I created a report from a database using Chronoforms and wanted to keep the report out of prying eyes. So, I created a redirect URL in a simply named directory that would open the Chronoforms report and set up password protection for the directory with the redirect URL.
Somehow, the Yahoo search engine was able to access the redirect URL and reveal my report to the world. Does anyone have an idea how this could happen?
Somehow, the Yahoo search engine was able to access the redirect URL and reveal my report to the world. Does anyone have an idea how this could happen?
Hi rstevens,
I'm not sure what you mean by a report in a directory and redirect urls.
Why not just protect the Form by checking the user id?
Bob
I'm not sure what you mean by a report in a directory and redirect urls.
Why not just protect the Form by checking the user id?
Bob
I am not sure what you mean be checking the user id. How do I do that?
When I am in Chronocontact, all the forms have a URL that I can click on to see the form, or the report in this instance. I wanted just one person to be able to see that report, so I put the URL to the report in an index.html file that brought up the report. I wanted to give the person that would see the report a shorter URL than the Chronocontact URL, so I made a short name for a directory and put the index file in the directory. I then set up password protection for the directory, so the redirection would not take place until the correct username and password were entered.
When I am in Chronocontact, all the forms have a URL that I can click on to see the form, or the report in this instance. I wanted just one person to be able to see that report, so I put the URL to the report in an index.html file that brought up the report. I wanted to give the person that would see the report a shorter URL than the Chronocontact URL, so I made a short name for a directory and put the index file in the directory. I then set up password protection for the directory, so the redirection would not take place until the correct username and password were entered.
Hi rstevens,
Protecting the short URL is fine - but does nothing to protect the long url. It's a bit like putting a copy of your front door key in the safe but leaving the original in the lock.
If you want to make a form available to a group of users or to one particular user then check the Users ID at the start of the form HTML and redirect if it's the wrong person. Search here on 'getuser' and you will find several examples.
Bob
Protecting the short URL is fine - but does nothing to protect the long url. It's a bit like putting a copy of your front door key in the safe but leaving the original in the lock.
If you want to make a form available to a group of users or to one particular user then check the Users ID at the start of the form HTML and redirect if it's the wrong person. Search here on 'getuser' and you will find several examples.
Bob
Thanks for the information. I searched for getuser, but have only found other notes from you to search for getuser. Lots of results for the search term.
The person I wanted to let see the report was not a registered user, and I did not want him to be a registered user. Is there anyway to guard against that type of situation?
I wonder why only Yahoo got the information and not Google or Bing. Any ideas?
The person I wanted to let see the report was not a registered user, and I did not want him to be a registered user. Is there anyway to guard against that type of situation?
I wonder why only Yahoo got the information and not Google or Bing. Any ideas?
Hi rstevens,
I would use
Bob
I would use
<?php
if ( !$mainframe->isSite() ) { return; }
$user =& JFactory::getUser();
if ( $user->id != 999 ) {
$mainframe->redirect('index.php');
}
?>Bob
After a bit of googling, I tried the following so that I could restrict access to a group that I had created but alas I got a 500 error.
Obviously got it wrong
<?php
if ( !$mainframe->isSite() ) { return; }
$userGroups = $user->get('groups');
if (!array_search(9, $userGroups )) {
$mainframe->redirect('index.php');
}
?>Obviously got it wrong
Ok, got it sorted :-)
<?php
if ( !$mainframe->isSite() ) { return; }
$user = JFactory::getUser();
$groups = $user->get('groups');
if (!array_search("9", $groups)) {
$mainframe->redirect('index.php');
}
?>
Hi rcadmin,
The Authenticator action now includes the ability to limit access by group; and so does my Watchman action.
Bob
The Authenticator action now includes the ability to limit access by group; and so does my Watchman action.
Bob
This topic is locked and no more replies can be posted.
