Profile fields viewing rights Profile fields viewing rights
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Profile fields viewing rights

Started by Hein Traag, March 22, 2007, 01:17:53 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Hein Traag

The title, i hope, says it all. I have a couple of custom fields which new users have to fill in when they register. Two of the custom fields contain info which others users do not have any use for or are not allowed to see.

Now, what i would like is when a Registered user clicks on a username in the memberlist he/she only gets to see those fields which i allow them to see. And when a administrator clicks on a memberlist name all of the fields are shown including those that normal registered users do not see.

Can this be done ?

Thanks
Hein

** Title edited to make it better searchable **

Hein Traag

I think it's this part in profile.php which needs some tweaking to stop fields from being displayed to registered users but will be shown to a admin.

$edit_profile_form_param = array(
    array('text', 'username', $lang_register_php['username']),
    array('text', 'reg_date', $lang_register_php['reg_date']),
    array('text', 'group', $lang_register_php['group']),
    array('text', 'email', $lang_register_php['email'],255),
    array('text', 'disk_usage', $lang_register_php['disk_usage']),
        array('input', 'user_profile1', $CONFIG['user_profile1_name'], 255),
        array('input', 'user_profile2', $CONFIG['user_profile2_name'], 255),
        array('input', 'user_profile3', $CONFIG['user_profile3_name'], 255),
        array('input', 'user_profile4', $CONFIG['user_profile4_name'], 255),
        array('input', 'user_profile5', $CONFIG['user_profile5_name'], 255),
        array('textarea', 'user_profile6', $CONFIG['user_profile6_name'], 255),
    );


I tried to do something with adding if (USER_ID){ etc.. but i can't get it to work  :-\

Hein

Joachim Müller

Haven't tested, but tryif (!GALLERY_ADMIN_MODE) {
  $edit_profile_form_param = array(
      array('text', 'username', $lang_register_php['username']),
      array('text', 'reg_date', $lang_register_php['reg_date']),
      array('text', 'group', $lang_register_php['group']),
      array('text', 'email', $lang_register_php['email'],255),
      array('text', 'disk_usage', $lang_register_php['disk_usage']),
      array('input', 'user_profile1', $CONFIG['user_profile1_name'], 255),
      array('input', 'user_profile2', $CONFIG['user_profile2_name'], 255),
      array('input', 'user_profile3', $CONFIG['user_profile3_name'], 255),
      array('input', 'user_profile4', $CONFIG['user_profile4_name'], 255),
      array('input', 'user_profile5', $CONFIG['user_profile5_name'], 255),
      array('textarea', 'user_profile6', $CONFIG['user_profile6_name'], 255),
  );
} else {
  $edit_profile_form_param = array(
      array('text', 'username', $lang_register_php['username']),
      array('text', 'reg_date', $lang_register_php['reg_date']),
      array('text', 'group', $lang_register_php['group']),
      array('text', 'email', $lang_register_php['email'],255),
      array('text', 'disk_usage', $lang_register_php['disk_usage']),
      array('input', 'user_profile1', $CONFIG['user_profile1_name'], 255),
      array('input', 'user_profile2', $CONFIG['user_profile2_name'], 255),
      array('input', 'user_profile3', $CONFIG['user_profile3_name'], 255),
  );
}
to remove the last three profile entries for non-admins.


Hein Traag

Thanks GauGau.. unfortunately it did not work, although it does look promising.

Btw, thanks for looking at this.

Is this possible something that could be build into the admin.php so you can select which items are viewable by which group etc ?

Hein

Joachim Müller

#4
Quote from: Hein on March 23, 2007, 10:34:16 AM
Is this possible something that could be build into the admin.php so you can select which items are viewable by which group etc ?
Would need in-depth database structure changes. I don't think that this will go into the core. You're of course welcome to mod this.

Hein Traag

 ;D not with my coding skills i don't. I'll leave that to people who know how to code.

The code you posted to make a difference between admin viewing a user profile or a registered did not work. Is there a other way to make this happen ? I'd be happy to try any code posted , unfortunately i can't code myself  :-[ so i appreciate all the help i can get.

Thanks and regards,
Hein


Joachim Müller

Sorry, I had a typo in above posting: the check should be the other way round: GALLERY_ADMIN_MODE is defined if the visitor is an admin. Try turning the code the other way round.

The above code is used to compose the input fields. Haven't looked into this in detail, but I doubt that it is being used for output purposes - maybe you're looking at the wrong section of the code.

I can guarantee though that the switch if (!GALLERY_ADMIN_MODE) {
  // non-admin stuff (i.e. user stuff) here
} else {
  // admin-only stuff here
}
should do what you're up to: determine wether an admin is logged in or not. Use the constant USER_ID only to determine wether the visitor is logged in or not. Something likeif (!USER_ID) {
  // guest stuff here
} else {
  // registered user (admin or non-admin) here
}

Hein Traag

You were right, i think, about looking at the wrong code section.

    $form_data = array('username' => $user_data['user_name'],
            'reg_date' => localised_date($user_data['user_regdate'], $register_date_fmt),
            'group' => $user_data['group_name'],
                        'user_profile1' => $user_data['user_profile1'],
                        'user_profile2' => $user_data['user_profile2'],
                        'user_profile3' => $user_data['user_profile3'],
                        'user_profile4' => $user_data['user_profile4'],
                        'user_profile5' => $user_data['user_profile5'],
                        'user_profile6' => bb_decode($user_data['user_profile6']),
                        'user_thumb' => $quick_jump,
                        'pic_count' => $pic_count,
            );


The above part which starts at line 460 is what displays the fields when someone click on a users profile. I'll tinker around with that using your code snippets and see what i can do.

Have a nice weekend!

Hein

Hein Traag

 ;D Thanks GauGau for pointing me in the right direction.

Edited my profile.php at line 460 so it now looks like this:
if (!GALLERY_ADMIN_MODE) {
  // non-admin stuff (i.e. user stuff) here
        $form_data = array('username' => $user_data['user_name'],
            'reg_date' => localised_date($user_data['user_regdate'], $register_date_fmt),
            'group' => $user_data['group_name'],
                        'user_profile1' => $user_data['user_profile1'],
                        'user_profile6' => bb_decode($user_data['user_profile6']),
                        'user_thumb' => $quick_jump,
                        'pic_count' => $pic_count,
            );
} else {
  // admin-only stuff here
$form_data = array('username' => $user_data['user_name'],
            'reg_date' => localised_date($user_data['user_regdate'], $register_date_fmt),
            'group' => $user_data['group_name'],
                        'user_profile1' => $user_data['user_profile1'],
                        'user_profile2' => $user_data['user_profile2'],
                        'user_profile3' => $user_data['user_profile3'],
                        'user_profile4' => $user_data['user_profile4'],
                        'user_profile5' => $user_data['user_profile5'],
                        'user_profile6' => bb_decode($user_data['user_profile6']),
                        'user_thumb' => $quick_jump,
                        'pic_count' => $pic_count,
            );
}


Which gives the usual CPG username and date when the user signed up and profile field 1 and 6 to registered users. And when an Admin logs in all profile fields are shown.

Thread marked solved.

Hein

tjiepie