Forums

Hi,

On my site I do not want non-registered users to see any part of the forum, neither are they allowed to see the names of the users. I'm quite sure that I've set the access settings in ChronoForums ok, and of course I've set the menu item for the forum to access: Registered.

Yet by chance I discovered that a non-registered user can view the forum index and one level below, by forging this type of url's:

/component/chronoforums
/component/chronoforums/forums/f1/tips-tricks

In these views you can see the subjects of the forum topics and the names of users. This is a major issue for me as complete privacy on this point is one of the most important requirements for this site.

I hope you can help me to solve this.

By the way: I discovered this when clicking on the link in a notification mail while not being logged in. Then the system came up with this /component/chronoforums url.

Frits

Hi Frits,

Again the new update has full access permissions which should solve this issue.

Regards,
Max

Thanks for your reply. Looking forward to the new update.

Also I'd like to let you know that I included ChronoForums in a new project proposal. I really do like the extension as it is so much easier to understand than most other forum components. There's just some details that need to be solved.


Kind regards, Frits

Hi Max,

Just installed the update. This issue is solved now, thanks.


Frits

Sorry, I posted several topics and my reply was intended for a different topic.

This topic seems to be solved only partially: I cannot view the forum index any longer, but the handling is not very sophisticated. On some browsers I get an ugly error about too many redirects, while others just return a blank page.


Frits

Hi Frits,

Did you enable the "redirect to login" page setting under the "Settings" ? please keep this disabled, save your settings, logout/login at the frontend and try again and let me know!

Regards,
Max

Hi,

I found the "Auto login redirect" parameter, it was set to No already. Tried enabling and disabling again just to make sure, but this made no difference.


Kind regards, Frits

Ok, are you sure that you have the access permissions setup correctly ? for basic testing please make sure that "Public" group is set to "Allowed" and all other groups to "inherited", this should be the case under the main "Permissions" section, you should also keep the "Distinct permissions" setting disabled.

Let me know!

Regards,
Max

Hi Max,

I've set all options for both Public and Guest to 'Allowed' but the issue remains.

If it was only for users who intentionally try to get access to the forum then it would not be an issue at all. But as I wrote, I also get this url /component/chronoforums when clicking on a link in a notification mail when not being logged in.

Frits

Hi Frits,

I need admin access to check this myself, please send using the "Contact us" page.

Regards,
Max

You have mail.

Frits

Hi Max,

In your mail, you referred to this topic and the solution as described there:
http://www.chronoengine.com/forums/posts/t98319/p340487/redirect-loops.html#p340487

The default user group for not logged-in users on this site was set to Guest. If I follow the steps as described in the other topic, and I set the default guest group to Public, it does solve the redirect loops. However it seems to me that this also makes it impossible to reach the situation that I am after, namely: hiding any information about the titles of the topics and the names of the members to the non-registered public. Because, as soon as I set "Display/Access the forums" to Allowed for the user group Public, they can see this information when following the link /component/chronoforums/ or any deeper link that starts with this path, like /component/chronoforums/forums/f1/tips-tricks

I just tried to redirect this path to my menu item for ChonoForums, which is /forum, as entering this url results in a correct message about the user not being logged in. I tried redirecting using Joomla's core redirects component; however this did not work.

The default user group for not logged-in users on this site was set to Guest.

PS In case you would log in to the site in order to investigate this issue, please note that I had to set it to Guest again, as there is some other functionality on the site that depends on this.

Kind regards, Frits

Hi Frits,

Ok, please try this:

#1- set "public" to "not set"

#2- set "guest" to "allowed"

What happens now when you go to forum link when not logged in ?

Regards,
Max

Hi Max,

This helped to get it working with Guest instead of Public. However, I still have this issue:

- if I set the permissions for Guest to "Display/Access the forums" to: Allowed, then they can see the topic titles and user names;
- if I set permissions for Guest to "Display/Access the forums" to: Not Set, then the redirects loop occurs.


Kind regards, Frits

Ok, by default there should be no redirect loop, this is an issue which should be fixed, I have it on the todo list and I can send you a patch by email.

But a solution to this now is to keep the guest set to allowed in the global permissions, then go to "Settings" and enable "Distinct permissions", then under each of your forums you can enable the permissions and configure it, that would block this specific forum from appearing.

Please test this and let me know!

Regards,
Max

Hi Max,

It takes a bit more work but it is ok now indeed! At present, you'll get the ChronoForums page but no forums or topics are shown. Instead, there's a message which I intend to customize so people will understand that they'll have to log in. See my screenshot.

Of course it would be even better if we would get the default Joomla page that tells you that you need to log in, instead. I hope that the patch will do that? Yet for now this is a good workaround.


Thanks for your help,

Kind regards, Frits

[attachment=0]OptiekMarktplaats.png[/attachment]

Hi Frits,

Normally you should get the same message if the forums access is blocked using the main permissions area, and you should be redirected to login if you have the redirect to login" setting enabled, I will test this and prepare a patch.

Regards,
Max