Snitz™ Forums 2000
https://forum.snitz.com/forumTopic/Posts/64720?pagenum=1
05 November 2025, 04:04
Topic
secretsquirrel
Sin Bin Mod
09 May 2007, 02:03
Have looked but then again i'm a blind squirrel.
Is there a sin bin mod or could one be made?
I would like something so problem members could be sin binned for a certain time, say 2 weeks or 4 weeks depending on Admin or Moderators decision. During this time they will be able to read the forum but not post. Would also like it to send an email to that member with a place for Admin or Mods to put an explanation why they have been binned.<
Replies ...
MarcelG
09 May 2007, 03:49
Sin Bin ? Ah, I see....you might want to try and search for the probation mod. Sounds similar.<
AnonJr
09 May 2007, 06:30
Either that or you could use the UserGroups MOD to set up a "Read Only" group and move them there. They wouldn't be moved out until you manually moved them out though.<
secretsquirrel
09 May 2007, 10:56
Thankyou for the help. I've been thinking about the UserGroups mod so this would be a good reason to put it in.<
CalloftheHauntedMaster
15 May 2007, 13:43
Usergroups mod won't work for this if your members are smart.
If logged out, members can click on the "post link", enter their username and password, and still post...<
Jezmeister
15 May 2007, 14:01
simply adding usergroup checks to the normal checks in post_info would get around that fairly easily, very quickly and roughly simply adding the check to where post_info redirects non-members would get around it.<
CalloftheHauntedMaster
15 May 2007, 14:18
Could you please provide the code for that? Pretty please?<
Jezmeister
15 May 2007, 14:41
Erm, I just downloaded the usergroups mod from this topic and it already covers that... the first instance of usergroups in post_info.asp prevents anyone banned from a forum from posting...<
CalloftheHauntedMaster
15 May 2007, 14:50
I downloaded the same one, and it didn't have that...
What code exactly is supposed to prevent this?<
PPSSWeb
15 May 2007, 14:55
Originally posted by CalloftheHauntedMaster What code exactly is supposed to prevent this?
Code:
if isReadOnly(Forum_ID,MemberID) = 1 then Go_Result "Your access to this forum is read-only" end if
<
CalloftheHauntedMaster
15 May 2007, 16:14
Nope, this code doesn't prevent the problem.
Let me give you an example.
Go here: http://www.schoolofduel.com/bbs/forum.asp?forum_id=18
Log in as Username: Test Account Password: Snitz
Trying post while logged in, you can't. Now, log out and manually try to post where you enter your password and username separately each time when prompted. Then, you can still post all you want. How can this be fixed?<
Jezmeister
15 May 2007, 16:24
Ah I see, because the login isn't done "properly" and is instead processed by post_info.asp you need to add a second check for usergroup which is usually done in inc_header (because at the time there's no member ID) try this (edit, this should work, I think, note I'm assuming from code in this page and inc_header this is enough - i could be wrong but worth a shot)
in post_info find:
Code:
if not(IsNull(strSelectSize)) and strSelectSize <> "" then if strSetCookieToForum = 1 then Response.Cookies(strUniqueID & "strSelectSize").Path = strCookieURL else Response.Cookies(strUniqueID & "strSelectSize").Path = "/" end if Response.Cookies(strUniqueID & "strSelectSize") = strSelectSize Response.Cookies(strUniqueID & "strSelectSize").expires = dateAdd("yyyy", 1, strForumTimeAdjust) end if
add this below:
Code:
if mLev < 1 and strDBNTUserName <> "" then 'Get userid from strdbntusername strSql = "SELECT * FROM "& strTablePrefix &"MEMBERS WHERE M_NAME='"& strDBNTUserName &"'" rsid = my_Conn.Execute(strSql) MemberID = rsid("MEMBER_ID") set rsid = nothing End if
<
CalloftheHauntedMaster
15 May 2007, 17:04
Tried it and it doesn't solve the problem...<
Jezmeister
15 May 2007, 17:17
ok, i've never actually used the usergroup mod before so it was a shot in the dark really, if someone else doesn't I'll try and have a proper look at it later, 2 exams in 2 days now though so I should probably concentrate on them heh
btw, it's not gonna be possible to allow the existing code to be used, due to the fact all the functions in inc_func_common are relying on cookies... I also don't quite understand how this works, or at least where the useful data is stored - is the allowed usergroups table confusingly named? the only way to do this is going to be a series of queries, starting off fairly easily... bah I'll have a go at this when I have some time to get to grips with whats doing what.<
CalloftheHauntedMaster
16 May 2007, 21:12
Good luck on your exams.
In terms of the mod, I would think that a username check via the database would be necessary.
Unlogged member is about to post. In post_info.asp, the code checks the username with the database. If it's not in there, the post proceeds since the person isn't even a member. However, if the username has a database field, then that field is cross-referenced with the usergroup(s) that member is in. Then, a simple permissions check for that usergroup based on the forum is in order. If there are limitations, the post is adjusted accordingly.<
PPSSWeb
16 May 2007, 21:31
Originally posted by CalloftheHauntedMaster Nope, this code doesn't prevent the problem.
Ah, I see now. I didn't understand and test your setup properly. All of my forums are configured as restricted (Registration Required with all forums Auth Type set to Members Only or Allowed Members List). Therefore a non-logged in user can not even view let alone access the forum. <
PPSSWeb
17 May 2007, 09:14
Now that I understand the problem better, I can reproduce it too. Unfortunately the code addition suggested above by Jezmeister did not fix it. I do however get a EOF error if I try posting with a username that does not exist in the database.<
PPSSWeb
17 May 2007, 10:42
Ok, so the code posted above does work! At least I think it does. Just not where it was said to add it. Instead add it to the same location in Post.asp.
If the user is not logged in, the new code returns MemberID = -1. But nothing in the usergroups mod is set to check for this, so you need to add that bit too.
A little further down the page in Post.asp find:
Code:
'####### Begin UserGroup MOD ####### if isDeniedMember(strRqForumID,MemberID) = 1 then Go_Result "You have been denied access to this forum" end if if isReadOnly(strRqForumID,MemberID) = 1 then Go_Result "Your access to this forum is read-only" end if '####### End UserGroup MOD #######
and replace it with:
Code:
'####### Begin UserGroup MOD ####### If MemberID < 1 Then Go_Result "You must be logged in to Post to this forum" End IF if isDeniedMember(strRqForumID,MemberID) = 1 then Go_Result "You have been denied access to this forum" end if if isReadOnly(strRqForumID,MemberID) = 1 then Go_Result "Your access to this forum is read-only" end if '####### End UserGroup MOD #######
Someone please check this and see if the two parts combined fix the problem. Thanks<
Jezmeister
17 May 2007, 11:12
That would solve the issue, I was avoiding doing that as it removes the option to post one off while not logged in which may well not be desirable.<
PPSSWeb
17 May 2007, 13:53
I agree there has to be a better way, but this is all I could think of at the time.
I guess you could add generic member to the database. Then add a line to modify the MemberID if the DB query returns -1.
Something like:
Code:
if mLev < 1 and strDBNTUserName <> "" then 'Get userid from strdbntusername strSql = "SELECT * FROM "& strTablePrefix &"MEMBERS WHERE M_NAME='"& strDBNTUserName &"'" rsid = my_Conn.Execute(strSql) MemberID = rsid("MEMBER_ID") set rsid = nothing If MemberID = "-1" Then MemberID = "<Generic User ID>" End If
End if
Then you could restrict that account however you like via the UserGroups Admin functions. Does that make it any better, or just more confusing? Scratch that, the above idea doesn't work. Of course, it seems that the addition Jezmeister mentioned above doesn't seem to add anything. The MemberID seems to return -1 with or without this code for guests for me.<
PPSSWeb
17 May 2007, 14:53
Is there a way to add a default user to the Members database with an ID of -1 and Mlev of 0 that could be used in the Usergroups to specify permissions for users that are not logged in?<
Jezmeister
17 May 2007, 15:08
there is a better way about this ;) it's the use of lots of queries in post_info.asp based on strDBNTUserName to detect usergroup... it's just relatively a lot of work. Etymon has also suggested the use of Huws old posting restrictions mod alongside the usergroups mod to do it... i have a copy just don't have time to do anything at the moment.
the reason there will be no quick way to fix post_info is because the entirity of the usergroups mod on the end of the user is based on cookies, when you post with that method the cookie isn't there and thus the usergroups mod is useless as it is.<
CalloftheHauntedMaster
17 May 2007, 15:12
PPSSWeb, the fix you provided works, and it also prohibits all non-logged in posting, as Jezmeister said.
However, that might not be such a bad thing either.<
AnonJr
17 May 2007, 15:33
Actually, if you're going through all the work of installing the UserGroup MOD to refine permissions, it wouldn't be a bad idea at all to prohibit users from posting if they are not logged in. Esp. if you tie anything else into the UserGroup permissions.
I've found that being able to post without logging in creates some other interesting issues better discussed at another time in another thread. <
CalloftheHauntedMaster
17 May 2007, 15:39
Works for me. I can finally use the temp forum ban feature without all these bypasses. <
PPSSWeb
17 May 2007, 16:01
Originally posted by CalloftheHauntedMaster Works for me.
Glad I could help then. <
secretsquirrel
19 June 2007, 12:40
Glad my topic gave you something to think over
My forum is restricted to members only so its ok here but it would be funny if it was done so anyone trying to get around the ban and making a post get a warning that the attempt has been detected, email sent to admin and ban extended by a further week lol <
Pretty please?<
<
<
<