Gossamer Forum
(Advanced Search)
for
Home : Products : Gossamer Links : Version 1.x :

Tricky User access issues => Forum Script

Jul 14, 2001, 10:25 AM
Stealth
Veteran (17240 posts)
Stealth's avatar
Jul 14, 2001, 10:25 AM
Post #1 of 2
Views: 2986
Shortcut
Quote Reply
Tricky User access issues => Forum Script
Okay...the forum script is coming along nicely, well, for the most part...I know am adding levels of security into the script, like Moderator access, and also adjusting views of posts/replies in the PRIVATE forums....

I have a few Private forums where I am trying to only allow posters to view their posts and replies from site administrators and moderators (technical support, trouble ticket posting forum)...

I am using the following codes:

index.cgi --> Forum script

Code:

if ((defined $USER) and ($USER->{UserID} eq $posterid) and ($forumstatus eq 'Private')) {
$post_list .= &site_html_post_menu_link ({$postrec});
}
else {
$no_posts .= qq|<span class="boldredtext">You have not posted any items in this forum or you are not logged in.</span>|;
}
}
$forum .= &site_html_showforum_link ({ForumID => $forumid, ForumName => $forumname, ForumPerm => $forumperm, No_Posts => $no_posts, Post_List => $post_list});


showforumlink.html --> Show topics in forum

Code:

<%if No_Posts%>
<%No_Posts%>
<%endif%>
<%if Post_List%>
<tr bgcolor="00009c">
<td valign="top" width="40%">
<span class="subwhiteheader">Subject</span>
</td>
<td valign="top" width="20%">
<span class="subwhiteheader">Poster</span>
</td>
<td valign="top" width="10%">
<span class="subwhiteheader">Views</span>
</td>
<td valign="top" width="10%">
<span class="subwhiteheader">Replies</span>
</td>
<td valign="top" width="20%">
<span class="subwhiteheader">Last Updated</span>
</td></tr>
<%Post_List%>
<%endif%>


Now, what happens is that no matter if the user is logged in or not, the top header row of the Post_List tag table shows up....

Any thoughts on what codes I am missing???

Thanks.

Regards,

Eliot Lee Wink
http://anthrotech.com/
Jul 14, 2001, 11:12 AM
Stealth
Veteran (17240 posts)
Stealth's avatar
Jul 14, 2001, 11:12 AM
Post #2 of 2
Views: 2885
Shortcut
Quote Reply
Re: Tricky User access issues => Forum Script In reply to
Welp, figured this one out myself...Wink (feel like Karen who posts something and then figures out quickly)...hehe!

Anyway...here is what I used in the forum script for anyone interested who may come across this problem in the future (which is what all GT product users should do when the problem is solved)...

In Reply To:

if ((defined $USER) and ($forumstatus eq 'Private')) {
$sti = $FORUMPOSTSDB->prepare ("SELECT * FROM Forum_Posts WHERE (ForumID = $forumid) AND (PostParentID = '0') AND (PosterID = $USER->{UserID}) ORDER BY Add_Post");
}
elsif ((!defined $USER) and ($forumstatus eq 'Private')) {
my $encurl = &Links::DBSQL::encode ("$CUSTOM{build_forum_url}?$ENV{'QUERY_STRING'}");
print $in->redirect("$CUSTOM{build_login_url}?to=$encurl") and return;
}
else {
$sti = $FORUMPOSTSDB->prepare ("SELECT * FROM Forum_Posts WHERE (ForumID = $forumid) AND (PostParentID = '0') ORDER BY Add_Post");
}


Basically, what these codes does is checks to see if the user is logged in and if the forum is PRIVATE. If the user is logged in and if the forum is PRIVATE, then the user can access their posts and only their posts (note the additional WHERE clauses in the first IF statement), if the user is not logged in and it is a PRIVATE forum, then they are redirected to the login form with the query string carried from the forum script, if the forum is PUBLIC, then the regular SQL statement is used to pull posts for that forum.

Very cool...with flat files, I would've spent days figuring out how to fix this...thank g-d for SQL based products, like MySQL! Wink

Sorry for the waste of forum space and my brainfart...I should've remembered that conditions should be controlled at the SQL statement level and not at the Perl code level.

Regards,

Eliot Lee Wink
http://anthrotech.com/