1
council
Online News Aggregator Module -- the Core is Done...but
  • 2005/1/29 15:25

  • council

  • Not too shy to talk

  • Posts: 184

  • Since: 2004/12/18


Here's a great idea for a XOOPS module. I'm using it as a standalone online news aggregatorright now which is great, except there's no way of preventing guests from using the control panel.

It's an online news aggregator that I link to from my XOOPS site.

Here's the app:Feed on Feed Demo


Here's my site: blacklogs.com

Click on "Black Blog News" at top of left column to see it in action.


On my site I have it in a custom box with iframe. It works wonderfully except for the security thing. As you can see yourself, anyone could mark all the news items read, and wreck everything (please don't do this).

The guy who wrote the app says this:
Quote:
It is recommended that you password protect (using .htaccess or whatever method is available on your server) your entire FEED ON FEEDS directory. Otherwise, people will find your control panel, mark all your unread items as read (horrors!), erase all your feeds, or worse. And just because you secretly put FEED ON FEEDS somewhere on your server and don't tell anybody about it or link to it, that doesn't mean people won't find it. Think "Referer".


Heres' his site: http://minutillo.com/steve/feedonfeeds/

This app, incidentally (Feed on Feeds), is the engine that drives "REBLOG" another app that takes the online news aggregator concept a step further by adding features like css and porting it to Movable Type and Word Press.
see here:
REBLOG

So, main question: how to I prevent guests from using the panel which displays on the main page of Feed on Feed. This is an XOOPS related question because I'm using it with xoops.

thanks,
r.

2
carnuke
Re: Online News Aggregator Module -- the Core is Done...but
  • 2005/1/29 16:21

  • carnuke

  • Home away from home

  • Posts: 1955

  • Since: 2003/11/5


Quote:
On my site I have it in a custom box with iframe. It works wonderfully except for the security thing. As you can see yourself, anyone could mark all the news items read, and wreck everything (please don't do this).


Thinking out loud ... so this maybe off the wall

You hack the script to remove the links you want to protect, so no-one could tamper.

Now reproduce those links in a menu system like multi-menu.
all links and menus in multi-menu are subject to groups permissions, so you could hide it from all users except your self or trusted members.

This could do the trick ???

let us know


3
council
Re: Online News Aggregator Module -- the Core is Done...but
  • 2005/1/29 17:34

  • council

  • Not too shy to talk

  • Posts: 184

  • Since: 2004/12/18


Quote:

You hack the script to remove the links you want to protect, so no-one could tamper.

Now reproduce those links in a menu system like multi-menu.
all links and menus in multi-menu are subject to groups permissions, so you could hide it from all users except your self or trusted members.

This could do the trick ???


Thanks, Carnuke ...

Hacking the menu sounds simple enough, but the multi-menu part -- how is that done? I mean, how do I integrate multi-menu into this page? Must I wrap the page into a XOOPS block? Can still call the page from another url?

R.

4
carnuke
Re: Online News Aggregator Module -- the Core is Done...but
  • 2005/1/29 18:23

  • carnuke

  • Home away from home

  • Posts: 1955

  • Since: 2003/11/5


Quote:
This is an XOOPS related question because I'm using it with xoops.


I interpreted this to mean the aggregator script was in an iframe placed in a XOOPS custom block, is that correct?

If so, you would need to add your admin links etc to multimenu and target them at the iframe, ie give it a name etc... Make the multi menu visible to admins only

I really cant say how this would work, because I dont know the aggrregator script, whether you can split the functions, or not.

Another idea ... forget the iframe and use the Auth module.

It's a true website wrapper module, not iframes! all relative links are respected within a separate website or set of scripts WITHIN the XOOPS frame. You can also permission certain pages with this module.

There's an FAQ about this, I'll check and post the link back.

Hewre's the link to the Auth FAQ wrapper module

5
council
Re: Online News Aggregator Module -- the Core is Done...but
  • 2005/1/29 23:00

  • council

  • Not too shy to talk

  • Posts: 184

  • Since: 2004/12/18


Thanks, Canuke, and I must say, I'm really starting to like Xoops!

By the way, do you think it's a good idea to invest time in learning php? I've got the book here at home and crack it open every now and then.

Oh, about the iframe. I don't have the script in it. I just call the script from it. The script is on a stand-alone html page.

Ric.

6
carnuke
Re: Online News Aggregator Module -- the Core is Done...but
  • 2005/1/29 23:20

  • carnuke

  • Home away from home

  • Posts: 1955

  • Since: 2003/11/5


Council ... If you have the time and interest in learning php programming, it can only be a benefit IMHO

Its a delicate balance between learning cold theory, so you understand the principles and doing something practical with it and seeing the results!

Xoops is a satifying platform to test your skills, don't you think



Richard

7
council
Re: Online News Aggregator Module -- the Core is Done...but
  • 2005/1/30 0:12

  • council

  • Not too shy to talk

  • Posts: 184

  • Since: 2004/12/18


Quote:

carnuke wrote:
Council ... If you have the time and interest in learning php programming, it can only be a benefit IMHO

Its a delicate balance between learning cold theory, so you understand the principles and doing something practical with it and seeing the results!

Xoops is a satifying platform to test your skills, don't you think



Richard



Yes, well, there's about 5 modules I need to build the kind of site I need, so I better learn php.

Alright, here's where I'm at with Auth(e).

1. downloaded it.

2. installed it.

3. placed application in Auth(e) folder.

4. installed app from my site.

5. it installed fine -- except not with my site's header, footer, etc. It installed as its own stand alone page in the Auth(e) folder.

6. It became the new Auth(e) link in my menu. When I click this link, I get my new page -- sin XOOPS header and footer.

7. Also, you'll recall the whole purpose was to remove the panel from the app so guests wouldn't use it. Don't see how I do this. Don't really mind the page being without XOOPS header or footer, but don't see how auth has enabled me to get rid of or control that feedonfeed panel - that is, the panel in the new news aggregator.

Do something go wrong?

By the way, the Auth(e) icon in the modules list (on Modules page) is not click-able -- shouldn't it be?

once again, here's the site. You'll see the "auth" link in the main menu: http://blacklogs.com

Ric

8
carnuke
Re: Online News Aggregator Module -- the Core is Done...but
  • 2005/1/30 0:24

  • carnuke

  • Home away from home

  • Posts: 1955

  • Since: 2003/11/5


Well, auth is intended to wrap these pages within a XOOPS website, but thats your choice I guess.

As I undeerstand it, auth allows you to deny access to pages within the folder containing the scripts (website)

so, for example the page or file linked to from http*//blacklogs.com/modules/auth/mark-read.php can be marked as 'deny' to certain user groups. Same goes for other pages you want to protect.

--------------------------
// ? User Access Rights·Rejection or Default File name
// "Username" => "Filename·URL or Rejection Character String"
// If the user is not logged in, the access is controlled by /guest
// then the user will be handled under the /default settings
// The File name will have to start with XOOPS/modules/auth/
// index.html Do not further abbreviate
// index.php Can not be used, so please change it to either
// index.html or default.php
// URL can also be used, so that the URL will be displayed directly
// http:// https:// Do not further abbreviate
// The users listed in the?Rejection String?
// will not have access to the files

$auth_user = array (
"/default" => "index.html" );

//$auth_user = array (
// "user123" => "user.html",
// "user234" => "user.html",
// "userurl" => "http://url.com/user.html",
// "/guest" => "/deny/",
// "/default" => "index.html" );
-------------------------------------

I have not done this yet and if it's not obvious from the modules readme file, I advise you contact noisia or shine. They can probably help with this.

Quick work council

9
council
Re: Online News Aggregator Module -- the Core is Done...but
  • 2005/1/30 7:14

  • council

  • Not too shy to talk

  • Posts: 184

  • Since: 2004/12/18


Hmm, ok, but I must ask you: what was the other way you mentioned using multi-menu?

That sounded interesting and I've since downloaded multimenu.

So, I have a page wrapped in Auth(e). Can I actually intergrate some of the links of this page into multi-menu in such a way that those links will allow me to still invoke action to the page? If so, how?

Thanks ...

Ric

Login

Who's Online

296 user(s) are online (266 user(s) are browsing Support Forums)


Members: 0


Guests: 296


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits