Forums

Implementing Form Permissions on Joomla 1.5 (ACL Tips)

mapme 17 Feb, 2012
Hi,

I have an older Joomla 1.5.25 site, with no real plans to upgrade as many of the main components are not yet compatible with Joomla 1.7 & 2.5.

I am using the Frontend User Access extension on this site (http://www.pages-and-items.com/extensions/frontend-user-access) so that I can control access to components to specific groups. It has been working 100% until now, as Chronoforms is only exposed to a specific group of members.

However I am now looking to open up Chronoforms to non-registered users so that everyone can submit a specific form on the site. The problem with that is now my restricted forms will also be available to everyone and the Front End User access component will not be functional.

Is there a direct Chronoforms method to stop people accessing specific forms? I can use Front End User Access to stop specific SEO-friendly links, but the direct Chronoforms URL could be grabbed through the source code: index.php?option=com_chronocontact&chronoformname=FROMTITLE if a malicious user wanted to share this out.

There are about 50 people who should only have access to the restricted forms - should these be hard coded using PHP to show them the form? If so, how?!?!

Any help is greatly appreciated.

Thanks a lot,
Brendan
GreyHead 18 Feb, 2012
Hi Brendan,

I put a snippet like this at the beginning of he Form HTML:
<?php
$user =& JFactory::getUser();
if ( !$user->id ) {
  $mainframe->redirect('index.php');
}
?>

That just redirects guests to the home page.

If you are using ChronoForms v3 then you have the Watchman plug-in which will do this (and more) for you.

Bob
mapme 18 Feb, 2012
Thanks Bob,
My problem with the ACL is that some registered members should see the form, and some shouldn't.
There is a field in my jos_users table called gid, where all members (apart from SuperAdmin) are valued at 18.

I checked that you can call the gid parameter into Joomla forms/content... is this gid elated to anything else? I looked up related tables, but couldn't see any relationship. Wondering if this is a row for this very purpose, to assign users to a certain group based on gid.

If This is the case then I can use a method you showed me recently to load the form from an external php file if the correct members load the URL. Otherwise an alternate "No permission" php message will load.

Any thoughts? the form is static anyway, so if I load this into an external PHP file then it will not really be touched afterwards anyway.

Thanks for your help.

Brendan
GreyHead 18 Feb, 2012
Hi Brendan,

The gid is the user Group ID - 18 for Registered and 19 for Authors, . . ..

The User Groups in Joomla! 1.5 a re pretty rigid and come with associated permissions that you can’t easily change.

If your access needs map neatly to Groups then use GID. Otherwise you can set custom user parameter (similar to the language and time-zone settings) and use that to identify different sub-groups of users. I wrote a lot of user stuff up for Joomla! 1.5 here including setting and reading user parameters.

Bob
mapme 18 Feb, 2012
Cheers Bob,
Just bought that PDF, much appreciated.
Brendan
This topic is locked and no more replies can be posted.