0

I've created 2 files:

  • login_process.info
  • login_process.module

I've created the table "user" in the database that Drupal is using. I want to display a custom login form with fields "Username" and "Password".

Assuming the data from Username and Password fields are in the correct format(proper validations), when the submit button is pressed, a query is done and data to check if the values matches that found in the table. 

If no result is found, it displays an error message else it redirects to to the welcome page.

Here are the codes:

login_process.info

name = "My login process module" description = "Performs login process" core = "7.x" version ="7.x.1.0" package = "Login/Register"`

login_process.module

<?php /* *Implements hook permission */ function login_process_hook_permission() { return array( 'submit login_process' => array( 'title' => t('Submit login form'), 'description' => t('Submit the login form') ), ); } /* * Implements hook menu */ function login_process_hook_menu() { $items = array(); $items['login-process'] = array( 'title' => 'login', 'type' => 'MENU_NORMAL_ITEM', 'access arguments' => array('submit login_process'), 'page callback' => 'drupal_get_form', 'page arguments' => array('login_process_form') ); return $items; } /* * The login form */ function login_process_form($form,&$form_state) { $form['Username'] = array( '#type' => 'textfield', '#title' => t('Username'), '#size' => 20, '#maxlength' => 20, '#required' => TRUE, '#description' => t('Please enter a valid username'), ); $form['Password'] = array( '#type' => 'textfield', '#title' => t('Password'), '#size' => 20, '#maxlength' => 20, '#required' => TRUE, '#description' => t('Please enter a valid password'), ); $form['submit'] = array( '#type' => 'submit', '#value' => t('Add item') ); return $form; } /* * Validation handler for the login_process_form */ function login_process_form_validate($form,&$form_state) { print('<pre>'.print_r($form_state['values'],1).'<pre>'); die(); if (!preg_match("/[a-zA-Z]/",$form_state['values']['Username'])) { form_set_error('Username', t('Username must contain only alphabets')); return FALSE; } return TRUE; //add more validations for Username and Password } /* *Submit handler for the login form */ function login_process_form_submit($form,&$form_states) { $username = $form_state['values']['Username']; $password = $form_state['values']['Password']; $results = db_query("SELECT Username,Password FROM user WHERE Username='".$username."' AND Password='".$password."'")); if(is_null($results)) { form_set_error('Username', t('Wrong username or password. Try again!!!!')); return FALSE; } else { echo "Welcome".$form_state['values']['Username']."<a href="logout.php">Logout</a>" // it will be better if it is displayed in a block } }

It neither display errors nor the login form created from the module. Can anyone help me here? Do I have to install additional modules to make it work?

Most of the codes are based from Daily dose of Drupal episode 16 to 22.

Improve this question
3
  • I recommend checking out the modules/user/user.module file, starting from the hook_menu() implementation and the way user/login path is defined, and then working your way out to other parts. Commented Mar 31, 2016 at 11:18
  • Notice that Drupal doesn't use user as database table because it is a reserved word in many databases. Commented Mar 31, 2016 at 11:48
  • And the usual question is: Why are you trying to implement a login form when Drupal already implement it using a more secure code? Commented Mar 31, 2016 at 12:15

2 Answers 2

Reset to default
1

You don't need any other modules, to just show a form. Your code is not correct in some points, though, and that needs to be corrected.

A form validation handler doesn't return TRUE nor FALSE; it just calls form_set_error() in case the submitted data doesn't pass the validation.

A form submission handler doesn't validate the submitted data; that is the task of the form validation handlers. The purpose of the form submission handlers is to take the necessary actions (e.g. loading data from the database, saving data to the database), but they don't return anything.

You don't inject values entered from user directly in the query, as you do with db_query(). That is the perfect way of given a malicious user access to the user #1 access, for example, and without the user knowing the user #1 account.
Always use placeholders for input obtained from users, when you are using it in a query. See what user_login_authenticate_validate() does.

$account = db_query("SELECT * FROM {users} WHERE name = :name AND status = 1", array(':name' => $form_state['values']['name']))->fetchObject();

The correct way to show a message to the user is using drupal_set_message(). In the specific case, showing a message with a logout link is not much helpful, since the users will not see it anymore after moving to a different page. In any case, you don't use echo() to print anything on a Drupal page from a form submission (or validation) handler.

Improve this answer
0

To me it looks like you made a form which is not used.

How do you display this form ?? Are you using example.com/login-process ?

If you want to alter the default login form use:

function login_process_form_alter(&$form, $form_state, $form_id) { if ($form_id == 'user_login_block' || $form_id == 'user_login') { $form['#validate'][] = '_login_process_form_validate'; $form['#submit'][] = '_login_process_form_submit'; } }

So, there we added these custom validate and submit handlers:

function _login_process_form_validate($form, &$form_state) { } function _login_process_form_submit($form, &$form_state) { }
Improve this answer
2
  • If the form builder is login_process_form(), then Drupal with use login_process_form_submit() as form submission handler, without to explicitly setting #submit. See user_login(). The same is true for form validation handlers. Commented Mar 31, 2016 at 11:57
  • 1
    true, but I'm suggesting a login form alternation, not the use of a custom form ;) Commented Mar 31, 2016 at 12:21

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.