.9.2011, 17:24h: removed []
-> code is working like this now, but do not forget to change the module priority in DB.
function _MYMODULE_user_login_submit($form, &$form_state) {
global $user;
if ($user->uid == 1) {
$form_state['redirect'] = 'admin';
} elseif ($user->uid) {
$form_state['redirect'] = 'node/add/image';
return;
}
}
/**
* Modifies the outfit and behaviour of the user login block.
*/
function MYMODULE_form_user_login_block_alter(&$form, $form_state) {
unset($form['#action']);
// removes the forgot password and register links
$form['links'] = array();
// Redirects the user to the image upload page after login
// This cannot be done by a rule, the rule based redirect is only
// working for the login page not the user login block.
$form['#submit'] = array('_MYMODULE_user_login_submit');
}
It doesn't redirect users; it seems like _MYMODULE_user_login_submit() is simply ignored.
What I know already:
I cannot use Rules/Triggers, because I do not login over the login page but the user login block
It is always said: "use logintoboggan" on posts, but there I only have redirection options for "on registration" and "on confirmation", but I need "on authentication" or "after login".
Anyway, I do not want to use more modules, I prefer a few lines of PHP.
Your code doesn't work because user_block_login() sets the "#action" property for the form; in that case, redirecting the form after submission doesn't work.
$form = array(
'#action' => url($_GET['q'], array('query' => drupal_get_destination())),
'#id' => 'user-login-form',
'#validate' => user_login_default_validators(),
'#submit' => array('user_login_submit'),
);
To make it work, you should first unset $form[#action], and then executing the code you already execute in your hook_form_alter() implementation.
As side notes, I will add:
If you want to be sure your code effectively redirect the user where you want, be sure your module is executed for last; if any other module that implements hook_form_alter() adds a form submission handler to redirect the user to a different page, and that module is executed after yours, then your module would not have any effect. To make sure your module is executed after the others, you should use code similar to the following during the installation of the module, or in an update hook. (Replace "MYMODULE" with the short name of the module.)
db_query("UPDATE {system} SET weight = 100 WHERE name = 'MYMODULE');
Instead of using MYMODULE_form_alter(), you can use `MYMODULE_form_user_login_block_alter(), which would not require to check the form ID.
You should append new form submission handlers, instead of replacing the existing ones. This means you should use $form['#submit'][] = 'user_login_submit_redirected';.
Functions implemented in a module should be prefixed with the short name of the module, which means "MYMODULE_" or "_MYMODULE_" (the latter is for private functions). Not using such prefix could create a compatibility issue with other module, such as the User module, as the function you are using has a name starting with "user_."
can u try this please
function user_login_submit_redirected($form, &$form_state) {
global $user;
if ($user->uid == 0) {
$form_state['redirect'] = 'node/admin';
drupal_goto('node/admin') ;
} elseif ($user->uid) {
$form_state['redirect'] = 'node/add/image';
drupal_goto('node/add/image') ;
return;
}
}
I've installed the module - http://drupal.org/project/formblock (Enables the presentation of node creation forms in blocks)
I've enabled it for a particular content type and then exposed that block, to show when an Organic Group node is being viewed.
What I would like to do is hide that block if the current logged in user, is not the author of the Organic Group node being viewed. i.o.w I only want the organic group author to see that block.
thanks in advance :)
You can use 'PHP block visibility settings' to achieve what you want here. Using PHP you can query the database, and check whether the logged in user is the same user that created the node in the organic group.
There is an example already on drupal.org that I have adapted (you will probably need to customise this further) -
<?php
// check og module exists
if (module_exists('og')){
// check user is logged in
global $user;
if ($user->uid) {
// check we've got a group, rights to view the group,
// and of type "group_type" - change this to whichever group you want to restrict the block to
// or remove the condition entirely
if (($group = og_get_group_context()) && node_access('view', $group) && ($group->type == 'group_type') ) {
// check current user is a team admin as they should get access
if (og_is_node_admin($group)) {
return TRUE;
}
// check to see if the current user is the node author
if (arg(0) == 'node' && is_numeric(arg(1))) {
$nid = arg(1);
$node = node_load(array('nid' => $nid));
if ($node->uid == $user->uid) {
return TRUE;
}
}
}
}
}
return FALSE;
?>