1
eabVicious
protecting UID information
  • 2006/6/25 1:52

  • eabVicious

  • Just popping in

  • Posts: 4

  • Since: 2006/6/22


I have found that when I am not logged in to my XOOPS site I can still type the direct URL to view a user profile. I am afraid that someone else who knows this path might troll though the UID's one by one and get information they shouldn't otherwise have without being a member. Since membership is restricted to a predetermined group, is there a way I can prevent anonymous users from directly viewing profiles?

2
Catzwolf
Re: protecting UID information
  • 2006/6/25 2:25

  • Catzwolf

  • Home away from home

  • Posts: 1392

  • Since: 2007/9/30


Yes, in the user profiles main file: enter this code at the top

if ( !is_object$xoopsUser ) ) {
    
redirect_headerXOOPS_URL0_NOPERM );
}


This should do what you want it to do :)

3
martineagle
Re: protecting UID information
  • 2006/6/29 14:00

  • martineagle

  • Just popping in

  • Posts: 6

  • Since: 2006/5/6 1


Thanks heaps for this information, it's going to be a huge help.

To assist anyone else who's not 100% clear on what the previous post means (it took me a little while to figure it out) here's what to do.

The filename to edit is userinfo.php and that should be in the root of your XOOPS directory.

You don't quite enter the code "at the top" but it's pretty close. Here's where to put it...

Just after this code...
$xoopsOption['pagetype'] = 'user';
include 
'mainfile.php';
include_once 
XOOPS_ROOT_PATH.'/class/module.textsanitizer.php';

include_once 
XOOPS_ROOT_PATH '/modules/system/constants.php';

And just before this code...
$uid intval($_GET['uid']);
if (
$uid <= 0) {
    
redirect_header('index.php'3_US_SELECTNG);
    exit();
}


So the final thing looks like...
$xoopsOption['pagetype'] = 'user';
include 
'mainfile.php';
include_once 
XOOPS_ROOT_PATH.'/class/module.textsanitizer.php';

include_once 
XOOPS_ROOT_PATH '/modules/system/constants.php';

if ( !
is_object$xoopsUser ) ) {
    
redirect_headerXOOPS_URL0_NOPERM );
}

$uid intval($_GET['uid']);
if (
$uid <= 0) {
    
redirect_header('index.php'3_US_SELECTNG);
    exit();
}


Hope this helps save someone a little time.


Regs,

Martin

4
Dave_L
Re: protecting UID information
  • 2006/6/29 15:25

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7



Login

Who's Online

269 user(s) are online (230 user(s) are browsing Support Forums)


Members: 0


Guests: 269


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits