4.6 user.module user_login($edit = array(), $msg = '')
4.7 user.module user_login($msg = '')
5 user.module user_login()
6 user.module user_login(&$form_state)
7 user.module user_login($form, &$form_state)

Form builder; the main user login form.

Related topics

7 string references to 'user_login'
hook_page_alter in modules/system/system.api.php
Perform alterations before a page is rendered.
TriggerOtherTestCase::testActionsUser in modules/trigger/trigger.test
Tests triggering on user create and user login.
TriggerUserTokenTestCase::testUserTriggerTokenReplacement in modules/trigger/trigger.test
Tests a variety of token replacements in actions.
trigger_test_action_info in modules/trigger/tests/trigger_test.module
Implements hook_action_info().
trigger_trigger_info in modules/trigger/trigger.module
Implements hook_trigger_info().

... See full list


modules/user/user.module, line 2098
Enables the user registration and login system.


function user_login($form, &$form_state) {
  global $user;

  // If we are already logged on, go to the user page instead.
  if ($user->uid) {
    drupal_goto('user/' . $user->uid);

  // Display login form:
  $form['name'] = array('#type' => 'textfield',
    '#title' => t('Username'),
    '#size' => 60,
    '#maxlength' => USERNAME_MAX_LENGTH,
    '#required' => TRUE,

  $form['name']['#description'] = t('Enter your @s username.', array('@s' => variable_get('site_name', 'Drupal')));
  $form['pass'] = array('#type' => 'password',
    '#title' => t('Password'),
    '#description' => t('Enter the password that accompanies your username.'),
    '#required' => TRUE,
  $form['#validate'] = user_login_default_validators();
  $form['actions'] = array('#type' => 'actions');
  $form['actions']['submit'] = array('#type' => 'submit', '#value' => t('Log in'));

  return $form;


While creating an external login module, I wanted to modify the login block and page to provide the external login link and disable the Drupal username and password fields. However, I needed to create a different path that will still allow the superadmin user to login with his/her Drupal account.

I added this menu callback:

   $items['backdoor'] = array(
    'title' => 'Admin Login',
    'description' => 'Use when can\'t login externally',
    'page callback' => 'drupal_get_form',
    'page arguments' => array('user_login'),
    'access arguments' => array('access content'),

Then in the form_alter, I've disabled the username and password, except for the backdoor page:

function yourmodule_form_alter(&$form, $form_state, $form_id) {
  switch ($form_id) {
    case 'user_login':
    case 'user_login_block': 

      // only allow for Drupal login fields if this is the /backdoor page
      if (strcmp(current_path(),"backdoor")!=0) {
        $form['name']['#access'] = FALSE;
        $form['pass']['#access'] = FALSE;
$form['#submit'][] = 'yourmodule_external_submit';
$form['#validate'][] = 'yourmodule_external_validate';

So what's the URL of your site? I want to, erm, take a look at something.

In all seriousness, this is a really bad idea. Someone will find that back door and pwn your site; it's only a matter of time. Please pretend that you never saw the above post, everyone.