Drupal - How to add login form to the Access Denied page?

Option 1: Use the CustomError module

The CustomError module allows the site admin to create custom error pages for HTTP status codes 403 (access denied) and 404 (not found), without the need to create nodes for each of them. Some more details about its features (from its project page):

• Configurable page title and descriptions.
• There are no author and date/time headers as with normal nodes.
• Any HTML formatted text can be be put in the page body.
• The error pages are themable.
• Users who are not logged in and try to access an area that requires login will be redirected to the page they were trying to access after they login.
• Allows custom redirects for 404s.

You should be interested in the part about "Users who are not logged in and try to access an area that requires login will be redirected to the page they were trying to access after they login.".

Option 2: Redirect to user/login using the Rules module

"Adding settings for the 'access denied page' and displaying the 'User login' block on that page" is indeed a solution that should work. However, you could take this a little step further, and enhance the user experience AbitMORE. By using a variation of the approach described in the answer to the question about "How to redirect anonymous users to login page using Rules module?".

To do so, assume the path of the "Default 403" page is set to "no_access" (via /admin/config/system/site-information, near the bottom of that admin page). Then create a rule using the Rules module, with as Event something like "After visiting node 'no_access'". So that the entire rule would look something like so:

• Events: After visiting node 'no_access'

• Conditions:

  1. User has role(s) - Parameter: User: [site:current-user], Roles: anonymous user
  2. NOT Text comparison - Parameter: Text: [site:current-page:url], Matching text: user/login

• Actions: Page redirect - Parameter: URL: user/login

Should you want to do so, you could even add another Action to also display some (informational) message in the Drupal message area, with something like "You tried to visit a page for which login is required ...".

True, it might require you to enable an extra contributed module (Rules). But, as indicated by its growing popularity also, that module is probably already enabled in mostly any site (similar to the Views module), because there are dozens of use-cases for this module. Just 1 variation of this question: how about enhancing the user experience for "Page not found" in a similar way?

Option 3: Show User login block on dedicated page

Another variation, as an alternative to the Rules "Action" (to redirect to user/login), is to create some designated node, say with a path like "my_login_page_with_login_block". And then combine this with configuring the "User login" block (via admin/structure/block) like so:

• Display that block in whatever theme region of your choice.
• Use the "configure" link to the right of that User login bloc, to set the "Visibility settings" for "Pages". I.e. change the option for "Show block on specific pages" to "Only the listed pages", and specify the path (my_login_page_with_login_block) within the text box below it. If for some reason you don't want to use a path, then just specify node/nid (nid = id of the node) as the path instead.

You can add settings for 'Default 403 (access denied) page' in the site configuration (admin/config/system/site-information). And then display 'User login' block (admin/structure/block/manage/user/login/configure) on this page.

Another solution here is the the LoginToboggan module. It provides a number of different enhancements to login functionality.

The logintoboggan module offers several modifications of the drupal login system in an external module by offering the following features and usability improvements:

1. allow users to login using either their username or their e-mail address.
2. allow users to login immediately.
3. provide a login form on access denied pages for non-logged-in (anonymous) users.
4. the module provides two login block options: one uses javascript to display the form within the block immediately upon clicking "log in". the other brings the user to a separate page, but returns the user to their original page upon login.
5. customize the registration form with two e-mail fields to ensure accuracy.
6. optionally redirect the user to a specific page when using the 'immediate login' feature.
7. optionally redirect the user to a specific page upon validation of their e-mail address.
8. optionally display a user message indicating a successful login.
9. optionally combine both the login and registration form on one page.
10. optionally have unvalidated users purged from the system at a pre-defined interval (please read the caveats section of install.txt for important information on configuring this feature!).
11. integrates with rules module to do various tasks when a user validates via email validation process (see http://drupal.org/node/880904 for an example)

The settings configuration form has an option called Present login form on access denied (403) that toggles this exact functionality on/off.