It’s easy to take Drupal’s built-in user management features for granted… out of the box, you can configure your site to allow user registrations, reset forgotten passwords, and handle user logins. We had a use case where we wanted to combine the login and registration forms into a single landing page for anonymous users, to encourage users without an account to sign up with a single click rather than hiding the registration form behind another link.

There are many ways to skin a cat in Drupal, and the more familiar you get with the way Drupal and its many contributed modules work you start to realize that it’s possible to do things like set up a combination login/registration screen with little if any custom coding.

Here’s what we did (Your mileage may vary - on some sites it may not be appropriate to use executable PHP blocks, but our permission scheme accomodated it nicely):

1. Create a new block (Admin > Build > Block > Add Block). Set the input format to PHP Code, and give it the following contents, which will display the standard user login form:

   <?php  print drupal_get_form('user_login');  ?> 

2. Create another new PHP Code block for the registration form:
   

   <?php  print drupal_get_form('user_register');  ?> 

3. Install the Panels module, and add a new Panel using the two column layout.

4. Put the login form block in the left column and the registration form block in the right column. Give the panel a path like myapp/register- it’s very important that the second part of the path contain the word register. (More on that in a moment) Save the panel.

5. Go to Administer > Site Configuration > Error Reporting and set the default 403 (Access Denied) error page to the path of the Panel you just created. This means that whenever an anonymous user encounters a page requiring authentication, they will get the login/registration form instead of the somewhat rude, default “Access Denied” error.

And that’s it. Zero custom code required, and we had our combination login/registration screen ready to go. We did choose to write a small module implementing hook_form_alter() to streamline the forms a little bit, making fields shorter, eliminating some of the field descriptions, and adding a link to the password reset form. Combined with some CSS styling, the result is pretty sharp:

So, why does the Panel’s path have to have two items, the second one always being “register”? The answer is in the core user.module file, in the _user_edit_validate() function:

<?php
   // Validate the username:
   if (user_access('change own username') || user_access('administer users') || arg(1) == 'register') {
     if ($error = user_validate_name($edit['name'])) {
       form_set_error('name', $error);
     }
     else if (db_num_rows(db_query("SELECT uid FROM {users} WHERE uid != %d AND LOWER(name) = LOWER('%s')", $uid, $edit['name'])) > 0) {
       form_set_error('name', t('The name %name is already taken.', array('%name' => $edit['name'])));
     }
     else if (drupal_is_denied('user', $edit['name'])) {
       form_set_error('name', t('The name %name has been denied access.', array('%name' => $edit['name'])));
     }
   }
 ?>

This chunk of code is responsible for making sure a submitted user name isn’t already taken, and the only way it gets called when the user_register form is submitted is if arg(1) is “register”, as is the case when signing up from the standard /user/register path. If you give your combination login/register panel a path whose second item is not “register”, it will still work, but the system won’t catch duplicate user name requests, resulting in the behavior reported at http://drupal.org/node/148525.