Posted on: 12/30/09 05:31pm
By: Anonymous (MikeD)
Is it possible to set things up so that a certain group of registered users are not allowed to post stories (or links and calendar events for that matter) and other registered users can post to these areas?
Or is it only an "all or nothing" case where if you're registered you can post, and anonymous can't?
Thanks.
Re: Limiting who can post stories
Posted on: 12/31/09 12:15pm
By: 1000ideen
No you can change that in the setup configuration internally. E.g. guests may post stories / comments or not, stories / comments may be reviewed by moderators or not.
Most other systems have to lock down these features for guests as they can`t handle spam posts or comments propperly. GL doesn`t have many problems with that.
Re: Limiting who can post stories
Posted on: 12/31/09 01:19pm
By: Anonymous (MikeD)
Most other systems have to lock down these features for guests as they can`t handle spam posts or comments propperly. GL doesn`t have many problems with that.[/p]
I'm not referring to guest users, but users who have registered and have logins. Is it possible to further break down the signed up member users into a group who can submit items and a group who can't?
Re: Limiting who can post stories
Posted on: 12/31/09 02:27pm
By: 1000ideen
Quote by: MikeDOr is it only an "all or nothing" case where if you're registered you can post, and anonymous can't?
In the last line you DID refer to guests!
Anyway, yes you can take away the right so submit stories and have a group of "editors" and a group of "members". Or you could have them all submit stories but moderate those of the non editors.
Re: Limiting who can post stories
Posted on: 12/31/09 03:18pm
By: Anonymous (MikeD)
Anyway, yes you can take away the right so submit stories and have a group of "editors" and a group of "members". Or you could have them all submit stories but moderate those of the non editors.[/p]
At the risk of showing my ignorance, how does one remove the right to submit an item from a registered user?
Re: Limiting who can post stories
Posted on: 01/01/10 10:38am
By: Dirk
Quote by: MikeDAt the risk of showing my ignorance, how does one remove the right to submit an item from a registered user?
I'd be interested in that answer, too, since I don't think it's possible :wink: Otherwise, we wouldn't need
this feature request[*1] .
When a user can see a topic, they can submit a story for that topic. You can hide the "Contribute" link to make it less obvious, but they will still be able to do it.
bye, Dirk
Re: Limiting who can post stories
Posted on: 01/02/10 05:55am
By: jmucchiello
Adding a story.contrib feature to the system is relatively simple. It mostly involves changing submit.php. To use this you have to add a feature to the database. Then you add that feature to a user group. Users whom you wish to be able to contribute stories must be added to the new group in order to have access to the submit feature.
insert into gl_features (ft_name, ft_descr, ft_gl_core) values ('story.contrib','Allowed to contribute stories',0)
In submit.php:
Text Formatted Code
$contrib_required = SEC_featureExists($type.'.contrib');
// search for the next line and then add the line above and the extra if statements below
if (($mode == $LANG12[8]) && !empty ($LANG12[8])) { // submit
if (empty ($_USER['username']) &&
(($_CONF['loginrequired'] == 1) || ($_CONF['submitloginrequired'] == 1))) {
$display = COM_refresh ($_CONF['site_url'] . '/index.php');
} else if ($contrib_required && !SEC_hasRights($type.'.contrib')) {
$display = COM_refresh ($_CONF['site_url'] . '/index.php');
<snip>
} else {
if ($contrib_required && !SEC_hasRights($type.'.contrib')) {
echo COM_refresh ($_CONF['site_url'] . '/index.php'); // this should probably return a message telling the user he needs permission to contribute stories
exit;
} else if ((strlen ($type) > 0) && ($type <> 'story')) {
And you need to add the function I created. It should go into lib-security.php but if you are doing this as a patch, just add it to submit.php
Text Formatted Code
function SEC_featureExists($feature)
{
global $_TABLES;
return DB_count($_TABLES['features'], 'ft_name',$feature) > 0;
}
I didn't test it but this should also work with other contributable items. If you add a calendar.contrib (or is it event.contrib) feature to the database, event submission would be disabled for anyone without the feature.
My geeklog hacking may be rusty. Did I forget anything?
Re: Limiting who can post stories
Posted on: 01/02/10 09:17am
By: rob28
You can do this very easy.
To create a group that cannot post stories go to Groups > New > Then make sure they do not have story.submit ticked, assign any other permission you wish and save.
Then assign the group to the users you wish. Then make another group, give them story.submit permission and assign to who you wish.
Re: Limiting who can post stories
Posted on: 01/02/10 09:26am
By: Dirk
Quote by: rob28To create a group that cannot post stories go to Groups > New > Then make sure they do not have story.submit ticked
Did you try that? story.submit is the right to skip the story submission queue. Users without that right can still submit stories - they'll only end up in the submission queue.
bye, Dirk
Re: Limiting who can post stories
Posted on: 01/02/10 01:30pm
By: winnerdk
After upgrading to GL 1.6.1 all of a sudden I'm getting hammered (again) by spam posts from anonymous users.
I looked for an option in the configuration menu to only allow registered users with a password to be allowed to submit stories. I'm assuming it's there and that I just can't find it, so can someone please point the way? Also, I had some issues with these menus after the upgrade, so maybe they are still screwed up and not showing all of the options?
In any event, where (should) this option be appearing?
Thanks...
Don
www.panama-guide.com
Re: Limiting who can post stories
Posted on: 01/02/10 02:10pm
By: Dirk
Quote by: winnerdkI looked for an option in the configuration menu to only allow registered users with a password to be allowed to submit stories
Configuration > Geeklog > Users and Submissions > Login Settings > Submit Login Required?
bye, Dirk
Re: Limiting who can post stories
Posted on: 01/02/10 02:18pm
By: winnerdk
Right. I have that set to "true" but according to the docs for that option - "When set to 1, only registered users can submit stories and items handled by plugins, e.g. links and events"
For some reason, anonymous (meaning, not registered and not logged in) are still able to submit stories.
Are stories and articles handled by plugins? I don't think so, right?
So maybe therefore random anonymous users are still allowed to spam my website, even though this is currently set to "true?"
It's either that, or something's broke.
Try it - visit the website, don't log in, and try to submit something... The system allows it to happen, and the spam ends up in my submission queue. I mean, I just go in there and delete about 20 per day, but it's a pain in the butt.
Don
www.panama-guide.com
Re: Limiting who can post stories
Posted on: 01/02/10 02:32pm
By: Dirk
Quote by: winnerdkTry it - visit the website, don't log in, and try to submit something... The system allows it to happen
Indeed. The interesting thing, however, is that it offers me a "Log Out" option - as anonymous user.
My guess is that the anonymous user account - for some reason - is also in the group "Logged-In Users".
Can you do SQL requests, e.g. in phpMyAdmin? Try something like this (this is from the command line):
Text Formatted Code
mysql> SELECT * FROM gl_group_assignments WHERE ug_uid = 1;
+----------------+--------+-----------+
| ug_main_grp_id | ug_uid | ug_grp_id |
+----------------+--------+-----------+
| 2 | 1 | NULL |
+----------------+--------+-----------+
1 row in set (0.00 sec)
This is how it should be - the anonymous user account (uid 1) is only in group #2 (All Users).
If it also lists 13 (Logged-In Users), then that's your problem. In that case, try:
Text Formatted Code
DELETE FROM gl_group_assignments WHERE ug_uid = 1 AND ug_main_grp_id = 13;
bye, Dirk
Re: Limiting who can post stories
Posted on: 01/02/10 03:18pm
By: winnerdk
OK, I checked and the first part was as it should be (2,1,null)
I also ran:
Text Formatted Code
DELETE FROM gl_group_assignments WHERE ug_uid = 1 AND ug_main_grp_id = 13;
Now what... I don't know if that fixed the problem.
Don
www.panama-guide.com
Re: Limiting who can post stories
Posted on: 01/02/10 03:20pm
By: winnerdk
Nope, when I logged out and came back as an anonymous user it still allows me to submit articles and if still also displays the "log out" option like you said.
Problem still there.
Don
www.panama-guide.com
Re: Limiting who can post stories
Posted on: 01/02/10 03:52pm
By: Dirk
Very odd. Another thing worth trying may be to clear out all sessions from anonymous users:
Text Formatted Code
DELETE FROM gl_sessions WHERE uid = 1;
Or maybe you have a user with uid 0 - could you check that?
bye, Dirk
Re: Limiting who can post stories
Posted on: 01/02/10 04:06pm
By: winnerdk
I did check, and actually the first user ID listed is 2.
There is no 0 or 1.
Don
www.panama-guide.com
Re: Limiting who can post stories
Posted on: 01/04/10 10:55am
By: winnerdk
Dirk;
Please check your email and get back to me. Thanks.
Don
www.panama-guide.com
Re: Limiting who can post stories
Posted on: 01/04/10 11:53am
By: Laugh
Quote by: winnerdkI did check, and actually the first user ID listed is 2.
There is no 0 or 1.
Don
www.panama-guide.com
You should have a user with the Id of 1 called Anonymous.
Re: Limiting who can post stories
Posted on: 01/04/10 12:19pm
By: winnerdk
Yeah, I know. Apparently that's part of my problem. I've been having all kinds of weird database related problems since I upgraded to GL 1.6.1. I don't think the database ever got properly and completely updated.
Don
www.panama-guide.com
Re: Limiting who can post stories
Posted on: 01/04/10 12:40pm
By: Laugh
Maybe your DB got corrupted at some point? I doubt Geeklog has had to update the Anonymous user record during an upgrade in a long time.
Re: Limiting who can post stories
Posted on: 01/04/10 12:57pm
By: winnerdk
I'm pretty sure it did. When I first tried to upgrade from GL 1.4.1 to GL 1.6.1, it worked "halfway" and I had to go back, restore a copy of a database backup, and try again.
The second time around it worked "a little better" but there are still some serious problems and issues.
The most important thing for me is that the website is working to some degree, meaning the data is there and the articles are there, but it's not 100%, that's for sure. There are all kinds of little problems and issues.
Also, I've been running GL since 2004 so the original database build has been upgraded about a half dozen times, and I suspect that many of the problems are somehow associated to the age of the site.
Don
www.panama-guide.com
Re: Limiting who can post stories
Posted on: 01/04/10 03:04pm
By: Laugh
Hmmm,
I wonder what went wrong? I actually just updated a 1.4.1 website to 1.6.1 last week and it went smoothly with the exception of a few template changes I needed to do..
Tom
Re: Limiting who can post stories
Posted on: 01/04/10 03:25pm
By: winnerdk
I don't know. For example, the poll plugin doesn't work. As a matter of fact all of the plugins have the "update" icon next to them, but when I hit "update" nothing happens. And, although I have GL 1.6.1 installed, in the plugin list it appears to think the database is running GL version 1.5.0 (which has never been installed.)
For example, under Admin when I hit "Plugins" - for the Static Pages plugin it reads:
Static Pages Data: 1.5.1, Code: 1.6.1 Update! 1.5.0
I have no idea what's wrong. But, I know something is wrong.
Don
www.panama-guide.com
Re: Limiting who can post stories
Posted on: 01/05/10 06:33am
By: 1000ideen
Quote by: Dirk
When a user can see a topic, they can submit a story for that topic. You can hide the "Contribute" link to make it less obvious, but they will still be able to do it.
bye,
Well, one would have to see what MikeD means, what the whole setup is like. Usually it is sufficient not to SEE the possibility to post a story.