Drupal 7 Login Methods and Module Roundup: Part 2Drupal 7 Login Methods and Module Roundup: Part 2


Last time we explored some different options that determined how the login form was displayed on your site. Today we're going to expand on that and look at different ways of wrangling or changing the actual login experience for your users. The default settings aren't exactly very refined and so it can take some configuration to get a better user experience out of the whole process.
Unfortunately, Drupal doesn't provide a lot of post-login configuration options by default. Luckily, as with most other aspects of Drupal, helpful module contributors can extend or modify the behavior quite easily and with a combination of modules we can achieve great results. Let's get started.

Take control of the login process
1. Tweaking greeting emails via the admin pages

Let's get this one out of the way first since it comes packaged with every basic Drupal installation. If your site utilizes the user registration and/or account recovery tools, you can change the email templates that are sent to confirm accounts. You may optionally install the Token module to gain a bit more customization over the email templates. Head over to admin/config/people/accounts and look at the bottom. You should see a label that says "E-mails." Here is a quick but often-overlooked opportunity to inject some branding into the user registration and login process. As you can see, the default wording is quite plain and clinical. Take this opportunity to make it sound like your system emails come from an actual human!

2. Using LoginToboggan module to extend login behaviors

LoginToboggan module has long been a staple of many Drupal installations. It's a "catch all" type module that let's you modify frequently requested login behaviors like allowing the user to use an email address instead of a username. The module is incredibly well documented on it's admin page (admin/config/system/logintoboggan) which should even new users to configure everything without having a look up additional documentation (although that option is linked on the admin page as well). Some of our favorite features include the ability to redirect to a specific URL after registration, as well as the ability to delete unvalidated user accounts after a certain period of time. The latter feature is extremely useful if you allow open registrations because spam accounts often will never validate themselves, saving you valuable time housekeeping your roster of user accounts.
Additionally, the module integrates with Rules so that you can create powerful macros or workflows that will run whenever a user completes a designated action.

3. Using Login Destination module to add redirect URLs

Login Destination is a simple module that allows you to redirect users from specific URLs to specified paths when logging in, registering, or logging out. One of Drupal's more annoying default behaviors is always redirecting to the front page by default. With Login Destination, not only can you change that but you can also add your own PHP validation code to provide a high level of customization for developers.

The icing on the cake is a weight system which means you can have multiple overlapping rules and the one weighted the lightest will execute first. Take a look at the screenshot above. Basically what this means is you can create a "catch all" rule to redirect users, but then you can layer in more specific rules to fit our use cases. In our case, we redirect to the path "/mymidlevelu" by default. But we've also created custom sign up forms that require email validation. In this case we don't want to redirect to the private URL, we simply redirect to the current page.

4. Preventing unwanted login attempts with Login Disable

Counter to what we've been covering thusfar, Login Disable will actually block the login form unless the user knows the special keyword and adds it to the login URL. Simply enable it and go to admin/config/people/login-disable and set a secret keyword. You can now access the login form by adding "?yourkeywordhere" to the end of your login URL. You can also use this module to do a "soft" maintenance mode on the site, meaning the site and all it's features are live, but only users with the keyword (like admins) can login freely.

Note that this isn't meant to be a hardcore security module, as it's protection is fairly superficial and only as good as using a single, universal pass keyword that every privileged user will need to know.

Quality of life improvements
1. Remember me module

Remember Me adds a simple feature that you've undoubtedly seen on countless other sites. At first you may be wondering why this is needed, after all, Drupal automatically remembers sessions that are currently logged in by default. You may not realize that the default Drupal session time for a login is over 3 weeks! This can actually present security concerns for people with shared workspaces or those who access Drupal from more public locations. This module gives the option of disabling the saving of sessions, meaning once the browser closes the user is effectively logged out. Alternatively, you can also modify the session time to something more reasonable (like 1 day to 1 week).

2. Redirect 403 to User Login module

This module was made to help prevent user frustration when trying access pages while logged out. A user might bookmark an internal, authenticated-only page but either logged out or their session expired. Instead of getting a regular 403 denied page, they are brought to the user login page. As a nice bonus, they are redirected to their original page after logging in.

3. Password Policy module

Password policies are often the subject of much frustration among users, and I'll be the first to tell you that they are huge nuisance to many sites. However, there is no denying that some web sites and services hold fairly sensitive data (e.g government sites) and password policies can be a requirement for some projects. This module provides pretty much every possible option you might want for these types of sites: password expiration (with timed email warnings), character constraints, minimum lengths, and mandatory password renewal upon resetting.
Granted that most of you aren't out there putting classified information out on publicly accessible websites, Password Policy is most likely an unnecessary hit to usability. You should really only be using this module if it is a mandatory project requirement.


4. Password Strength Disabler Module

If you find the password strength bar to be unnecessary or confusing for your users, you can disable it using this simple module. One could argue that without descriptive feedback, the bar doesn't effectively communicate why a password is weak or strong.

Need a Custom Designed Theme?

If you need a custom designed theme for your business then our designers can work with you to create a unique concept that is consistent with your brand, clearly communicates your value proposition and helps you achieve your goals. >> Click here to contact us and let us know about your needs and we'll analyze and provide you with an estimate for designing and development your custom theme.