Hi,
What Dave posted will _nearly_ answer my question (and concerns).
I would like to stop _anyone_ from doing this:
http://example.com/userinfo.php?uid=1except of course if the user doing it was the 'webmaster'.
Having just installed an XOOPS for someone (#2 install, wooppee) , I setup the 'webmaster' person, and added a news article, only to see that then any anonymous user would be able to see _that_ username. :(
In general, I would like a method to be able to control the user levels to a degree where something like this happens.
1. No one at all could view user id=1 , unless they were that user, or a user on the same level.
2. Only 'webmaster' level users can view other 'webmaster' user info.
3. In general, users cannot view either user info, or posts by other users, unless they were at _least_ on that user level. That is, webmaster can do all, next level down (registered) can only view registered or anonymous,etc.
My objectives mostly are to protect the login username of any 'webmaster' level person. That would include a post anywhere (news, sections, forums,etc) by a webmaster, only another webmaster would be able to view the posts, or the persons info.
Hope I have made sense. For now, I have disabled just about everything on the website, even the news section, because the article was posted by a 'webmaster' type person.
Thanks,
Peter