1
krystinevo
Hiding comments & profiles from anonymous users

Maybe I'm having a brain fart, but I can't seem to find out how I would go about restricting access to profiles and comments from anon. users?

I've turned off access rights to the xoopsmembers module, however I guess this doesn't prevent folks from seeing profiles on content available to anonymous users. (ie authors of news stories, etc.) Is there a trick from preventing anon. users from seeing any profiles?

Also, is there a way I can restrict anonymous users from viewing comments? I'm not seeing anything in the system admin/groups or preferences settings.

Thanks in advance!

Kristine
Everything is as it should be

2
JamesSAEP
Re: Hiding comments & profiles from anonymous users
  • 2006/10/4 15:39

  • JamesSAEP

  • Just can't stay away

  • Posts: 732

  • Since: 2005/2/28


Edit the userinfo.php file (located at your web root directoy) and add the following hightlighted code. You will prevent people from viewing your users' profiles.


$uid = intval($HTTP_GET_VARS['uid']);
if ($uid <= 0) {
redirect_header('index.php', 3, _US_SELECTNG);
exit();
}

if ( !$xoopsUser ) {
redirect_header('index.php',3,_NOPERM);
exit();
}

3
krystinevo
Re: Hiding comments & profiles from anonymous users

Thanks very much James!

Does it matter where I put this bit of code? Or can I add it anywhere in the userinfo.php file?

And just to clarify, registered users will still be able to access user profiles with this code change, correct?

Thanks again!
Everything is as it should be

4
JamesSAEP
Re: Hiding comments & profiles from anonymous users
  • 2006/10/4 15:57

  • JamesSAEP

  • Just can't stay away

  • Posts: 732

  • Since: 2005/2/28


oops, sorry, I thought I put the where...

Add it just after the following line (line 32):

include_once XOOPS_ROOT_PATH '/modules/system/constants.php';


Yes, this will allow only registered users to access it.

5
krystinevo
Re: Hiding comments & profiles from anonymous users

Works like a charm -- thanks James! I appreciate it
Everything is as it should be

6
m0nty
Re: Hiding comments & profiles from anonymous users
  • 2006/10/4 17:09

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


$uid intval($HTTP_GET_VARS['uid']);
if (
$uid <= 0) {
redirect_header('index.php'3_US_SELECTNG);
exit();
}

if ( !
$xoopsUser ) {
redirect_header('index.php',3,_NOPERM);
exit();
}


HTTP_GET_VARS is deprecated and shouldn't be used.. use $_GET instead of.. $_GET is used in most recent versions of xoops.

and you would be better using

if (!is_object($xoopsUser)) {
redirect_header('index.php',3,_NOPERM);
exit();
}


it's better to use is_object :)

7
JamesSAEP
Re: Hiding comments & profiles from anonymous users
  • 2006/10/4 17:16

  • JamesSAEP

  • Just can't stay away

  • Posts: 732

  • Since: 2005/2/28


Thanks m0nty for the correction. I'll change the code on my sites.

8
JamesSAEP
Re: Hiding comments & profiles from anonymous users
  • 2006/10/4 17:24

  • JamesSAEP

  • Just can't stay away

  • Posts: 732

  • Since: 2005/2/28


M0nty, I made the change you suggested and this gave the following error when i would click on a username:

No User Selected! Please go back and try again.

It will allow me to edit my profile. I also need to correct the code I posted earlier. What I have currently have is:
$uid intval($_GET['uid']);
if (
$uid <= 0) {
    
redirect_header('index.php'3_US_SELECTNG);
    exit();
}


So, making your change restricted not only anonymous, but also Registered Users and Webmasters.

Thoughts?

9
krystinevo
Re: Hiding comments & profiles from anonymous users

What was the final verdict on this one...?

I made the change James suggested, and it worked great. Am I supposed to make any more changes in code?

Thanks in advance,

Kristine
Everything is as it should be

10
m0nty
Re: Hiding comments & profiles from anonymous users
  • 2006/10/5 19:54

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


not sure James, i've tried it on my site and it works fine (xoops 2.0.15 currently) but it also worked fine on 2.0.13.2 & 2.0.14..

here's the lines from m y userinfo.php

$uid intval($_GET['uid']);
if (
$uid <= 0) {
    
redirect_header('index.php'3_US_SELECTNG);
    exit();
}

if (!
is_object($xoopsUser)) {
redirect_header('index.php',3,_NOPERM);
exit();
}
$gperm_handler = & xoops_gethandler'groupperm' );
$groups is_object($xoopsUser) ? $xoopsUser->getGroups() : XOOPS_GROUP_ANONYMOUS;


you can checkout at http://72.29.82.174/~wwcncom/test2010/ if anonymous, it will say u have no permission, if logged on, it will let u view the profile.. :S

if having 'is_object' doesn't work for you, i dunno why, but if it works as you are using it without, then leave it as is being as it works :), but it is better to actually use is_object than not.. (i can't say why it's better, just that I was always told to use that instead of just !$xoopsUser), as it's the proper way of doing it. so i kept with doing it as a matter of practice..

maybe a more experienced coder can say why it's better to use is_object($xoopsUser) than just $xooopsUser??? i'd be curious to remember y too.. (i was told but i've forgotten the reasons..) i know 'is_object' will check if the variable in this case $xoopsUser is actually an object, but in this situation i can't actually remember why is_object($xoopsUser) is better than just $xoopsUser..

Login

Who's Online

356 user(s) are online (277 user(s) are browsing Support Forums)


Members: 0


Guests: 356


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits