Skip to content

Instantly share code, notes, and snippets.

@dmuth

dmuth/gist:1587034

Created January 10, 2012 04:52
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dmuth/1587034 to your computer and use it in GitHub Desktop.
Save dmuth/1587034 to your computer and use it in GitHub Desktop.
Download ZIP
How to secure a Drupal site
Raw
gistfile1.aw
<?php
/**
*
* From my blog post at:
*
* http://www.dmuth.org/node/1202/how-secure-drupal-site
*
*/
$path = getenv("SCRIPT_URL");
//
// If a user is not logged in, they can only access certain unrestricted pages.
//
if ($user->uid == 0) {
if (
//
// strstr() is called for efficiency. Keep in mind that ANY path that matches
// these strings will be allowed to anonymous users. So if you have something
// like "/userlist", an anonymous user can view that. I warned ya!
//
!strstr($path, "user")
&& !strstr($path, "how-to-join")
&& !strstr($path, "contact")
) {
form_set_error("", "You must be logged in first.");
drupal_goto("user");
}
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment