Forums

ChronoForms v8 is now WordPress ready, ChronoMails is out

The JED needs volunteers!

How to restrict visibility and use of the form to logged-on users?

ChronoForms v7
Ha
Hannon 11 Mar, 2022
I only want my form to be visible & usable once users have logged on.

It looks as though this should be possible using the ACL Profile options to the form settings, but they don't seem to be working?
  1. Under the form's 'Settings' -> 'Advanced Settings' I've added an ACL Profile.
  2. I've added 'Super Users' to allowed, and I've added all other categories of user to 'denied'
  3. And under 'ACL Apply ACL rules to the whole form' I've added the custom profile to 'Select the ACL profile to activate.
...And yet anyone can view and submit the form.

I guess I've missed something again - but what?

I've searched the forum for threads mentioning ACL profiles and can't find anything...
Ha
Hannon 12 Mar, 2022
Well I don't yet have a solution but, since back-end access is the priority, I have a temporary workaround.

I've added a module to the Admin Dashboard, with a link to the Admin URL, using the extension 'Custom Quick Icons'. The front-end form URL has been redirected to make it inaccessible.

It would be good to know the proper way of doing this though.
Ha
Hannon 13 Mar, 2022
The regex to secure the front-end has defeated me, so I'm currently unable to deploy the form, while further investigation has lead me to file a bug report.
Gr
GreyHead 13 Mar, 2022
Hi Hannon,

I would expect to do this using an Event Switcher in the form On Load action. In the Switcher check the User ID, if it's not set, i.e. the User is not logged in, then display an error message, otherwise display the form.

Bob
Ha
Hannon 13 Mar, 2022
Hi Bob

Thanks for replying.

Unfortunately there doesn't appear to be an events switcher in V7?

I presume that 'Page Loader' has replaced 'On Load', but the only thing there that looks potentially of use is 'Local Permissions'. Even with permissions set to 'allowed' it always blocks back-end form access with the error 'Call to undefined method G3\L\Joomla\App::access()', while - depending on the query string being tested, it blocks front-end form access either with the same message, or with the on-page message 'Error, form alias is empty!'

Any other ideas welcome...
Ha
Hannon 15 Mar, 2022
For anyone else needing a temporary workaround to block front end access (but without fine-grained back-end control), here's some .htaccess code that will redirect attempts to access a form from the front end to the back, allowing Joomla to redirect any non-logged-on users to the home page:

RewriteEngine on

# Redirect everything to http://www to avoid the check being bypassed
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

# Intercept form access attempts & ensure they're sent to the back-end (for form my-form-alias)
RewriteCond %{QUERY_STRING} (^|&)option\=com_chronoforms7($|&)
RewriteCond %{QUERY_STRING} (^|&)chronoform\=my-form-alias($|&)
RewriteRule ^index\.php$ http://www.mysite.com/administrator/index.php?option=com_chronoforms7&cont=manager&chronoform=my-form-alias [R=301,L]
You need to login to be able to post a reply.