Admin-Only HTML Posting

This forum is now closed as part of retiring phpBB2.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

This forum is now closed due to phpBB2.0 being retired.
Post Reply
mbressman
Registered User
Posts: 49
Joined: Tue Sep 02, 2003 1:55 pm
Location: NJ/NYC
Contact:

Admin-Only HTML Posting

Post by mbressman »

Hi,

I wanted to be able to allow administrators to use HTML in their posts if they wanted, but no one else (since its my understanding that allowing HTML can be a greater security risk than not allowing HTML). To that end, I've made the following changes on my board and was wondering if someone could check them for me to see if I'm screwing anything else up or if this should work the way I want it to work (also please see below after the changes for three additional notes regarding these changes):

Please Note: This mod was developed for phpBB 2.0.4

Code: Select all

# 
#-----[ OPEN ]------------------------------------------ 
# 
posting.php

# 
#-----[ FIND ]------------------------------------------ 
# 
if ( !$board_config['allow_html'] )
{
	$html_on = 0;
}
else
{
	$html_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_html']) ) ? 0 : TRUE ) : ( ( $userdata['user_id'] == ANONYMOUS ) ? $board_config['allow_html'] : $userdata['user_allowhtml'] );
}

# 
#-----[ REPLACE WITH ]------------------------------------------ 
# 
if ( !$board_config['allow_html'] )
{
	$html_on = 0;
}
else
{
	if ($userdata['user_level'] == ADMIN) {
		$html_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_html']) ) ? 0 : TRUE ) : ( ( $userdata['user_id'] == ANONYMOUS ) ? $board_config['allow_html'] : $userdata['user_allowhtml'] );
	}
	else
	{
		$html_on = 0;
	}
}

# 
#-----[ FIND ]------------------------------------------ 
# 
if ( $board_config['allow_html'] )

# 
#-----[ REPLACE WITH ]------------------------------------------ 
# 
if ( $board_config['allow_html'] && $userdata['user_level'] == ADMIN)

# 
#-----[ OPEN ]------------------------------------------ 
# 
privmsg.php

# 
#-----[ FIND ]------------------------------------------ 
# 
	if ( !$board_config['allow_html'] )
	{
		$html_on = 0;
	}
	else
	{
		$html_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_html']) ) ? 0 : TRUE ) : $userdata['user_allowhtml'];
	}

# 
#-----[ REPLACE WITH ]------------------------------------------ 
# 
	if ( !$board_config['allow_html'] )
	{
		$html_on = 0;
	}
	else
	{
		if ($userdata['user_level'] == ADMIN) {
			$html_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_html']) ) ? 0 : TRUE ) : $userdata['user_allowhtml'];
		}
		else
		{
			$html_on = 0;
		}
	}

# 
#-----[ FIND ]------------------------------------------ 
# 
	if ( $board_config['allow_html'] )

# 
#-----[ REPLACE WITH ]------------------------------------------ 
# 
	if ( $board_config['allow_html'] && $userdata['user_level'] == ADMIN)

# 
#-----[ OPEN ]------------------------------------------ 
# 
templates/subSilver/profile_add_body.tpl

# 
#-----[ FIND ]------------------------------------------ 
# 
<tr> 
	  <td class="row1"><span class="gen">{L_ALWAYS_ALLOW_HTML}:</span></td>
	  <td class="row2"> 
		<input type="radio" name="allowhtml" value="1" {ALWAYS_ALLOW_HTML_YES} />
		<span class="gen">{L_YES}</span>&nbsp;&nbsp; 
		<input type="radio" name="allowhtml" value="0" {ALWAYS_ALLOW_HTML_NO} />
		<span class="gen">{L_NO}</span></td>
	</tr>

# 
#-----[ REPLACE WITH ]------------------------------------------ 
# 
<!--	<tr> 
	  <td class="row1"><span class="gen">{L_ALWAYS_ALLOW_HTML}:</span></td>
	  <td class="row2"> 
		<input type="radio" name="allowhtml" value="1" {ALWAYS_ALLOW_HTML_YES} />
		<span class="gen">{L_YES}</span>&nbsp;&nbsp; 
		<input type="radio" name="allowhtml" value="0" {ALWAYS_ALLOW_HTML_NO} />
		<span class="gen">{L_NO}</span></td>
	</tr>-->

# 
#-----[ SAVE & CLOSE ALL FILES ]-------------------------- 
# 
# 
#-----[ ADMINISTRATOR CONTROL PANEL ]------------------- 
#
you will need to go into the Administrator Control Panel and go to General Admin: Configuration and under User and Forum Basic Settings change Allow HTML from No to Yes

# 
#-----[ SQL ]------------------------------------------ 
# 
ALTER TABLE `phpbb_users` CHANGE `user_allowhtml` `user_allowhtml` TINYINT( 1 ) DEFAULT '0' 

(this will change the default value for the user_allowhtml field in the phpbb_users table from 1 to 0)

(you will also need to change the current values for all users (except admins) in this field from 1 to 0)

# 
#End 

As far as I can tell, these coding changes allow only admins to post HTML in private messages and regular posts while completely removing HTML abilities for regular users. However, two things I've noticed:

1) New users registering still are having the user_allowhtml field in phpbb_users table set to 1 even though I changed the default to 0 (I'm guessing something in the php programming is overriding the default mysql setting...?
2) Even with these new users having the user_allowhtml field in the phpbb_users table set to 1 instead of 0, they still don't seem to be able to post HTML in private messages or regular posts...
3) It seems that when an admin has the user_allowhtml field value in the phpbb_users table changed from 1 to 0, they are still able to post HTML in regular posts and private messages, but the default is that the Disable HTML in this message is checked for their posts (whereas it doesn't appear for regular users post because they are totally unable to post HTML)...leading me to believe that it doesn't really matter whether user_allowhtml is set to 1 or 0 and some of my instructions above might me extraneous...


Any help regarding this or confirmation that it works and doesn't screw anything else up, or advice is greatly appreciated!! Thanks!
Last edited by mbressman on Mon Jan 12, 2004 7:21 am, edited 1 time in total.
User avatar
AsAf92
Registered User
Posts: 102
Joined: Tue Jan 06, 2004 1:57 pm

Post by AsAf92 »

that's because the defualt never minds, cause the query at register page for some reason.
so look for the query, and edit it, so in the row that the registration adds, user_allowhtml field will be 0.
hope that i helped.
mbressman
Registered User
Posts: 49
Joined: Tue Sep 02, 2003 1:55 pm
Location: NJ/NYC
Contact:

Post by mbressman »

AsAf92 wrote: that's because the defualt never minds, cause the query at register page for some reason.
so look for the query, and edit it, so in the row that the registration adds, user_allowhtml field will be 0.
hope that i helped.


I kinda guessed it was something in the includes/usercp_register.php file, but from what I can tell, it really doesn't matter whether the user_allowhtml field in the phpbb_users table is set to 1 or 0, as either way they are not able to post HTML given the other coding modifications I made. Is this correct? Also, if this is the case, then commenting out the code in the templates/subSilver/profile_add_body.tpl and making the SQL changed I outlined is probably not necessary...

Can anyone confirm this? Thanks!
mbressman
Registered User
Posts: 49
Joined: Tue Sep 02, 2003 1:55 pm
Location: NJ/NYC
Contact:

Post by mbressman »

OK...I decided that the mod the way I initially designed it was way to restrictive. Basically, it would never allow anyone but admin's to post HTML, and that probably isn't a good thing. So, I've added some stuff to it so that now, when HTML is turned on, you can specify in the ACP whether only admin's should be able to post HTML in private messages and regular posts, or whether all users (including anonymous) should be allowed to post HTML in private messages and regular HTML. Here's the code to make these changes:

REQUIREMENTS: must first make code changes that I listed above/initially

Code: Select all

# 
#-----[ OPEN ]------------------------------------------ 
# 
posting.php

# 
#-----[ FIND ]------------------------------------------ 
#
if ( !$board_config['allow_html'] ) 
{ 
   $html_on = 0; 
} 
else 
{ 
   if ($userdata['user_level'] == ADMIN) { 
      $html_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_html']) ) ? 0 : TRUE ) : ( ( $userdata['user_id'] == ANONYMOUS ) ? $board_config['allow_html'] : $userdata['user_allowhtml'] ); 
   } 
   else 
   { 
      $html_on = 0; 
   } 
} 

# 
#-----[ REPLACE WITH ]------------------------------------------ 
#
if ( !$board_config['allow_html'] )
{
	$html_on = 0;
}
else
{
	if ($board_config['html_admin_only'] ) 
	{
		if ($userdata['user_level'] == ADMIN) 
		{
			$html_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_html']) ) ? 0 : TRUE ) : ( ( $userdata['user_id'] == ANONYMOUS ) ? $board_config['allow_html'] : $userdata['user_allowhtml'] );
		}
		else
		{
			$html_on = 0;
		}		
	}
	else
	{
		$html_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_html']) ) ? 0 : TRUE ) : ( ( $userdata['user_id'] == ANONYMOUS ) ? $board_config['allow_html'] : $userdata['user_allowhtml'] );
	}
}

# 
#-----[ FIND ]------------------------------------------ 
# 
if ( $board_config['allow_html'] && $userdata['user_level'] == ADMIN)
{
	$html_status = $lang['HTML_is_ON'];
	$template->assign_block_vars('switch_html_checkbox', array());
}
else
{
	$html_status = $lang['HTML_is_OFF'];
}

# 
#-----[ REPLACE WITH ]------------------------------------------ 
#
if ( $board_config['allow_html'] )
{
	if ( $board_config['html_admin_only'] )
	{
		if ($userdata['user_level'] == ADMIN) 
		{
			$html_status = $lang['HTML_is_ON'];
			$template->assign_block_vars('switch_html_checkbox', array());
		}
		else
		{
			$html_status = $lang['HTML_is_OFF'];
		}
	}
	else
	{
		$html_status = $lang['HTML_is_ON'];
		$template->assign_block_vars('switch_html_checkbox', array());	
	}
}
else
{
	$html_status = $lang['HTML_is_OFF'];
}

# 
#-----[ OPEN ]------------------------------------------ 
# 
privmsg.php

# 
#-----[ FIND ]------------------------------------------ 
# 
	if ( !$board_config['allow_html'] )
	{
		$html_on = 0;
	}
	else
	{
		if ($userdata['user_level'] == ADMIN) {
			$html_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_html']) ) ? 0 : TRUE ) : $userdata['user_allowhtml'];
		}
		else
		{
			$html_on = 0;
		}
	}

# 
#-----[ REPLACE WITH ]------------------------------------------ 
#
	if ( !$board_config['allow_html'] )
	{
		$html_on = 0;
	}
	else
	{
		if ($board_config['html_admin_only'] ) 
		{
			if ($userdata['user_level'] == ADMIN) 
			{
				$html_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_html']) ) ? 0 : TRUE ) : $userdata['user_allowhtml'];
			}
			else
			{
				$html_on = 0;
			}		
		}
		else
		{
			$html_on = ( $submit || $refresh ) ? ( ( !empty($HTTP_POST_VARS['disable_html']) ) ? 0 : TRUE ) : $userdata['user_allowhtml'];
		}
	}

# 
#-----[ FIND ]------------------------------------------ 
# 
	if ( $board_config['allow_html'] && $userdata['user_level'] == ADMIN)
	{
		$html_status = $lang['HTML_is_ON'];
		$template->assign_block_vars('switch_html_checkbox', array());
	}
	else
	{
		$html_status = $lang['HTML_is_OFF'];
	}

# 
#-----[ REPLACE WITH ]------------------------------------------ 
#
	if ( $board_config['allow_html'] )
	{
		if ( $board_config['html_admin_only'] )
		{
			if ($userdata['user_level'] == ADMIN) 
			{
				$html_status = $lang['HTML_is_ON'];
				$template->assign_block_vars('switch_html_checkbox', array());
			}
			else
			{
				$html_status = $lang['HTML_is_OFF'];
			}
		}
		else
		{
			$html_status = $lang['HTML_is_ON'];
			$template->assign_block_vars('switch_html_checkbox', array());	
		}
	}
	else
	{
		$html_status = $lang['HTML_is_OFF'];
	}

# 
#-----[ OPEN ]------------------------------------------ 
# 
templates/subSilver/profile_add_body.tpl 

# 
#-----[ FIND ]------------------------------------------ 
# 
<!--	<tr> 
	  <td class="row1"><span class="gen">{L_ALWAYS_ALLOW_HTML}:</span></td>
	  <td class="row2"> 
		<input type="radio" name="allowhtml" value="1" {ALWAYS_ALLOW_HTML_YES} />
		<span class="gen">{L_YES}</span>&nbsp;&nbsp; 
		<input type="radio" name="allowhtml" value="0" {ALWAYS_ALLOW_HTML_NO} />
		<span class="gen">{L_NO}</span></td>
	</tr>-->

# 
#-----[ REPLACE WITH ]------------------------------------------ 
# 
	<tr> 
	  <td class="row1"><span class="gen">{L_ALWAYS_ALLOW_HTML}:</span></td>
	  <td class="row2"> 
		<input type="radio" name="allowhtml" value="1" {ALWAYS_ALLOW_HTML_YES} />
		<span class="gen">{L_YES}</span>&nbsp;&nbsp; 
		<input type="radio" name="allowhtml" value="0" {ALWAYS_ALLOW_HTML_NO} />
		<span class="gen">{L_NO}</span></td>
	</tr>

# 
#-----[ OPEN ]------------------------------------------ 
# 
admin/admin_board.php

# 
#-----[ FIND ]------------------------------------------ 
# 
$html_no = ( !$new['allow_html'] ) ? "checked=\"checked\"" : "";

# 
#-----[ AFTER ADD ]------------------------------------------ 
#

$html_admin_only_yes = ( $new['html_admin_only'] ) ? "checked=\"checked\"" : "";
$html_admin_only_no = ( !$new['html_admin_only'] ) ? "checked=\"checked\"" : "";

# 
#-----[ FIND ]------------------------------------------ 
# 
	"L_ALLOW_HTML" => $lang['Allow_HTML'],

# 
#-----[ AFTER ADD ]------------------------------------------ 
#
	"L_HTML_ADMIN_ONLY" => $lang['html_admin_only'],
	"L_HTML_ADMIN_ONLY_EXPLAIN" => $lang['html_admin_only_explain'],

# 
#-----[ FIND ]------------------------------------------ 
# 
	"HTML_NO" => $html_no,

# 
#-----[ AFTER ADD ]------------------------------------------ 
#
	"S_HTML_ADMIN_ONLY_YES" => $html_admin_only_yes, 
	"S_HTML_ADMIN_ONLY_NO" => $html_admin_only_no,

# 
#-----[ OPEN ]------------------------------------------ 
# 
language/lang_english/lang_main.php 

# 
#-----[ FIND ]------------------------------------------ 
# 
$lang['Allow_HTML'] = 'Allow HTML';

# 
#-----[ AFTER ADD ]------------------------------------------ 
#
$lang['html_admin_only'] = 'Allow HTML Posting for Administrators Only';
$lang['html_admin_only_explain'] = 'This allows only Administrators of the board to make posts containing HTML, while other users (including anonymous users) still cannot post using HTML (but can read posts containing HTML with the HTML formatting intact) - requires HTML to be turned on board-wide';

# 
#-----[ OPEN ]------------------------------------------ 
# 
templates/subSilver/admin/board_config_body.tpl 

# 
#-----[ FIND ]------------------------------------------ 
# 
	<tr>
		<td class="row1">{L_ALLOW_HTML}</td>
		<td class="row2"><input type="radio" name="allow_html" value="1" {HTML_YES} /> {L_YES}&nbsp;&nbsp;<input type="radio" name="allow_html" value="0" {HTML_NO} /> {L_NO}</td>
	</tr>

# 
#-----[ AFTER ADD ]------------------------------------------ 
# 
	<tr> 
         <td class="row1">{L_HTML_ADMIN_ONLY}<br /><span class="gensmall">{L_HTML_ADMIN_ONLY_EXPLAIN}</span></td>
         <td class="row2"><input type="radio" class="checkbox" name="html_admin_only" value="1" {S_HTML_ADMIN_ONLY_YES} /> {L_YES}  <input type="radio" class="checkbox" name="html_admin_only" value="0" {S_HTML_ADMIN_ONLY_NO} /> {L_NO}</td>
    </tr>

# 
#-----[ SAVE & CLOSE ALL FILES ]-------------------------- 
# 
#-----[ SQL ]------------------------------------------ 
# 
INSERT INTO phpbb_config (config_name, config_value) VALUES ('html_admin_only ', '1'); 
# 
#End 
If HTML was previously on board-wide, after these changes it will only be on for Administrators. If you still want it to be on for everyone else, simply change the 1 to a 0 in the SQL command.

Well, I think overall this is a nice mod! I'd welcome testing...and I think once I combine this with the previous code and polish it up so that it reads correctly, it will be a good mod!

This mod is only developed for 2.0.4 (since thats the board I'm currently running)...can I still submit it for official approval by phpBB?? If so, how? Thanks!!
netjet
Registered User
Posts: 13
Joined: Wed Jan 14, 2004 4:34 pm

Post by netjet »

is working for phpbb 2.0.6 ?

thanks
mbressman
Registered User
Posts: 49
Joined: Tue Sep 02, 2003 1:55 pm
Location: NJ/NYC
Contact:

Post by mbressman »

Sorry....I have no idea if it works for 2.0.6 since I'm not sure what was changed between 2.0.4 and 2.0.6 - you can try it and I'd be interested to know if it does work on 2.0.6
palmsun
Registered User
Posts: 3
Joined: Wed Mar 10, 2004 9:47 am

Post by palmsun »

Hi,

it work at 2.0.6.

I installed the mod and it works smoothly so far.

Great mod - Thanks.
Elad Repooc
Registered User
Posts: 8
Joined: Tue Dec 09, 2003 9:11 am

Post by Elad Repooc »

works with 2.0.8 as well

very useful MOD, thank u!
mbressman
Registered User
Posts: 49
Joined: Tue Sep 02, 2003 1:55 pm
Location: NJ/NYC
Contact:

Post by mbressman »

Elad Repooc wrote: works with 2.0.8 as well

very useful MOD, thank u!


No problemo!

I don't really have the time to polish up the code or put it in the correct format for official submission for approval by phpBB, but if anyone has some time and would like to do this for me, I'd be more than happy to share authorship and/or credit for this mod. Just let me know....
youngarmy
Registered User
Posts: 2
Joined: Fri Feb 25, 2005 3:53 pm

Signature

Post by youngarmy »

Hi,
I found this MOD very useful, there is I guess just one thing you haven't thought about. If html is on board wide in the config, html is still allowed in the signatures of every user.

I just can't find where I have to change that, I hope someone of you guys has an idea.


CU
Yep
youngarmy
Registered User
Posts: 2
Joined: Fri Feb 25, 2005 3:53 pm

Post by youngarmy »

If someone knows how to change the defalut value for new registering users to 0 instead of 1. That would help as well.

Thanks
Yep
Post Reply

Return to “[2.0.x] MOD Writers Discussion”