Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Profile fields viewing rights  (Read 6418 times)

0 Members and 1 Guest are viewing this topic.

Hein Traag

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: nl
  • Offline Offline
  • Gender: Male
  • Posts: 2166
  • A, B, Cpg
    • Personal website - Spintires.nl
Profile fields viewing rights
« on: March 22, 2007, 01:17:53 pm »

The title, i hope, says it all. I have a couple of custom fields which new users have to fill in when they register. Two of the custom fields contain info which others users do not have any use for or are not allowed to see.

Now, what i would like is when a Registered user clicks on a username in the memberlist he/she only gets to see those fields which i allow them to see. And when a administrator clicks on a memberlist name all of the fields are shown including those that normal registered users do not see.

Can this be done ?

Thanks
Hein

** Title edited to make it better searchable **
« Last Edit: March 24, 2007, 01:32:20 pm by Hein »
Logged

Hein Traag

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: nl
  • Offline Offline
  • Gender: Male
  • Posts: 2166
  • A, B, Cpg
    • Personal website - Spintires.nl
Re: Member info viewing permissions
« Reply #1 on: March 23, 2007, 09:35:01 am »

I think it's this part in profile.php which needs some tweaking to stop fields from being displayed to registered users but will be shown to a admin.

Code: [Select]
$edit_profile_form_param = array(
    array('text', 'username', $lang_register_php['username']),
    array('text', 'reg_date', $lang_register_php['reg_date']),
    array('text', 'group', $lang_register_php['group']),
    array('text', 'email', $lang_register_php['email'],255),
    array('text', 'disk_usage', $lang_register_php['disk_usage']),
        array('input', 'user_profile1', $CONFIG['user_profile1_name'], 255),
        array('input', 'user_profile2', $CONFIG['user_profile2_name'], 255),
        array('input', 'user_profile3', $CONFIG['user_profile3_name'], 255),
        array('input', 'user_profile4', $CONFIG['user_profile4_name'], 255),
        array('input', 'user_profile5', $CONFIG['user_profile5_name'], 255),
        array('textarea', 'user_profile6', $CONFIG['user_profile6_name'], 255),
    );

I tried to do something with adding if (USER_ID){ etc.. but i can't get it to work  :-\

Hein
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Member info viewing permissions
« Reply #2 on: March 23, 2007, 09:48:08 am »

Haven't tested, but try
Code: [Select]
if (!GALLERY_ADMIN_MODE) {
  $edit_profile_form_param = array(
      array('text', 'username', $lang_register_php['username']),
      array('text', 'reg_date', $lang_register_php['reg_date']),
      array('text', 'group', $lang_register_php['group']),
      array('text', 'email', $lang_register_php['email'],255),
      array('text', 'disk_usage', $lang_register_php['disk_usage']),
      array('input', 'user_profile1', $CONFIG['user_profile1_name'], 255),
      array('input', 'user_profile2', $CONFIG['user_profile2_name'], 255),
      array('input', 'user_profile3', $CONFIG['user_profile3_name'], 255),
      array('input', 'user_profile4', $CONFIG['user_profile4_name'], 255),
      array('input', 'user_profile5', $CONFIG['user_profile5_name'], 255),
      array('textarea', 'user_profile6', $CONFIG['user_profile6_name'], 255),
  );
} else {
  $edit_profile_form_param = array(
      array('text', 'username', $lang_register_php['username']),
      array('text', 'reg_date', $lang_register_php['reg_date']),
      array('text', 'group', $lang_register_php['group']),
      array('text', 'email', $lang_register_php['email'],255),
      array('text', 'disk_usage', $lang_register_php['disk_usage']),
      array('input', 'user_profile1', $CONFIG['user_profile1_name'], 255),
      array('input', 'user_profile2', $CONFIG['user_profile2_name'], 255),
      array('input', 'user_profile3', $CONFIG['user_profile3_name'], 255),
  );
}
to remove the last three profile entries for non-admins.

Logged

Hein Traag

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: nl
  • Offline Offline
  • Gender: Male
  • Posts: 2166
  • A, B, Cpg
    • Personal website - Spintires.nl
Re: Member info viewing permissions
« Reply #3 on: March 23, 2007, 10:34:16 am »

Thanks GauGau.. unfortunately it did not work, although it does look promising.

Btw, thanks for looking at this.

Is this possible something that could be build into the admin.php so you can select which items are viewable by which group etc ?

Hein
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Member info viewing permissions
« Reply #4 on: March 23, 2007, 10:37:28 am »

Is this possible something that could be build into the admin.php so you can select which items are viewable by which group etc ?
Would need in-depth database structure changes. I don't think that this will go into the core. You're of course welcome to mod this.
« Last Edit: March 23, 2007, 10:43:52 am by Hein »
Logged

Hein Traag

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: nl
  • Offline Offline
  • Gender: Male
  • Posts: 2166
  • A, B, Cpg
    • Personal website - Spintires.nl
Re: Member info viewing permissions
« Reply #5 on: March 23, 2007, 10:44:24 am »

 ;D not with my coding skills i don't. I'll leave that to people who know how to code.

The code you posted to make a difference between admin viewing a user profile or a registered did not work. Is there a other way to make this happen ? I'd be happy to try any code posted , unfortunately i can't code myself  :-[ so i appreciate all the help i can get.

Thanks and regards,
Hein

Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Member info viewing permissions
« Reply #6 on: March 23, 2007, 02:39:53 pm »

Sorry, I had a typo in above posting: the check should be the other way round: GALLERY_ADMIN_MODE is defined if the visitor is an admin. Try turning the code the other way round.

The above code is used to compose the input fields. Haven't looked into this in detail, but I doubt that it is being used for output purposes - maybe you're looking at the wrong section of the code.

I can guarantee though that the switch
Code: [Select]
if (!GALLERY_ADMIN_MODE) {
  // non-admin stuff (i.e. user stuff) here
} else {
  // admin-only stuff here
}
should do what you're up to: determine wether an admin is logged in or not. Use the constant USER_ID only to determine wether the visitor is logged in or not. Something like
Code: [Select]
if (!USER_ID) {
  // guest stuff here
} else {
  // registered user (admin or non-admin) here
}
Logged

Hein Traag

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: nl
  • Offline Offline
  • Gender: Male
  • Posts: 2166
  • A, B, Cpg
    • Personal website - Spintires.nl
Re: Member info viewing permissions
« Reply #7 on: March 23, 2007, 11:58:35 pm »

You were right, i think, about looking at the wrong code section.

Code: [Select]
    $form_data = array('username' => $user_data['user_name'],
            'reg_date' => localised_date($user_data['user_regdate'], $register_date_fmt),
            'group' => $user_data['group_name'],
                        'user_profile1' => $user_data['user_profile1'],
                        'user_profile2' => $user_data['user_profile2'],
                        'user_profile3' => $user_data['user_profile3'],
                        'user_profile4' => $user_data['user_profile4'],
                        'user_profile5' => $user_data['user_profile5'],
                        'user_profile6' => bb_decode($user_data['user_profile6']),
                        'user_thumb' => $quick_jump,
                        'pic_count' => $pic_count,
            );

The above part which starts at line 460 is what displays the fields when someone click on a users profile. I'll tinker around with that using your code snippets and see what i can do.

Have a nice weekend!

Hein
Logged

Hein Traag

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: nl
  • Offline Offline
  • Gender: Male
  • Posts: 2166
  • A, B, Cpg
    • Personal website - Spintires.nl
Re: Member info viewing permissions
« Reply #8 on: March 24, 2007, 12:21:31 am »

 ;D Thanks GauGau for pointing me in the right direction.

Edited my profile.php at line 460 so it now looks like this:
Code: [Select]
if (!GALLERY_ADMIN_MODE) {
  // non-admin stuff (i.e. user stuff) here
        $form_data = array('username' => $user_data['user_name'],
            'reg_date' => localised_date($user_data['user_regdate'], $register_date_fmt),
            'group' => $user_data['group_name'],
                        'user_profile1' => $user_data['user_profile1'],
                        'user_profile6' => bb_decode($user_data['user_profile6']),
                        'user_thumb' => $quick_jump,
                        'pic_count' => $pic_count,
            );
} else {
  // admin-only stuff here
  $form_data = array('username' => $user_data['user_name'],
            'reg_date' => localised_date($user_data['user_regdate'], $register_date_fmt),
            'group' => $user_data['group_name'],
                        'user_profile1' => $user_data['user_profile1'],
                        'user_profile2' => $user_data['user_profile2'],
                        'user_profile3' => $user_data['user_profile3'],
                        'user_profile4' => $user_data['user_profile4'],
                        'user_profile5' => $user_data['user_profile5'],
                        'user_profile6' => bb_decode($user_data['user_profile6']),
                        'user_thumb' => $quick_jump,
                        'pic_count' => $pic_count,
            );
}

Which gives the usual CPG username and date when the user signed up and profile field 1 and 6 to registered users. And when an Admin logs in all profile fields are shown.

Thread marked solved.

Hein
Logged

tjiepie

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 39
Re: Profile fields viewing rights
« Reply #9 on: September 16, 2009, 12:33:30 am »

Thanks a lot.

GOOD TIP
Logged
Pages: [1]   Go Up
 

Page created in 0.022 seconds with 20 queries.