D7 Modules - Login Modules & related use cases....

As a newbie, part of the challenge is to know the use cases and the modules that are provide them. Modules that are not buggy, are regularly maintained and have stable releases. 

Below are a bunch on User Login related modules and their use cases that may be applicable in many scenarios. Most of these appear to be stable. This blog only summarizes them at one place. The same info is also available on  the www.drupal.org/project/<module> pages.  You may also find additional screenshots for easier understanding or links to related screencasts if you are lucky.



There is one use case, however, that I have not been able to find out for D7 (only) is having a user of a particular role be made to go through certain registration pages when creating a NEW account. Any help by way of comments will be very helpful.

Also Read => HowTo: Add a Terms of Agreement on Registration Page = http://drupal.org/node/112519

Security Kit = http://drupal.org/project/seckit

• This Module provides Drupal installation with various security hardening options. This lets you mitigate the risks of exploitation of different web application vulnerabilities. This is a nice module and has a lot of feature with respect to cross-site scripting and other vulnerabilities.
• The documentation is good. All necessary documentation and examples of usage are on settings page of module. You may also take a look at http://www.browserscope.org/?category=security to figure out current status of browsers support.

Login Activity = http://drupal.org/project/login_activity

• This module logs user login activity for every user on a Drupal installation. 
• This can be used to provide important user information about when and from where their user account was used to login to the website. 
• If a user notices unusual activity, the user might take required action to protect the account from getting compromised.

Login Toboggan = http://drupal.org/project/logintoboggan

• The LoginToboggan module offers several modifications of the Drupal login system in an external module by offering the following features and usability improvements:
• Allow users to login using either their username OR their e-mail address.
• Allow users to login immediately.
• Provide a login form on Access Denied pages for non-logged-in (anonymous) users.
• The module provides two login block options: One uses JavaScript to display the form within the block immediately upon clicking "log in". The other brings the user to a separate page, but returns the user to their original page upon login.
• Customize the registration form with two e-mail fields to ensure accuracy.
• Optionally redirect the user to a specific page when using the 'immediate login' feature.
• Optionally redirect the user to a specific page upon validation of their e-mail address.
• Optionally display a user message indicating a successful login.
• Optionally combine both the login and registration form on one page.
• Optionally have unvalidated users purged from the system at a pre-defined interval (please read the CAVEATS section of INSTALL.txt for important information on configuring this feature!).
• Integrates with Rules module to do various tasks when a user validates via email validation process (see http://drupal.org/node/880904 for an example)

Login History = http://drupal.org/project/login_history

• Login History provides a table which stores a list of each users' past logins.

Persistent Login = http://drupal.org/project/persistent_login

• The Persistent Login module provides the familiar "Remember Me" option in the user login form. 
• Control how long user logins are remembered, before a user will have to enter their credentials again. 
• Control how many different persistent logins are remembered per user. 
• Control which pages a remembered user can or cannot access without explicitly logging in with a username and password (e.g. you cannot edit your account or change your password with just a persistent login). 
• A user can clear all of his/her remembered logins via their account page.

Password Policy = http://drupal.org/project/password_policy

• This module provides a way to specify a certain level of password complexity (aka. "password hardening") for user passwords on a system by defining a password policy.
• A password policy can be defined with a set of constraints which must be met before a user password change will be accepted. 
• Each constraint has a parameter allowing for the minimum number of valid conditions which must be met before the constraint is satisfied.
• Example: an uppercase constraint (with a parameter of 2) and a digit constraint (with a parameter of 4) means that a user password must have at least 2 uppercase letters and at least 4 digits for it to be accepted.
• Current constraints include: => Complexity constraint, Digit constraint, Letter constraint, Letter/Digit constraint (Alphanumeric), Length ,constraint, Uppercase constraint, Lowercase constraint, Punctuation constraint, Delay constraint, Username constraint, Digit placement constraint, History constraint (checks hashed password against a collection of users previous hashed passwords looking for recent duplicates)
• The module also implements a password expiration feature. The user gets blocked or is forced to change his password when his old password expires.
• Administrators can force specific users or entire roles to change their password on their next login and can made a password tab available to users instead of the usual user/#/edit screen for password changes.

Secure Share = http://drupal.org/project/secureshare

Restrict IP = http://drupal.org/project/restrict_ip

• This module allows administrators to restrict access to the site to an administrator defined set of IP addresses. 
• Anyone trying to access the site from an IP address not in the list of allowed IP addresses will be redirected to an access denied page with the message "Your address is not in the list of allowed IP addresses".

IP Login = http://drupal.org/project/ip_login

• This module allows users to login automatically via their IP (v4) address ranges or wildcards instead of having to enter a username and password - plus many other features.