Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 12:15 pm EDT

Geeklog Forums

Limiting who can post stories

Page navigation


MikeD

Anonymous
Is it possible to set things up so that a certain group of registered users are not allowed to post stories (or links and calendar events for that matter) and other registered users can post to these areas?
Or is it only an "all or nothing" case where if you're registered you can post, and anonymous can't?

Thanks.

 Quote

Status: offline

1000ideen

Forum User
Full Member
Registered: 08/04/03
Posts: 1298
No you can change that in the setup configuration internally. E.g. guests may post stories / comments or not, stories / comments may be reviewed by moderators or not.

Most other systems have to lock down these features for guests as they can`t handle spam posts or comments propperly. GL doesn`t have many problems with that.
 Quote

MikeD

Anonymous
Most other systems have to lock down these features for guests as they can`t handle spam posts or comments propperly. GL doesn`t have many problems with that.[/p]


I'm not referring to guest users, but users who have registered and have logins. Is it possible to further break down the signed up member users into a group who can submit items and a group who can't?
 Quote

Status: offline

1000ideen

Forum User
Full Member
Registered: 08/04/03
Posts: 1298
Quote by: MikeD

Or is it only an "all or nothing" case where if you're registered you can post, and anonymous can't?


In the last line you DID refer to guests!

Anyway, yes you can take away the right so submit stories and have a group of "editors" and a group of "members". Or you could have them all submit stories but moderate those of the non editors.
 Quote

MikeD

Anonymous
Anyway, yes you can take away the right so submit stories and have a group of "editors" and a group of "members". Or you could have them all submit stories but moderate those of the non editors.[/p]


At the risk of showing my ignorance, how does one remove the right to submit an item from a registered user?
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by: MikeD

At the risk of showing my ignorance, how does one remove the right to submit an item from a registered user?


I'd be interested in that answer, too, since I don't think it's possible :wink: Otherwise, we wouldn't need this feature request.

When a user can see a topic, they can submit a story for that topic. You can hide the "Contribute" link to make it less obvious, but they will still be able to do it.

bye, Dirk
 Quote

Status: offline

jmucchiello

Forum User
Full Member
Registered: 08/29/05
Posts: 985
Adding a story.contrib feature to the system is relatively simple. It mostly involves changing submit.php. To use this you have to add a feature to the database. Then you add that feature to a user group. Users whom you wish to be able to contribute stories must be added to the new group in order to have access to the submit feature.

insert into gl_features (ft_name, ft_descr, ft_gl_core) values ('story.contrib','Allowed to contribute stories',0)

In submit.php:
Text Formatted Code

$contrib_required = SEC_featureExists($type.'.contrib');

// search for the next line and then add the line above and the extra if statements below
if (($mode == $LANG12[8]) && !empty ($LANG12[8])) { // submit
    if (empty ($_USER['username']) &&
        (($_CONF['loginrequired'] == 1) || ($_CONF['submitloginrequired'] == 1))) {
        $display = COM_refresh ($_CONF['site_url'] . '/index.php');
    } else if ($contrib_required && !SEC_hasRights($type.'.contrib')) {
        $display = COM_refresh ($_CONF['site_url'] . '/index.php');

<snip>
} else {
    if ($contrib_required && !SEC_hasRights($type.'.contrib')) {
        echo COM_refresh ($_CONF['site_url'] . '/index.php'); // this should probably return a message telling the user he needs permission to contribute stories
        exit;
    } else if ((strlen ($type) > 0) && ($type <> 'story')) {
 

And you need to add the function I created. It should go into lib-security.php but if you are doing this as a patch, just add it to submit.php
Text Formatted Code

function SEC_featureExists($feature)
{
    global $_TABLES;
   
    return DB_count($_TABLES['features'], 'ft_name',$feature) > 0;
}
 

I didn't test it but this should also work with other contributable items. If you add a calendar.contrib (or is it event.contrib) feature to the database, event submission would be disabled for anyone without the feature.

My geeklog hacking may be rusty. Did I forget anything?
 Quote

Status: offline

rob28

Forum User
Junior
Registered: 11/13/09
Posts: 28
You can do this very easy.

To create a group that cannot post stories go to Groups > New > Then make sure they do not have story.submit ticked, assign any other permission you wish and save.

Then assign the group to the users you wish. Then make another group, give them story.submit permission and assign to who you wish.
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by: rob28

To create a group that cannot post stories go to Groups > New > Then make sure they do not have story.submit ticked


Did you try that? story.submit is the right to skip the story submission queue. Users without that right can still submit stories - they'll only end up in the submission queue.

bye, Dirk
 Quote

Status: offline

winnerdk

Forum User
Full Member
Registered: 04/24/05
Posts: 339
Location:Panama City, Republic of Panama
After upgrading to GL 1.6.1 all of a sudden I'm getting hammered (again) by spam posts from anonymous users.

I looked for an option in the configuration menu to only allow registered users with a password to be allowed to submit stories. I'm assuming it's there and that I just can't find it, so can someone please point the way? Also, I had some issues with these menus after the upgrade, so maybe they are still screwed up and not showing all of the options?

In any event, where (should) this option be appearing?

Thanks...

Don
www.panama-guide.com
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by: winnerdk

I looked for an option in the configuration menu to only allow registered users with a password to be allowed to submit stories


Configuration > Geeklog > Users and Submissions > Login Settings > Submit Login Required?

bye, Dirk
 Quote

Status: offline

winnerdk

Forum User
Full Member
Registered: 04/24/05
Posts: 339
Location:Panama City, Republic of Panama
Right. I have that set to "true" but according to the docs for that option - "When set to 1, only registered users can submit stories and items handled by plugins, e.g. links and events"

For some reason, anonymous (meaning, not registered and not logged in) are still able to submit stories.

Are stories and articles handled by plugins? I don't think so, right?

So maybe therefore random anonymous users are still allowed to spam my website, even though this is currently set to "true?"

It's either that, or something's broke.

Try it - visit the website, don't log in, and try to submit something... The system allows it to happen, and the spam ends up in my submission queue. I mean, I just go in there and delete about 20 per day, but it's a pain in the butt.

Don
www.panama-guide.com
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by: winnerdk

Try it - visit the website, don't log in, and try to submit something... The system allows it to happen


Indeed. The interesting thing, however, is that it offers me a "Log Out" option - as anonymous user.

My guess is that the anonymous user account - for some reason - is also in the group "Logged-In Users".

Can you do SQL requests, e.g. in phpMyAdmin? Try something like this (this is from the command line):
Text Formatted Code
mysql> SELECT * FROM gl_group_assignments WHERE ug_uid = 1;
+----------------+--------+-----------+
| ug_main_grp_id | ug_uid | ug_grp_id |
+----------------+--------+-----------+
|              2 |      1 |      NULL |
+----------------+--------+-----------+
1 row in set (0.00 sec)

This is how it should be - the anonymous user account (uid 1) is only in group #2 (All Users).


If it also lists 13 (Logged-In Users), then that's your problem. In that case, try:
Text Formatted Code
DELETE FROM gl_group_assignments WHERE ug_uid = 1 AND ug_main_grp_id = 13;


bye, Dirk
 Quote

Status: offline

winnerdk

Forum User
Full Member
Registered: 04/24/05
Posts: 339
Location:Panama City, Republic of Panama
OK, I checked and the first part was as it should be (2,1,null)

I also ran:

Text Formatted Code
DELETE FROM gl_group_assignments WHERE ug_uid = 1 AND ug_main_grp_id = 13;


Now what... I don't know if that fixed the problem.

Don
www.panama-guide.com
 Quote

Status: offline

winnerdk

Forum User
Full Member
Registered: 04/24/05
Posts: 339
Location:Panama City, Republic of Panama
Nope, when I logged out and came back as an anonymous user it still allows me to submit articles and if still also displays the "log out" option like you said.

Problem still there.

Don
www.panama-guide.com
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Very odd. Another thing worth trying may be to clear out all sessions from anonymous users:
Text Formatted Code
DELETE FROM gl_sessions WHERE uid = 1;


Or maybe you have a user with uid 0 - could you check that?

bye, Dirk
 Quote

Status: offline

winnerdk

Forum User
Full Member
Registered: 04/24/05
Posts: 339
Location:Panama City, Republic of Panama
I did check, and actually the first user ID listed is 2.

There is no 0 or 1.

Don
www.panama-guide.com
 Quote

Status: offline

winnerdk

Forum User
Full Member
Registered: 04/24/05
Posts: 339
Location:Panama City, Republic of Panama
Dirk;

Please check your email and get back to me. Thanks.

Don
www.panama-guide.com
 Quote

Status: offline

Laugh

Site Admin
Admin
Registered: 09/27/05
Posts: 1468
Location:Canada
Quote by: winnerdk

I did check, and actually the first user ID listed is 2.

There is no 0 or 1.

Don
www.panama-guide.com



You should have a user with the Id of 1 called Anonymous.
One of the Geeklog Core Developers.
 Quote

Status: offline

winnerdk

Forum User
Full Member
Registered: 04/24/05
Posts: 339
Location:Panama City, Republic of Panama
Yeah, I know. Apparently that's part of my problem. I've been having all kinds of weird database related problems since I upgraded to GL 1.6.1. I don't think the database ever got properly and completely updated.

Don
www.panama-guide.com
 Quote

Page navigation

All times are EDT. The time is now 12:15 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content