xoops forums

Abishai

Just popping in
Posted on: 2004/3/19 0:46
Abishai
Abishai (Show more)
Just popping in
Posts: 21
Since: 2003/10/27
#1

How do I stop guests from viewing registered user profiles?

Please, I would like to prevent guests from viewing my registered user profiles. How can I set this up on my site?

So far I have disabled users in the anonymous group from accessing the members module, but they can still click on a user name from any of the many blocks that link to user profiles.

If this question has been asked elsewhere (I searched extensively, but no luck) could you please direct me to it?

TIA

sunsnapper

Friend of XOOPS
Posted on: 2004/3/19 0:59
sunsnapper
sunsnapper (Show more)
Friend of XOOPS
Posts: 403
Since: 2002/4/10
#2

Re: How do I stop guests from viewing registered user profiles?

I think you can hide (disable) the blocks for Anonymous Users. I believe you can control that in either the blocks or Groups control panel.

Now, if what you are saying is that in a module, like the forum, they are clicking on a users name and that leads to the user profile... the only thing I can think of is to modify the template to do a check to see if the user is signed in before it makes it an active link.

In my theme, I have a test to see if a person is signed in (and a further test to see if they are admin). Unfortunately, I think the syntax might be slightly different in templates (though I could be wrong).


Perhaps another helper will jump in to make the legit for templates (unless it already is). I think smarty requires it to be written differently.

Anyways, here's what I have in my theme... perhaps it will serve as a starting point for you. Obviously you would need to modify it, turning off the <a href...> and </a> for people who are not signed in.


<{if $xoops_isadmin}>
        <
a href="<{$xoops_url}>/admin.php">Administration</a> | 
      <{/if}>

    <{if 
$xoops_isuser}> 
     <
a href="<{$xoops_url}>/signout/">Sign Out</a> | 
     <
a href="<{$xoops_url}>/myaccount/">My Account</a> | 

    <{else}> 
      <
a href="<{$xoops_url}>/myaccount/">Sign In</a> |
    <{/if}>

Abishai

Just popping in
Posted on: 2004/3/19 2:10
Abishai
Abishai (Show more)
Just popping in
Posts: 21
Since: 2003/10/27
#3

Re: How do I stop guests from viewing registered user profiles?

Quote:

sunsnapper wrote:
...
Now, if what you are saying is that in a module, like the forum, they are clicking on a users name and that leads to the user profile... the only thing I can think of is to modify the template to do a check to see if the user is signed in before it makes it an active link.
...


This is exactly what I mean. There are live links to user profiles all over xoops, and I think that is great, but only for registered users. Guests should not have access to registered user profiles (in my site at least).

From your code, I gather that I'll be modifiying a lot of templates. If that's the case so be it, but I still would like an easy way out (if there's any).

ajaxbr

Quite a regular
Posted on: 2004/3/19 3:15
ajaxbr
ajaxbr (Show more)
Quite a regular
Posts: 276
Since: 2003/10/25
#4

Re: How do I stop guests from viewing registered user profiles?

I always put this on my todo queue and tonight, of all nights, I tried it.

Open userinfo.php and find
$xoopsOption['pagetype'] = 'user';
include 
'mainfile.php';
include_once 
XOOPS_ROOT_PATH.'/class/module.textsanitizer.php';

Then add the following (from admin.php) just below it, so that it's between the above and "$uid = intval($HTTP_GET_VARS['uid']);"
Code to add:
include XOOPS_ROOT_PATH."/include/cp_functions.php";
if ( !
$xoopsUser ) {
    
redirect_header('index.php',3,_AD_NORIGHT);
    exit();
}

This hardcodes that only members can view profiles, no matter where people find the users profiles links (well, I might be wrong, I feel so wrong tonite) but I guess it's a little broken because it'll display "_AD_NORIGHT" instead of the language string in the redirect page. But I'm way too tired to try to figure out why.

Abishai

Just popping in
Posted on: 2004/3/19 8:14
Abishai
Abishai (Show more)
Just popping in
Posts: 21
Since: 2003/10/27
#5

Re: How do I stop guests from viewing registered user profiles?

This works great! Thank you so much. I've done as you said except that I commented out the first line (the include one). I also created a new string for the error in the redirect page.

Once again, thank you for your great help, guys!

Mithrandir

XOOPS is my life!
Posted on: 2004/3/19 10:37
Mithrandir
Mithrandir (Show more)
XOOPS is my life!
Posts: 6320
Since: 2003/6/21
#6

Re: How do I stop guests from viewing registered user profiles?

You don't need to include cp_functions.php

just the if (!$xoopsUser) clause will do - the language constant can be replaced with _NOPERM

ajaxbr

Quite a regular
Posted on: 2004/3/22 12:53
ajaxbr
ajaxbr (Show more)
Quite a regular
Posts: 276
Since: 2003/10/25
#7

Re: How do I stop guests from viewing registered user profiles?

Thanks, Mith! I'll make it so in my running version.
It would be nice if anybody could make this work using group permissions, so it's now on my todo list. Feel free to hack it before my time limit, which ends when hell freezes over, give or take a couple days

Dave_L

XOOPS is my life!
Posted on: 2004/3/22 15:23
Dave_L
Dave_L (Show more)
XOOPS is my life!
Posts: 2277
Since: 2003/11/7
#8

Re: How do I stop guests from viewing registered user profiles?

Here's a more concise way of doing it:

$xoopsUser or redirect_header('index.php'3_NOPERM);

ajaxbr

Quite a regular
Posted on: 2004/3/22 17:25
ajaxbr
ajaxbr (Show more)
Quite a regular
Posts: 276
Since: 2003/10/25
#9

Re: How do I stop guests from viewing registered user profiles?

Thanks a lot, Dave... this is much more elegant, so nobody can say it's an ugly hack anymore

I just skimmed over /kernel/user.php and saw a "rank()", a "&getGroups()" and a "isAdmin()" in there... Could anyone who knows his/her PHP give us a hint about how to use this to check whether an user has stalking profile viewing rights? It'd be something like "get curious-user uid, check his rank, allow or deny access".

Perhaps something like
$uid uid();
$xoopsrank rank(uid)
if !(
$xoopsrank == "Webmaster" || $xoopsrank == "Moderator" || $xoopsrank == "Masterator") {
    
redirect_header('index.php',3,_NOPERM);
    exit();
}
(sorry, no habla php)

treefrog

Just popping in
Posted on: 2004/4/24 20:56
treefrog
treefrog (Show more)
Just popping in
Posts: 20
Since: 2004/4/17
#10

Re: How do I stop guests from viewing registered user profiles?

I tried both:

$xoopsUser or redirect_header('index.php', 3, _NOPERM);

and the if clause version above. Both only render a completely blank page for me when I test it out as a guest user...

am I missing something?


Is it possible to add a:

<{if $xoops_isuser}>

somewhere in the template instead? If so, where would be the best place?

Could I actually just plug it in the certain boxes in the table for just the info I'd like covered? (i.e., the email address)

I'm sorry to sound like a ditz... I'm still trying to understand PHP...