1
peterr
Restricting access to user information
  • 2004/9/8 12:29

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


Hi,

Can the developers of XOOPS please consider adding some functions or classes to restrict the access to user information.

Having recently had a need to do this, and finding many good tips/techniques in the forums, I posted the 'research' here:

https://xoops.org/modules/newbb/viewtopic.php?topic_id=24061&forum=7

1. Basically to stop any anonymous user from viewing profile information, at any rank/level.

2. Only users on the same 'rank/level' can view the profiles of other users on the same rank, or lower rank of course.

3. If a post in the news module or forums,etc, is made by a 'webmaster/admin' type user, then never show the username, simply leave it blank or put in their real names or add 'anonymous' or similar.

4. Other methods to control/restrict lower level ranked users from being able to view the username of any higher level (rank) user.

Thanks, :)

Peter

2
RachelVirago
Re: Restricting access to user information

This would be really useful.

my first XOOPS site has been a great success but development has slowed considerably due to members treating webmaster as public property.

Despite installing smart FAQ and providing notes on how to use it I continue to get variations on the same questions with monotonous regularity.

I appreciate this is in part my own fault for for not creating a more intuitive interface but it's a catch 22 with the contstant interuptions disrupting efforts to do so.

I now respond with the FAQ link to "How to ask a question" in most cases nontheless it's still tedious.

Why do people do this? because they can!

I have been searching for a way to conceal my profile but the functionality you specify would be even better.

For the time being I have removed my webmaster rank.

3
Mithrandir
Re: Restricting access to user information

1. will be in XOOPS 2.1

2., and 4. I don't see the need for - but they should not be difficult to customise

3. is module stuff, I won't touch

4
RachelVirago
Re: Restricting access to user information

Quote:

Mithrandir wrote:

2., and 4. I don't see the need for - but they should not be difficult to customise


My need for this is as follows.

I run a transgender support site and do not wish for new members who have not contributed to forums (thereby establishing their reason for membership) to have access to user info of those who have.

We run a two tier system I.E.

sign up and you are a registered user,

Make 5 approved posts and you are a qualified member.

Only qualified have access to members module. So far so good. But, any member can get to user profiles via "who's online" block (core and NewBB2 or userbar info (NewBB2).

I could disable the two preceeding features but feel it would detract from the site

I assume peterr has a similar requirement.

5
m0nty
Re: Restricting access to user information
  • 2005/5/5 8:42

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


*edited due to problem with anonymous users getting blank page, see my post below for working hack*

6
RachelVirago
Re: Restricting access to user information

Many thanks for this, not just because it is a solution in record time but also because for a PHP beginner it is a great way to learn by example. Excellent.

7
m0nty
Re: Restricting access to user information
  • 2005/5/5 9:18

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


i'm only a beginner myself.. as such treat it with care as i am not sure of what problems it may/could cause.. but if it does then just reverse what u did.

8
m0nty
Re: Restricting access to user information
  • 2005/5/5 9:37

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


hmmm like the problem i just found.. ignore the hack i gave above.

when logged out anonymous users get blank pages..

instead try this:

open userinfo.php

find:
include_once XOOPS_ROOT_PATH '/modules/system/constants.php';


add this just after it on the next line

if (is_object($xoopsUser)) {
if (!
$xoopsUser->getVar('posts') >= 5) {
    
redirect_header("index.php"2'You need a minimum of 5 posts to view member profiles');
    exit();
}
} else {
    
redirect_header("register.php"2'You Need to Register to view member profiles');
    exit();
}

9
Herko
Re: Restricting access to user information
  • 2005/5/5 9:39

  • Herko

  • XOOPS is my life!

  • Posts: 4238

  • Since: 2002/2/4 1


XOOPS doesn't have a hierarchial groups system, and the ranks is just a visual addition. Access is given or denied based on group membership, not on ranks. It's a choice that has been made 5 years ago not to have 2 permission layers active at the same time (and still valid IMHO). So granting view permissions based on rank is possible to hack in, but will not be part of the core. What can be part of the core and could come closer to your wishes, is to link ranks and groups more closely, meaning that people advance to a new group based on certain criteria, as the ranks are dealt with at the moment. Each group has a default rank assigned (not overriding the special ranks). However, I'd much rather see a more dynamic rank/group advancement *module* that allows you to set the advancement criteria which could be more then 'just' posts (karma, donations, uploads, votes, whatever). Note that I say that this is amodule, not per say a core feature. Mithy's dynamic user profile module is a good example, why not do the same with group/rank management?

Herko

10
RachelVirago
Re: Restricting access to user information

Quote:

m0nty wrote:
*edited due to problem with anonymous users getting blank page, see my post below for working hack*


Um, well I just implemented the and no problem with anonymous, they already had no access to user info as already used the (published) hack below??

$xoopsUser or redirect_header('index.php', 3, _NOPERM);

Only issue with it is => 5 post members cannot view their own profile, only edit it, not a major problem and am advised I can fix this. I.E.
........................................
$xoopsUser->getVar('posts') accesses properties of the user so you know what /who they are, you also need to know what the user id of the page that they are requesting is, then you can test for that . So *all* you need to do is to find the variable that refers to which user profile is being requested.
HTH
Carrie
........................................
It's the *all* bit I think I may not have time to get to grips with today, lol.

Have copied your revised code and will be working with this more, later

Many thanks to all for your input and insights

Herko, I think what you suggest would be very cool feature and save a lot of admin grunt work.

m0nty, you are too modest guy.


Login

Who's Online

409 user(s) are online (278 user(s) are browsing Support Forums)


Members: 0


Guests: 409


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits