dmuth · January 10, 2012 04:52
diff --git a/gistfile1.aw b/gistfile1.aw
 <?php
 /**
 *
 * From my blog post at:
 *
 * http://www.dmuth.org/node/1202/how-secure-drupal-site
 *
 */

 $path = getenv("SCRIPT_URL");

 //
 // If a user is not logged in, they can only access certain unrestricted pages.
 //
 if ($user->uid == 0) {

    if (
        //
        // strstr() is called for efficiency. Keep in mind that ANY path that matches
        // these strings will be allowed to anonymous users. So if you have something
        // like "/userlist", an anonymous user can view that. I warned ya!
        //
        !strstr($path, "user")
        && !strstr($path, "how-to-join")
        && !strstr($path, "contact")
    ) {

    form_set_error("", "You must be logged in first.");
    drupal_goto("user");

 }

 ?>
	<?php
	/**
	*
	* From my blog post at:
	*
	* http://www.dmuth.org/node/1202/how-secure-drupal-site
	*
	*/

	$path = getenv("SCRIPT_URL");

	//
	// If a user is not logged in, they can only access certain unrestricted pages.
	//
	if ($user->uid == 0) {

	if (
	//
	// strstr() is called for efficiency. Keep in mind that ANY path that matches
	// these strings will be allowed to anonymous users. So if you have something
	// like "/userlist", an anonymous user can view that. I warned ya!
	//
	!strstr($path, "user")
	&& !strstr($path, "how-to-join")
	&& !strstr($path, "contact")
	) {

	form_set_error("", "You must be logged in first.");
	drupal_goto("user");

	}

	?>