Redirect create password form to site, not admin site


I am trying to implement user accounts without exposing the admin site, to work with the restricted sites module. Can you tell me how I might go about redirecting the create-password form so on activation it redirects to the site rather than the admin dashboard? I am also curious where to find the ‘user activation’ email template. Thank you for your time.

I managed to do this by changing the LoginController.php - I would like to write it as a module to complement RestrictedSites when I can, unless ManOnDaMoon wants to add it in.

Logging in (as after password creation) now redirects to the default site, so average user never sees the admin site. Administrators can get there by the url.


I’ve yet to follow the exact use case you are trying to achieve, but it could be a nice addition to the RestrictedSites module.

I understand the following steps:

  • user receives the password creation email
  • user clicks on the link in the email
  • user is redirected to a password creation form on a specific site

Could you detail further what happens before the email is sent? Does the user have to click on ‘forgot password’ or is user creation also happening within the site?

Have a nice day


Hello Laurent,

The email is sent automatically when an admin user creates a new user with an email address. So my aim was to avoid having users redirected to the admin dashboard when they first login after creating a password for a new user account, through the emailed link. I did this by hard coding the site slug into the redirect in LoginController.php. So create password redirects to login redirects to the site, rather than admin. This works since the default site is meant to be the only restricted site for this project. If integrated with your module, I think it would be better for

(a) user creation to include assignment to a site’s list of users (I had to do this in two steps)
(b) create password form to live on a particular site, like your login form in RestrictedSites, to allow for multiple redirects working from the current site.

None of what I am doing involves user self registration, but that would also be an interesting possibility. As it is, I as admin am creating users, adding them to the site’s list of users right away, so that by the time they create a password and log in they will be authorized on the restricted site. Otherwise, the login form redirecting to the site would result in a 403 Forbidden.

I also commented out the addition of “Successfully logged in” to messages so it would not ultimately appear when they log out of the restricted site, above “Successfully logged out”.

Please let me know if I can elaborate further.