Legal

Displays Terms & Conditions to users during registration and login, requiring acceptance before completing these actions.

legal

3,976 sites

drupal.org

gui content migration

terms and conditions registration user agreement compliance legal privacy policy gdpr consent user registration multilingual

Drupal 8 Drupal 9 Drupal 10 Drupal 11

Install

Drupal 11, 10, 9, 8 v3.0.3

composer require 'drupal/legal:^3.0'

Overview

The Legal module provides a comprehensive Terms & Conditions management system for Drupal sites. It displays customizable T&C text on the user registration form and requires visitors to accept them before their registration is completed.

When a new version of the T&C is created, all users will be required to accept the new version upon their next login. The module supports multiple display formats for T&C content including scroll boxes, HTML text, and page links with optional modal dialogs.

The module provides full multilingual support, allowing different T&C versions for each language. It also includes Views integration with two pre-built views for displaying T&C history and user acceptance records. Additionally, it offers migration support for sites upgrading from Drupal 7.

The module creates two custom content entities: one for storing T&C conditions and another for tracking user acceptance records. Administrators can also add up to 10 additional required checkboxes to the T&C form, useful for age verification or other custom agreements.

Features

Displays Terms & Conditions on user registration form with mandatory acceptance
Requires re-acceptance when new T&C versions are published
Multiple display styles: Scroll Box (HTML), Scroll Box (CSS), HTML Text, and Page Link
Optional modal dialog display for Page Link style
Multilingual support with separate T&C versions per language
Up to 10 additional custom checkboxes that users must accept
Version and revision tracking system for T&C history
Change explanation feature to highlight what changed since the last version
Built-in Views for T&C history and user acceptance tracking
Exemption system for specific user roles
Option to require T&C acceptance on every login
User profile integration to display and accept T&C
Token support for embedding T&C content
Migration support from Drupal 7
Secure cookie-based authentication for login acceptance flow

Use Cases

Basic Terms & Conditions for User Registration

Set up T&C that users must accept during registration. Navigate to /admin/config/people/legal, enter your T&C text, select 'HTML Text' display style, and save. All new users will be required to accept these terms before completing registration.

GDPR Compliance with Age Verification

Use additional checkboxes to add GDPR consent and age verification. In the 'Additional Checkboxes' section, add labels like 'I am at least 18 years of age' and 'I consent to the processing of my personal data as described in the Privacy Policy'. Users must check all boxes to register.

Multilingual Site T&C Management

For multilingual sites, create T&C versions in each language. Select the target language before saving new T&C. Use 'Language specific users (a revision)' to only ask users of that language to re-accept, or 'All users (new version)' to require everyone to re-accept.

Forcing Re-acceptance on Every Login

For high-compliance environments, enable 'Ask to accept T&Cs on every login' in the Configure settings. This ensures users confirm their agreement each time they access the site, useful for financial or healthcare applications.

Exempt Staff from T&C Requirements

Staff members with administrative roles often don't need to accept T&C. In Configure settings, check the roles (like 'administrator' or 'editor') under 'Exempt User Roles' to skip T&C display for these users.

Migrating from Drupal 7

When upgrading from Drupal 7, the module's migration plugins will automatically transfer existing T&C content and user acceptance records. Run the migrations d7_legal_conditions, d7_legal_accepted, and d7_legal_settings using Drupal's migrate tools.

Tracking T&C Acceptance History

Monitor compliance by visiting /admin/config/people/legal/users to see which users have accepted which T&C version. Use the T&C History tab to review all versions that have been published and what changes were made.

Tips

T&C text should only be entered by administrators or highly trusted users as the content is filtered with filter_xss_admin() which allows most HTML
Use the Preview button on the admin form to see exactly how your T&C will appear to users before saving
Each line in the 'Explain Changes' field becomes a separate bullet point, making it easy to list multiple changes
The /legal page automatically displays T&C as HTML text regardless of the display style setting for registration/login forms
You can programmatically insert T&C using the Conditions entity - see the README for a code example
Consider using the [legal:tc] token in email templates to include current T&C in welcome emails

Dependencies

User Required Views Required

Related Projects

Views Core

Provides two pre-configured Views (legal_terms and legal_users) for displaying T&C history and user acceptance records. Also provides custom Views field handlers for displaying serialized data.

Language/Locale

Full multilingual support allowing different T&C versions per language. The Languages admin tab is only available when the Locale module is enabled.

Migrate/Migrate Drupal

Provides migration plugins for upgrading from Drupal 7, including migrations for conditions, accepted records, and settings.

Masquerade

When the Masquerade module is active, users who are masquerading are exempt from T&C requirements to prevent disrupting administrative sessions.

Token

Provides a [legal:tc] token that outputs the current Terms & Conditions text, useful for embedding T&C in emails or other content.

Technical Details

Legal /admin/config/people/legal

Main administration page for creating and managing Terms & Conditions content. Displays the current T&C version information and provides a form for entering new T&C text.

Configure T&C /admin/config/people/legal/settings

Configure general settings for how Terms & Conditions are displayed and enforced across the site.

Languages /admin/config/people/legal/languages

View the latest T&C version for each enabled language. This page is only accessible when the Language module is enabled.

T&C History /admin/config/people/legal/terms_history

View a complete history of all Terms & Conditions versions that have been created, provided by the legal_terms View.

Accepted /admin/config/people/legal/users

View which users have accepted Terms & Conditions and which version they accepted, provided by the legal_users View.

Administer Terms and Conditions

Allows users to create, edit, and manage Terms & Conditions content and settings. Also grants access to view T&C history and user acceptance records.

View Terms and Conditions

Allows users to view the Terms & Conditions page at /legal. Users without this permission cannot access the public T&C page.

hook_user_login

Intercepts user login to check if the user has accepted the latest T&C version. If not, logs the user out and redirects to the T&C acceptance page.

hook_user_insert

Records T&C acceptance when a new user registers and accepts the terms during registration.

hook_user_update

Records T&C acceptance when an existing user accepts new T&C through their profile page.

hook_form_FORM_ID_alter (user_register_form)

Alters the user registration form to add T&C display fields and acceptance checkbox.

hook_form_FORM_ID_alter (user_form)

Alters the user profile edit form to display current T&C acceptance status and allow re-acceptance.

hook_theme

Defines the legal_current_metadata theme hook for displaying T&C metadata in the admin form.

hook_token_info

Defines the [legal:tc] token for embedding T&C content.

hook_tokens

Provides the replacement value for the [legal:tc] token.

hook_help

Provides help text for the module.

T&C not showing on registration form

Ensure that T&C text has been entered at /admin/config/people/legal. No T&C will be displayed until text is saved. Also verify that the registering user doesn't have an exempt role.

Users not being prompted to re-accept new T&C on login

Check that you saved the new T&C with 'All users (new version)' selected if you want all users to re-accept. Also ensure 'Accept every login' is disabled if you only want prompts when T&C changes.

Cookies being blocked causing login issues

The module uses cookies 'Drupal.visitor.legal_hash' and 'Drupal.visitor.legal_id' for the login acceptance flow. Whitelist these cookies in your Varnish configuration or GDPR/cookie consent solution.

Languages tab not appearing

The Languages administration tab only appears when the Locale module is enabled. Enable it if you need multilingual T&C support.

User 1 (admin) not seeing T&C

User 1 is always exempt from T&C requirements by design. This prevents the super admin from being locked out. Test T&C with a different user account.

Modal dialog not working for Page Link style

Ensure that JavaScript is enabled and that there are no JavaScript errors on the page. The modal requires Drupal's core AJAX libraries to function.

T&C text uses filter_xss_admin() which is a permissive XSS filter - only allow trusted administrators to edit T&C content
The login acceptance flow uses cryptographic hashing (Crypt::hmacBase64) with user password and login timestamp to prevent tampering
The acceptance page URL token expires after 1 hour for security
Cookie-based authentication tokens are used during the login acceptance flow - these should be whitelisted in caching solutions but not exposed to untrusted third parties
User 1 is always exempt from T&C to prevent lockout scenarios - ensure User 1 credentials are secure