General Support2 edb Sep 15, 2005 17:29
b2evolution CMS Support Forums- b2evolution Support
- General Support
- Limit "Profile" access
1 mbrumley Sep 15, 2005 15:12
3 mbrumley Sep 15, 2005 18:36
I tried this...but I am a PHP dummy.
<fieldset>
<legend><?php echo T_('User') ?></legend>
<?php
if( $allowed_to_edit )
if( $current_User->Group->get('ID') == 1 ) {
form_text( 'edited_user_login', $edited_User->dget('login', 'formvalue'), 12, T_('Login'), '', 12 );
} else {
form_info( 'edited_user_login', $edited_User->dget('login', 'formvalue'), T_('(You can NOT change this field. Contact the admin for additional info.)') ); ?>
<input type="hidden" name="edited_user_login" value="<?php echo $edited_User->dget('login', 'formvalue') ?>" />
<?php }
if( $current_User->Group->get('ID') == 3 ) {
form_text( 'edited_user_firstname', $edited_User->dget('login', 'formvalue'), 12, T_('Login'), '', 12 );
} else {
form_info( 'edited_user_firstname', $edited_User->dget('login', 'formvalue'), T_('(You can NOT change this field. Contact the admin for additional info.)') ); ?>
<input type="hidden" name="edited_user_firstname" value="<?php echo $edited_User->dget('login', 'formvalue') ?>" />
<?php }
{
form_text( 'edited_user_login', $edited_User->dget('login', 'formvalue'), 20, T_('Login'), '', 20 );
form_text( 'edited_user_firstname', $edited_User->dget('firstname', 'formvalue'), 20, T_('First name'), '', 50 );
form_text( 'edited_user_lastname', $edited_User->dget('lastname', 'formvalue'), 20, T_('Last name'), '', 50 );
form_text( 'edited_user_nickname', $edited_User->dget('nickname', 'formvalue'), 20, T_('Nickname'), '', 50 );
?>
This doesn't work. In this example, I was trying to disable changing login ID and first name. If this worked I was going to continue with the fields I want to lock. The user ID doesn't seem to be a problem...I think it can only be modified in the admin section.
4 edb Sep 15, 2005 19:28
You are correct: the user ID can not be changed. In fact if you delete a user no one will ever have that user ID again. One thing I see in your code is that you are saying "if the user is in group 3 then let them change the first name". BTW I was wrong when I refered to my hack as being only user ID #1 - my hack allows anyone in group #1, which is typically the admin group, to change the field.
Try this instead:
form_text( 'edited_user_login', $edited_User->dget('login', 'formvalue'), 20, T_('Login'), '', 20 );
form_text( 'edited_user_firstname', $edited_User->dget('firstname', 'formvalue'), 20, T_('First name'), '', 50 );
form_text( 'edited_user_lastname', $edited_User->dget('lastname', 'formvalue'), 20, T_('Last name'), '', 50 );
form_text( 'edited_user_nickname', $edited_User->dget('nickname', 'formvalue'), 20, T_('Nickname'), '', 50 );becomes
if( $current_User->Group->get('ID') == 1 ) {
form_text( 'edited_user_login', $edited_User->dget('login', 'formvalue'), 12, T_('Login'), '', 12 );
form_text( 'edited_user_firstname', $edited_User->dget('firstname', 'formvalue'), 20, T_('First name'), '', 50 );
} else {
form_info( 'edited_user_login', $edited_User->dget('login', 'formvalue'), T_('(You can NOT change this field. Contact the admin for additional info.)') );
form_info( 'edited_user_firstname', $edited_User->dget('firstname', 'formvalue'), T_('(You can NOT change this field. Contact the admin for additional info.)') ); ?>
<input type="hidden" name="edited_user_login" value="<?php echo $edited_User->dget('login', 'formvalue') ?>" />
<input type="hidden" name="edited_user_firstname" value="<?php echo $edited_User->dget('firstname', 'formvalue') ?>" />
<?php }
form_text( 'edited_user_lastname', $edited_User->dget('lastname', 'formvalue'), 20, T_('Last name'), '', 50 );
form_text( 'edited_user_nickname', $edited_User->dget('nickname', 'formvalue'), 20, T_('Nickname'), '', 50 );to lock down both login name and first name. To also lock down the last name use this
if( $current_User->Group->get('ID') == 1 ) {
form_text( 'edited_user_login', $edited_User->dget('login', 'formvalue'), 12, T_('Login'), '', 12 );
form_text( 'edited_user_firstname', $edited_User->dget('firstname', 'formvalue'), 20, T_('First name'), '', 50 );
form_text( 'edited_user_lastname', $edited_User->dget('lastname', 'formvalue'), 20, T_('Last name'), '', 50 );
} else {
form_info( 'edited_user_login', $edited_User->dget('login', 'formvalue'), T_('(You can NOT change this field. Contact the admin for additional info.)') );
form_info( 'edited_user_firstname', $edited_User->dget('firstname', 'formvalue'), T_('(You can NOT change this field. Contact the admin for additional info.)') );
form_info( 'edited_user_lastname', $edited_User->dget('lastname', 'formvalue'), T_('(You can NOT change this field. Contact the admin for additional info.)') ); ?>
<input type="hidden" name="edited_user_login" value="<?php echo $edited_User->dget('login', 'formvalue') ?>" />
<input type="hidden" name="edited_user_firstname" value="<?php echo $edited_User->dget('firstname', 'formvalue') ?>" />
<input type="hidden" name="edited_user_lastname" value="<?php echo $edited_User->dget('lastname', 'formvalue') ?>" />
<?php }
form_text( 'edited_user_nickname', $edited_User->dget('nickname', 'formvalue'), 20, T_('Nickname'), '', 50 );
Now only members of the admin group can change the login name, the first name, or the last name. The individual can change only their nickname. By the way I pulled a bunch of tabs out of the beginning of the lines just to facilitate seeing the code. As a rule tabs don't matter - they are there to help you follow the logic.
PHP isn't very hard to figure out. Basically it's just another way to express logical statements and call functions. It can read from and write to a database, as well as generate HTML pages based on what the logic and functions dictate. Finally, you get to mix html with your php code. Thus you need to pay close attention to where you have <?php and ?> in your lines, as those bits tell the server "okay do the php thing - oh wait stop doing php".
Hopefully you are using a semi-smart editor - something that gives you color codes similar to how the PHP blocks are being highlighted here. That little gimmick really helps you make sure you are starting and stopping php at the right points. If not I recommend HTML-Kit (google it) for this. They have a free version that I happen to like. There are many "syntactically aware" editors out there though.
PHP gets confusing when you jump into a big giant program and start hacking with zee-row experience backing you up, but I think most folk can get by. For example the lines "form_text( blah blah )" and "form_info( blah blah )" must mean something, right? Is it critical to know what all the parameters (the blah blah part) mean? Nope! Is it easy to figure that stuff out? Sort of... Check out this [url=http://doc.b2evolution.net/0.9.0/elementindex_evocore.html]technical documentation[/url] if you're into it. Click the letter that your function starts with, then scroll down until you see your function name and click it. [url=http://doc.b2evolution.net/0.9.0/evocore/_blogs_b2evocore__functions_forms_php.html#functionform_text]form_text[/url] has a lot of parameters, but [url=http://doc.b2evolution.net/0.9.0/evocore/_blogs_b2evocore__functions_forms_php.html#functionform_info]form_info[/url] is pretty simple-looking. Ultimately that'll only matter if you decide a deeper understanding of this program will help you set every detail of your installation the way you want.
5 mbrumley Sep 15, 2005 19:59
Thanks for the great reply. I am trying it now and will get back to you.
I am using Dreamweaver to do the edits. I look forward to learning more about PHP.
6 mbrumley Sep 15, 2005 20:39
Well..I still can't get that to work. I copied and pasted it in. I am wondering if I am in the right place. Should I be trying to modify htsrv/profile_update.php instead?
When I login as a student, I can still go to "profile" and change everything.
Forgive me...I promise I will learn!
7 edb Sep 15, 2005 21:10
mbrumley wrote:
... When I login as a student, I can still go to "profile" and change everything ...
AAARRRGGGHHHHHH!!!!!
You just pointed out that a multi-user installation I thought I was ready to unleash on the universe is critically flawed. Oh and a hack I published.
There are two ways in to your profile: the profile link, and the users tab in the back office. I've been thinking ONLY of the users tab in the back office. The profile link uses a different file, as you've discovered. The file you referenced is not where you'll want to be looking. Check out your skins/skinname/_profile.php file and see if it is really short, or really long. Short ones end with "require get_path('skins').'/_profile.php';". If it's a short one, then go to skins/_profile.php and you'll see the longer version.
Briefly, the short files do 'decorator' stuff and the long files actually make the page happen - that's pretty much how b2evolution makes different skins work. Also you can take the long one and put all the content into the short one, thus allowing one skin to be totally different from other skins.
Back on track: when you look at the longer _profile.php file you will see code very similar to what you were doing in the _user_form.php file. I don't have time right now to tweak that file, but it looks pretty similar so the same type of hackage *should* get you where you want to be.
Another alternative is, assuming your students can access the back office and see their user profile, just remove the link to "profile" from the main page. To do that find and remove "user_profile_link( '<li>', '</li>' );" in (and from) your skin's _main.php file. Actually all skins if you're allowing skin switching.
Sorry 'bout that! I gotta get busy on my stuff! I'm going to just yank the profile link myself since I know my users will be able to access that tab when they go to the admin area.
8 mbrumley Sep 15, 2005 22:54
Thanks!
This works like a charm. I appreciate your help...I never would have discovered it.
MBrumley
Yup, but I tell ya what: I'll post something soon over in plugins and hacks just so's big hacks stay where they belong. No wait that's silly. I'll give you how to do one bit here, and hopefully you'll be able to see the way to get it done with all the fields you want to change.
Let's say you don't want them to change their login name. I did that one recently, so it's the easiest for me to drop in here. Also let's say you're The Admin (ID #1), so we're going to make sure you and only you will be allowed to change that field. Crack open admin/_user_form.php and look for something that looks suspiciously like this:
Now make it be the same. The part that's not in your file is
What that's doing is saying "if user #1 is out there show them the field and let them edit it, otherwise show them the value of the field but not in an editable format and also make up a hidden input that we'll submit with the form so the original info becomes the new info". It talks in run-on sentences like that. Not me!
Anyway that's the basic trick you'd want to use all the way down the page for lots of different fields. Now I see where you only want ONE thing changeable. Same trick applies, just do it on a bigger scale. In the block above you can put firstname and lastname (with additional hidden inputs) inside the else part of your "if it's not me" bit. Unfortunately not every field is as easily altered like that one is. form_text to form_info is easy - other things are similar but different. Ask if you get stuck somewhere.