Dragonfly CMS v9 ⇒ Modules & Blocks ⇒ "My Account" Module always visible to All Visitors ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum IndexModules & Blocks

"My Account" Module always visible to All Visitors Reply to topic


Dragonfly 9.1.2.1

Go to page:
Administration Menu › Modules Administration
On row: "My Account", Click: Edit
Takes you to page: Administration Menu › Modules Edit
On this page:

Show this to: All Visitors | Registered... | Admin...

Try changing that to "Registered Users Only" or "Administrators Only"

Expected result:
----------------
To hide the My Account module from unregistered users. I've used the Simple Login Block to replace User Info on unlogged user pages.

Similar to this person's question:
dragonflycms.net/Forum...20434.html

Actual result:
--------------
"Save Changes" behaves normally, bringing you back to Modules Administration, but the change has not been made.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Debian/etch Apache/2.2.3 MySQL/5.0.32-Debian_7etch1-log PHP/5.2.0-8+etch7 Dragonfly CMS/9.1.2.1


When the module is not visible for unregistered people how should they be able to register then?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial


They won't.

It's a LAN on which I'm testing Dragonfly, so I'm taking that opportunity to build a closed community. The only member accounts are ones added by existing members and admin.

That's my main reason for replacing User Info on Anonymous Visitors pages. It's a simple user/pass form, without the extra data for a bot to crawl, etc. When a member logs in, they get the normal User Info block, set to "Registered Only", and the simple block goes away.

With that in mind, that's why I reported this as a bug: dragonflycms.net/Proje...d=980.html

I expected that either I could limit permission on that module, as I tried to, or that the option to do so wouldn't be listed.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Debian/etch Apache/2.2.3 MySQL/5.0.32-Debian_7etch1-log PHP/5.2.0-8+etch7 Dragonfly CMS/9.1.2.1


Just disable registering new members from admin->users settings and leave the Your_Account module active.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
-


Your_Account cannot be disabled.

Do what Eastlane says and remove/disable/hide the link to Your_Account from every menu using admin.php?op=cpgmm

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.7 / PHP 7.3 / head


Although I understand both sides, I would have to agree that this is a bug, if it can't be done, the option shouldn't exist.

-Dustin

Celebrity Babes | Celebrity Videos | Funny Videos | Information for Men

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux/Apache 1.3/4.1.21/5.2.1/9.2.0.RC1


I did what Eestlane suggests, since it's as close as we can get to what I wanted. If you follow the bug report link in-thread, you'll notice where I did so, then realized it wasn't the same as what I need.

Also, if you note the other relevant thread, linked in opening-post, you'll see:

subgal wrote
Is there a way to make it so a visitor cannot see a members profile information? If so, how?


At first I hadn't realized this was even an issue, but it is! Removing the links stops any human or bot unaware of Dragonfly's member profile methods, and if this were phpnuke I'd expect "that's good enough". That is not, however, secure.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Debian/etch Apache/2.2.3 MySQL/5.0.32-Debian_7etch1-log PHP/5.2.0-8+etch7 Dragonfly CMS/9.1.2.1


There's not much to see on a profile.

When anonymous has access to forums they can already find all the posts the member made and his website address.
That same info is on your profile page.

email address and PM buttons are only visible to members/admins anyway.

Basically speaking: forum post = profile page

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial


"My Account" is the only module not limited to "Registered Only". That's how I noticed.

The only page I'm exposing to visitors is News, which is set as Home, per default. It looks like: dragonflycms.net/bbupl...f-home.png

Remember, it's a template of a closed community I'm building; assuming I might pull it out of my hat if (hypothetically) a small/medium business wanted a simple intranet portal... possibly the default homepage on the office browsers.

I logged in and grabbed two links that could be useful if you knew them:
1) /index.php?name=Members_List
2) /index.php?name=Your_Account&profile=whatrevolution

Then I logged out.
1) The URL that you requested, /index.php?name=Members_List, requires preauthorization to access.
2) You get their profile page.

This hypothetical configuration being a business intranet means there's likely to be more data in a profile than the stock dragonfly profile. It could be business sensitive information, and at the least, it is able to show off some nice lists of URLs which give many clues to file paths, what other modules are available, and subject lines that show what's being discussed.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Debian/etch Apache/2.2.3 MySQL/5.0.32-Debian_7etch1-log PHP/5.2.0-8+etch7 Dragonfly CMS/9.1.2.1


whatrevolution wrote
"My Account" is the only module not limited to "Registered Only".


Except for News. News module is also visible to "All Visitors", just to be clear. It's evident in the screenshot attached, though.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Debian/etch Apache/2.2.3 MySQL/5.0.32-Debian_7etch1-log PHP/5.2.0-8+etch7 Dragonfly CMS/9.1.2.1


It shouldn't be very hard to modify Your_Account module and add is_user() or whatever that function was to show stuff only to users.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
-


That's a start.

dragonflycms.org/Forum...Fuser.html

if (!is_user()) { ... }

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Debian/etch Apache/2.2.3 MySQL/5.0.32-Debian_7etch1-log PHP/5.2.0-8+etch7 Dragonfly CMS/9.1.2.1


any more info on this, would be really nice that you can't allow anon users to come view user profiles for an "internal" site only.

thanks

-Dustin

Celebrity Babes | Celebrity Videos | Funny Videos | Information for Men

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux/Apache 1.3/4.1.21/5.2.1/9.2.0.RC1


Is this post in the right forum? I'm at a complete loss as to what 'help' is needed here.

It seems your trying to modify the app for your purpose, which is very cool BTW, but I don't see that DF is 'broken' or 'not working according to plan'.

Perhaps someone could summarize in better detail what help is needed or move the post.

J.
j e r u v y a t y a h o o d o t c o m

Need help? Look here: www.dragonflycms.org/W...d=112.html
Need to chat? Look for me on irc.freenode.net

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Ubuntu7.10/Debian3.1 - 2.2.3/1.3.37 - 5.0.38/4.0.27 - 5.2.1/4.4.7 - CVS/9.1.2}


I think people just want to make sure that anon users cannot browser user profiles, see user info, see their post titles , etc....Basically in admin/modules it you cannot set "My Account" to be registered only, even though it gives you the option to do so.

-Dustin

Celebrity Babes | Celebrity Videos | Funny Videos | Information for Men

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux/Apache 1.3/4.1.21/5.2.1/9.2.0.RC1

All times are UTC


Jump to: