| T O P I C R E V I E W |
| secretsquirrel |
Posted - 09 May 2007 : 02:03:08
Have looked but then again i'm a blind squirrel.
Is there a sin bin mod or could one be made?
I would like something so problem members could be sin binned for a certain time, say 2 weeks or 4 weeks depending on Admin or Moderators decision. During this time they will be able to read the forum but not post. Would also like it to send an email to that member with a place for Admin or Mods to put an explanation why they have been binned.< |
| 15 L A T E S T R E P L I E S (Newest First) |
| secretsquirrel |
Posted - 19 June 2007 : 12:40:55
Glad my topic gave you something to think over 
My forum is restricted to members only so its ok here but it would be funny if it was done so anyone trying to get around the ban and making a post get a warning that the attempt has been detected, email sent to admin and ban extended by a further week lol  < |
| PPSSWeb |
Posted - 17 May 2007 : 16:01:31
quote:
Originally posted by Jezmeister
there is a better way about this ;) it's the use of lots of queries in post_info.asp based on strDBNTUserName to detect usergroup... it's just relatively a lot of work. Etymon has also suggested the use of Huws old posting restrictions mod alongside the usergroups mod to do it... i have a copy just don't have time to do anything at the moment.
the reason there will be no quick way to fix post_info is because the entirity of the usergroups mod on the end of the user is based on cookies, when you post with that method the cookie isn't there and thus the usergroups mod is useless as it is.
Yeah, I was trying to work around this by trying to have the guest user assume another identity temporarily, but that just wasn't working out. It did however bend my brain a little trying to work it out. 
quote:
Originally posted by AnonJr
Actually, if you're going through all the work of installing the UserGroup MOD to refine permissions, it wouldn't be a bad idea at all to prohibit users from posting if they are not logged in. Esp. if you tie anything else into the UserGroup permissions.
My thoughts exactly. If you are going to go through all the effor, might as well lock it all down.
quote:
Originally posted by CalloftheHauntedMaster
Works for me.
Glad I could help then.  < |
| CalloftheHauntedMaster |
Posted - 17 May 2007 : 15:39:29
Works for me. I can finally use the temp forum ban feature without all these bypasses. < |
| AnonJr |
Posted - 17 May 2007 : 15:33:34
Actually, if you're going through all the work of installing the UserGroup MOD to refine permissions, it wouldn't be a bad idea at all to prohibit users from posting if they are not logged in. Esp. if you tie anything else into the UserGroup permissions.
I've found that being able to post without logging in creates some other interesting issues better discussed at another time in another thread. < |
| CalloftheHauntedMaster |
Posted - 17 May 2007 : 15:12:51
PPSSWeb, the fix you provided works, and it also prohibits all non-logged in posting, as Jezmeister said.
However, that might not be such a bad thing either.< |
| Jezmeister |
Posted - 17 May 2007 : 15:08:39
there is a better way about this ;) it's the use of lots of queries in post_info.asp based on strDBNTUserName to detect usergroup... it's just relatively a lot of work. Etymon has also suggested the use of Huws old posting restrictions mod alongside the usergroups mod to do it... i have a copy just don't have time to do anything at the moment.
the reason there will be no quick way to fix post_info is because the entirity of the usergroups mod on the end of the user is based on cookies, when you post with that method the cookie isn't there and thus the usergroups mod is useless as it is.< |
| PPSSWeb |
Posted - 17 May 2007 : 14:53:12
Is there a way to add a default user to the Members database with an ID of -1 and Mlev of 0 that could be used in the Usergroups to specify permissions for users that are not logged in?< |
| PPSSWeb |
Posted - 17 May 2007 : 13:53:21
I agree there has to be a better way, but this is all I could think of at the time.
I guess you could add generic member to the database. Then add a line to modify the MemberID if the DB query returns -1.
Something like:
Then you could restrict that account however you like via the UserGroups Admin functions. Does that make it any better, or just more confusing?
Scratch that, the above idea doesn't work. Of course, it seems that the addition Jezmeister mentioned above doesn't seem to add anything. The MemberID seems to return -1 with or without this code for guests for me.< |
| Jezmeister |
Posted - 17 May 2007 : 11:12:50
That would solve the issue, I was avoiding doing that as it removes the option to post one off while not logged in which may well not be desirable.< |
| PPSSWeb |
Posted - 17 May 2007 : 10:42:34
Ok, so the code posted above does work! At least I think it does. Just not where it was said to add it. Instead add it to the same location in Post.asp.
If the user is not logged in, the new code returns MemberID = -1. But nothing in the usergroups mod is set to check for this, so you need to add that bit too.
A little further down the page in Post.asp find:
and replace it with:
Someone please check this and see if the two parts combined fix the problem. Thanks< |
| PPSSWeb |
Posted - 17 May 2007 : 09:14:57
Now that I understand the problem better, I can reproduce it too. Unfortunately the code addition suggested above by Jezmeister did not fix it. I do however get a EOF error if I try posting with a username that does not exist in the database.< |
| PPSSWeb |
Posted - 16 May 2007 : 21:31:58
quote:
Originally posted by CalloftheHauntedMaster
Nope, this code doesn't prevent the problem.
Ah, I see now. I didn't understand and test your setup properly. All of my forums are configured as restricted (Registration Required with all forums Auth Type set to Members Only or Allowed Members List). Therefore a non-logged in user can not even view let alone access the forum.
< |
| CalloftheHauntedMaster |
Posted - 16 May 2007 : 21:12:25
Good luck on your exams.
In terms of the mod, I would think that a username check via the database would be necessary.
Unlogged member is about to post. In post_info.asp, the code checks the username with the database. If it's not in there, the post proceeds since the person isn't even a member. However, if the username has a database field, then that field is cross-referenced with the usergroup(s) that member is in. Then, a simple permissions check for that usergroup based on the forum is in order. If there are limitations, the post is adjusted accordingly.< |
| Jezmeister |
Posted - 15 May 2007 : 17:17:50
ok, i've never actually used the usergroup mod before so it was a shot in the dark really, if someone else doesn't I'll try and have a proper look at it later, 2 exams in 2 days now though so I should probably concentrate on them heh
btw, it's not gonna be possible to allow the existing code to be used, due to the fact all the functions in inc_func_common are relying on cookies... I also don't quite understand how this works, or at least where the useful data is stored - is the allowed usergroups table confusingly named? the only way to do this is going to be a series of queries, starting off fairly easily... bah I'll have a go at this when I have some time to get to grips with whats doing what.< |
| CalloftheHauntedMaster |
Posted - 15 May 2007 : 17:04:16
Tried it and it doesn't solve the problem...< |
