1
Abishai
How do I stop guests from viewing registered user profiles?
  • 2004/3/19 0:46

  • Abishai

  • Just popping in

  • Posts: 21

  • Since: 2003/10/27


Please, I would like to prevent guests from viewing my registered user profiles. How can I set this up on my site?

So far I have disabled users in the anonymous group from accessing the members module, but they can still click on a user name from any of the many blocks that link to user profiles.

If this question has been asked elsewhere (I searched extensively, but no luck) could you please direct me to it?

TIA

2
sunsnapper
Re: How do I stop guests from viewing registered user profiles?

I think you can hide (disable) the blocks for Anonymous Users. I believe you can control that in either the blocks or Groups control panel.

Now, if what you are saying is that in a module, like the forum, they are clicking on a users name and that leads to the user profile... the only thing I can think of is to modify the template to do a check to see if the user is signed in before it makes it an active link.

In my theme, I have a test to see if a person is signed in (and a further test to see if they are admin). Unfortunately, I think the syntax might be slightly different in templates (though I could be wrong).


Perhaps another helper will jump in to make the legit for templates (unless it already is). I think smarty requires it to be written differently.

Anyways, here's what I have in my theme... perhaps it will serve as a starting point for you. Obviously you would need to modify it, turning off the <a href...> and </a> for people who are not signed in.


<{if $xoops_isadmin}>
        <
a href="<{$xoops_url}>/admin.php">Administration</a> | 
      <{/if}>

    <{if 
$xoops_isuser}> 
     <
a href="<{$xoops_url}>/signout/">Sign Out</a> | 
     <
a href="<{$xoops_url}>/myaccount/">My Account</a> | 

    <{else}> 
      <
a href="<{$xoops_url}>/myaccount/">Sign In</a> |
    <{/if}>

3
Abishai
Re: How do I stop guests from viewing registered user profiles?
  • 2004/3/19 2:10

  • Abishai

  • Just popping in

  • Posts: 21

  • Since: 2003/10/27


Quote:

sunsnapper wrote:
...
Now, if what you are saying is that in a module, like the forum, they are clicking on a users name and that leads to the user profile... the only thing I can think of is to modify the template to do a check to see if the user is signed in before it makes it an active link.
...


This is exactly what I mean. There are live links to user profiles all over xoops, and I think that is great, but only for registered users. Guests should not have access to registered user profiles (in my site at least).

From your code, I gather that I'll be modifiying a lot of templates. If that's the case so be it, but I still would like an easy way out (if there's any).

4
ajaxbr
Re: How do I stop guests from viewing registered user profiles?
  • 2004/3/19 3:15

  • ajaxbr

  • Quite a regular

  • Posts: 276

  • Since: 2003/10/25


I always put this on my todo queue and tonight, of all nights, I tried it.

Open userinfo.php and find
$xoopsOption['pagetype'] = 'user';
include 
'mainfile.php';
include_once 
XOOPS_ROOT_PATH.'/class/module.textsanitizer.php';

Then add the following (from admin.php) just below it, so that it's between the above and "$uid = intval($HTTP_GET_VARS['uid']);"
Code to add:
include XOOPS_ROOT_PATH."/include/cp_functions.php";
if ( !
$xoopsUser ) {
    
redirect_header('index.php',3,_AD_NORIGHT);
    exit();
}

This hardcodes that only members can view profiles, no matter where people find the users profiles links (well, I might be wrong, I feel so wrong tonite) but I guess it's a little broken because it'll display "_AD_NORIGHT" instead of the language string in the redirect page. But I'm way too tired to try to figure out why.

5
Abishai
Re: How do I stop guests from viewing registered user profiles?
  • 2004/3/19 8:14

  • Abishai

  • Just popping in

  • Posts: 21

  • Since: 2003/10/27


This works great! Thank you so much. I've done as you said except that I commented out the first line (the include one). I also created a new string for the error in the redirect page.

Once again, thank you for your great help, guys!

6
Mithrandir
Re: How do I stop guests from viewing registered user profiles?

You don't need to include cp_functions.php

just the if (!$xoopsUser) clause will do - the language constant can be replaced with _NOPERM

7
ajaxbr
Re: How do I stop guests from viewing registered user profiles?
  • 2004/3/22 12:53

  • ajaxbr

  • Quite a regular

  • Posts: 276

  • Since: 2003/10/25


Thanks, Mith! I'll make it so in my running version.
It would be nice if anybody could make this work using group permissions, so it's now on my todo list. Feel free to hack it before my time limit, which ends when hell freezes over, give or take a couple days

8
Dave_L
Re: How do I stop guests from viewing registered user profiles?
  • 2004/3/22 15:23

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7


Here's a more concise way of doing it:

$xoopsUser or redirect_header('index.php'3_NOPERM);


9
ajaxbr
Re: How do I stop guests from viewing registered user profiles?
  • 2004/3/22 17:25

  • ajaxbr

  • Quite a regular

  • Posts: 276

  • Since: 2003/10/25


Thanks a lot, Dave... this is much more elegant, so nobody can say it's an ugly hack anymore

I just skimmed over /kernel/user.php and saw a "rank()", a "&getGroups()" and a "isAdmin()" in there... Could anyone who knows his/her PHP give us a hint about how to use this to check whether an user has stalking profile viewing rights? It'd be something like "get curious-user uid, check his rank, allow or deny access".

Perhaps something like
$uid uid();
$xoopsrank rank(uid)
if !(
$xoopsrank == "Webmaster" || $xoopsrank == "Moderator" || $xoopsrank == "Masterator") {
    
redirect_header('index.php',3,_NOPERM);
    exit();
}
(sorry, no habla php)

10
treefrog
Re: How do I stop guests from viewing registered user profiles?
  • 2004/4/24 20:56

  • treefrog

  • Just popping in

  • Posts: 20

  • Since: 2004/4/17


I tried both:

$xoopsUser or redirect_header('index.php', 3, _NOPERM);

and the if clause version above. Both only render a completely blank page for me when I test it out as a guest user...

am I missing something?


Is it possible to add a:

<{if $xoops_isuser}>

somewhere in the template instead? If so, where would be the best place?

Could I actually just plug it in the certain boxes in the table for just the info I'd like covered? (i.e., the email address)

I'm sorry to sound like a ditz... I'm still trying to understand PHP...

Login

Username:
Password:

Lost Password? Register now!

Who's Online

68 user(s) are online (39 user(s) are browsing Support Forums)


Members: 0


Guests: 68


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jan 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits