1
Peekay
User profile viewable by user and admin only?
  • 2006/12/4 23:22

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


I found a hack to hide a XOOPS user's profile from anon site visitors, but is there a way to restrict viewing of a profile to just that user and admin only?

I would like admin to be able to add account info (e.g. FTP passwords, email login details etc.) and ensure that only that particular user can access them.

I thought about using a module, but the only one I know of that stores user-specific data (i.e. cannot be seen by others) is Xhelp. I just need one page of info so that's a bit overkill really.
A thread is for life. Not just for Christmas.

2
jdseymour
Re: User profile viewable by user and admin only?

I think with these items it would be best to communicate them directly. It would be very insecure to have such information in any type of text file unencrypted on the server. The file can be protected (and encrypted) by the OS file system, but is external of xoops.

Most, I believe communicate the password information by email after registration.

3
vaughan
Re: User profile viewable by user and admin only?
  • 2006/12/5 3:22

  • vaughan

  • Friend of XOOPS

  • Posts: 680

  • Since: 2005/11/26


Quote:

Peekay wrote:
I found a hack to hide a XOOPS user's profile from anon site visitors, but is there a way to restrict viewing of a profile to just that user and admin only?


in userinfo.php

add:

redirect_header("index.php",3,'No Permission To View Profile');
exit();


right after (occurs twice in the 1st if() statement):

$xoopsTpl->assign('user_ownpage'false);


note. you should be able to comment out the code above the redirect you just added to the start of the else { statement also, but you can leave it in if u wish.


you could also do it via the system_userinfo.html template by using (but i find editing the php file easier as no need to worry about the redirect script then for the html page.

<{if $user_ownpage !== false}>

userinfo script........

<{else}>

page redirect script......
<{/if}>

4
Peekay
Re: User profile viewable by user and admin only?
  • 2006/12/5 10:17

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


@Vaughan
Many thx for that. Works a treat.

@jdseymour
Sorry, you are quite right - passwords was a bad example. I'm building a help-desk site where admin sets up the accounts and needs to add some extra stuff about the user, e.g. real names and company details. The client doesn't want other users to have access to that info.
A thread is for life. Not just for Christmas.

5
irmtfan
Re: User profile viewable by user and admin only?
  • 2006/12/5 11:25

  • irmtfan

  • Module Developer

  • Posts: 3419

  • Since: 2003/12/7


just in this case i think XOOPS 2.2.4 and upcoming bug fix 2.2.5 can sort it out much better because you can show a single field (extra stuff) to 1 group and other groups cant see that.

6
script_fu
Re: User profile viewable by user and admin only?

Montys code works great. But on 2.0.17.1 it will only let the account holder see their own profile.

Logged in as admin I can only view my own profile.
Logged in as registered user they can only view their own profile.
Logged in as user in custom group they can only view their own profile.

Here is what im looking for.

1) I need the users to be able to see the admin /webmasters profile.

2) I need the users to be able to see the mods profile.

3) I need the admin to see all profiles.

4) I need the mods to see all profiles.

7
script_fu
Re: User profile viewable by user and admin only?

Here is Nachenko post on some smarty tags. but they are incomplete.

Quote:

nachenko wrote:
I think some Smarty code in the template should do the trick.

something like:

If user we are viewing ($user_uid) is ourself ($xoops_user), or the user is an admin...

<{if $user_uid == $xoops_user || $xoops_isadmin}>

code we want to show

<{/if}>

You'll have to check exact name of smarty variables, I'm not sure I wrote them properly.

8
script_fu
Re: User profile viewable by user and admin only?

Then we have Dave_L post about userinfo.html. The problem is dave post is newer than montys. Monty says system_userinfo.html which I can find in the system module. I cannot find a file called userinfo.html in the XOOPS 2.0.17.1 package.

Now which code should I put where for my needs?


Quote:

Dave_L wrote:
If you want to, you could simplify those if-clauses:

<{if $user_ownpage || $xoops_isadmin}>
.
.
profile table
.
.
<{/if}>


<{if !$user_ownpage}>
<
center><h3>Please login to view the profileh3>center>
<{/if}>

9
script_fu
Re: User profile viewable by user and admin only?

The last little bit can be found in the Faq section. This does not solve my problem either.

The solution might be in the above code. But at this moment in time its not clear to me yet. I've tested all of this and it didn't do what I needed. I've been up all day hacking a site to conform to the specs needed by the client.

Forgive me if the correct code is here and I did not implement it correct.

I will say that after an extensive search I could not find any more related examples.

Thanks for any help in advance...

10
script_fu
Re: User profile viewable by user and admin only?

Here is another few posts I lucked into.

Here is the link with an interesting discussion behind it.


Quote:

xlurker wrote:
Quote:

Alex_Grey wrote:
Below is some code for userinfo.php. it is set so only system_admin can view that profile.

$isAdmin $gperm_handler->checkRight'system_admin'XOOPS_SYSTEM_USER$groups);            // isadmin is true if user has 'edit users' admin rights

//Added Code
if ($uid == && !$isAdmin){
    
redirect_header('index.php'3_NOPERM); 
}
//End


Some people deliberately set uid 1 as a non-privileged or non-existent account for security reasons. Omitting that portion of the code and just checking for !$isAdmin is sufficient.

$isAdmin $gperm_handler->checkRight'system_admin'XOOPS_SYSTEM_USER$groups);            // isadmin is true if user has 'edit users' admin rights

//Added Code
if (!$isAdmin){
    
redirect_header('index.php'3_NOPERM); 
}
//End

Login

Who's Online

339 user(s) are online (188 user(s) are browsing Support Forums)


Members: 0


Guests: 339


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits