Hide Memberlist

This forum is now closed as part of retiring phpBB2
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

This forum is now closed due to phpBB2.0 being retired.
User avatar
570thusaag
Registered User
Posts: 122
Joined: Thu May 19, 2005 1:44 am

Hide Memberlist

Post by 570thusaag »

Is there any way to hide a memberlist from the "guests"?

I have looked around a bit, and can't seem to find a way to do this (config, searched here, etc...)

What I really want is not so much to hide the memberlist, but rather to make it impossible for anyone that is not registered to email someone from that list, and I don't want to disable email between members.

I know this might sound like a mod request, but it isn't - first I am trying to find out if there is a way to do this in the reg php stock program.

Thanks!

Wo1f
Registered User
Posts: 2039
Joined: Fri Jan 28, 2005 3:20 am

Post by Wo1f »

Hello 570thusaag!

You could manually adjust "index_body.tpl" to hide access to the memberlist when a visitor is not logged in, by moving the
"<!-- BEGIN switch_user_logged_out -->" and "<!-- END switch_user_logged_out -->"
switch to include or exclude what you want. BUT, there is a simple solution to your specific question, and yes it's a mod.
Works as advertized and bonus to boot... on v2.0.16!

Hope this helps!
Wolf

User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29253
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Post by Marshalrusty »

This will redirect all non registered members to the login page.

Open up memberlist.php

Find:

Code: Select all

init_userprefs($userdata);
After add:

Code: Select all

if ($userdata['user_id'] == ANONYMOUS)
{
	redirect(append_sid('login.'.$phpEx));
}
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

Wo1f
Registered User
Posts: 2039
Joined: Fri Jan 28, 2005 3:20 am

Post by Wo1f »

Marshalrusty wrote: This will redirect all non registered members to the login page.

Open up memberlist.php

Find:

Code: Select all

init_userprefs($userdata);
After add:

Code: Select all

if ($userdata['user_id'] == ANONYMOUS)
{
	redirect(append_sid('login.'.$phpEx));
}


And that's... a SECURITY risk!! which has been identified in the mod thread that I mentionned above.

replace with:

Code: Select all

redirect(append_sid("login.$phpEx?redirect=memberlist.$phpEx", true));
Regards
Wolf

User avatar
570thusaag
Registered User
Posts: 122
Joined: Thu May 19, 2005 1:44 am

Post by 570thusaag »

Much thanks to you all- I am using the mod suggested (I had seen it before) coupled with Forum Permissions... things are working out just the way I was hoping they would.

Thanks again.

Wo1f
Registered User
Posts: 2039
Joined: Fri Jan 28, 2005 3:20 am

Post by Wo1f »

Your welcome! :wink:

User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29253
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Post by Marshalrusty »

Wo1f wrote: And that's... a SECURITY risk!! which has been identified in the mod thread that I mentionned above.


How is that a security risk? I failed to find that in the thread

This I want to hear
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

User avatar
noth
Registered User
Posts: 2481
Joined: Fri Jan 07, 2005 7:10 pm
Location: North Surrey
Contact:

Re: Hide Memberlist

Post by noth »

570thusaag wrote: What I really want is not so much to hide the memberlist, but rather to make it impossible for anyone that is not registered to email someone from that list, and I don't want to disable email between members.


570 - you mean - you think that a guest can email a registered user?

That has never been the case since 2.0.5 at least 8O

I can't believe that every other poster on this thread has missed this basic point

User avatar
570thusaag
Registered User
Posts: 122
Joined: Thu May 19, 2005 1:44 am

Re: Hide Memberlist

Post by 570thusaag »

noth wrote: 570 - you mean - you think that a guest can email a registered user?

That has never been the case since 2.0.5 at least 8O

I can't believe that every other poster on this thread has missed this basic point


Well- I can't go back (or won't put the effort into going back-I've already modded past that) to prove that point wrong or right... but I know they could veiw the memberlist, and I know all of the buttons for AIM and YIM and Email showed up... I never tried to email anyone from it... I just assumed you could, and I am about 100% certain that they could.

Wo1f
Registered User
Posts: 2039
Joined: Fri Jan 28, 2005 3:20 am

Post by Wo1f »

Marshalrusty wrote: How is that a security risk? I failed to find that in the thread

RTT - on page 7. Also, in the latest version package:

Code: Select all

2005-05-21 - Version 1.0.8
##	  - Security risk fixed: use values instead of QUERY_STRING for redirect.
From which version did you copy that snippet in your first post?

Peace
Wolf

Wo1f
Registered User
Posts: 2039
Joined: Fri Jan 28, 2005 3:20 am

Re: Hide Memberlist

Post by Wo1f »

noth wrote: 570 - you mean - you think that a guest can email a registered user?

That has never been the case since 2.0.5 at least 8O


Please feel free to correct me. I installed the mod in question a while back for many reasons, and because I noticed that guests could access a member's viewprofile and pick up whatever info was there. Whether through the memberlist or who's online for example, it certainly did not stop me from grabbing a member email.

Regards,
Wolf

User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29253
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Post by Marshalrusty »

I didn't take that piece of code from anywhere. I've been using that for a year or so :wink:

Unless I am VERY MUCH mistaken, there is no way that can cause a security hole. It is simply standard code. There is nothing there
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

Wo1f
Registered User
Posts: 2039
Joined: Fri Jan 28, 2005 3:20 am

Post by Wo1f »

Marshalrusty wrote: Unless I am VERY MUCH mistaken, there is no way that can cause a security hole. It is simply standard code. There is nothing there


It might be a good idea to inform the mod author, so the code could be revised in it's shorter form and we could all save some bandwidth - if it's not a security risk.

Regards,
Wolf

User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29253
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Post by Marshalrusty »

His problem. And he knows better, since it's his MOD.

Perhaps that is not what he meant when he said security risk failed

I haven't looked at the MOD so idk. There could be a reason why he did it his way. THere probably is
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

Wo1f
Registered User
Posts: 2039
Joined: Fri Jan 28, 2005 3:20 am

Post by Wo1f »

Marshalrusty wrote: His problem. And he knows better, since it's his MOD.

I'll see if I can get his attention and contribution to this thread. I take security very seriously as I'm sure you do also.

Marshalrusty wrote: Perhaps that is not what he meant when he said security risk failed

Speculation...

Marshalrusty wrote: I haven't looked at the MOD so idk. There could be a reason why he did it his way. THere probably is

It's a very simple mod (but also very efficient) that can be installed in a few minutes with one hand tied behind your back. :wink:

Regards,
Wolf

Post Reply

Return to “[2.0.x] MOD Requests”