XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Community Support forums / 
  3. Q and A 
  4.  / protecting UID information
Register
1
eabVicious
protecting UID information

  • 2006/6/25 1:52

  • eabVicious

  • Just popping in

  • Posts: 4

  • Since: 2006/6/22


I have found that when I am not logged in to my XOOPS site I can still type the direct URL to view a user profile. I am afraid that someone else who knows this path might troll though the UID's one by one and get information they shouldn't otherwise have without being a member. Since membership is restricted to a predetermined group, is there a way I can prevent anonymous users from directly viewing profiles?
2
Catzwolf
Re: protecting UID information

  • 2006/6/25 2:25

  • Catzwolf

  • Home away from home

  • Posts: 1392

  • Since: 2007/9/30


Yes, in the user profiles main file: enter this code at the top

if ( !is_object$xoopsUser ) ) {
    redirect_headerXOOPS_URL0_NOPERM );
}


This should do what you want it to do :)
3
martineagle
Re: protecting UID information

  • 2006/6/29 14:00

  • martineagle

  • Just popping in

  • Posts: 6

  • Since: 2006/5/6 1


Thanks heaps for this information, it's going to be a huge help.

To assist anyone else who's not 100% clear on what the previous post means (it took me a little while to figure it out) here's what to do.

The filename to edit is userinfo.php and that should be in the root of your XOOPS directory.

You don't quite enter the code "at the top" but it's pretty close. Here's where to put it...

Just after this code...
$xoopsOption['pagetype'] = 'user';
include 'mainfile.php';
include_once XOOPS_ROOT_PATH.'/class/module.textsanitizer.php';

include_once XOOPS_ROOT_PATH '/modules/system/constants.php';

And just before this code...
$uid intval($_GET['uid']);
if ($uid <= 0) {
    redirect_header('index.php'3_US_SELECTNG);
    exit();
}


So the final thing looks like...
$xoopsOption['pagetype'] = 'user';
include 'mainfile.php';
include_once XOOPS_ROOT_PATH.'/class/module.textsanitizer.php';

include_once XOOPS_ROOT_PATH '/modules/system/constants.php';

if ( !is_object$xoopsUser ) ) {
    redirect_headerXOOPS_URL0_NOPERM );
}

$uid intval($_GET['uid']);
if ($uid <= 0) {
    redirect_header('index.php'3_US_SELECTNG);
    exit();
}


Hope this helps save someone a little time.


Regs,

Martin
4
Dave_L
Re: protecting UID information

  • 2006/6/29 15:25

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7


There's also a FAQ on this: Can I stop guests from viewing registered user profiles?

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

427 user(s) are online (59 user(s) are browsing Support Forums)

Members: 0

Guests: 427

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Sep 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits