phpBB2Refugees.com Logo
Not affiliated with or endorsed by the phpBB Group

Register •  Login 

Continue the legacy...

Welcome to all phpBB2 Refugees!Wave Smilie

This site is intended to continue support for the legacy 2.x line of the phpBB2 bulletin board package. If you are a fan of phpBB2, please, by all means register, post, and help us out by offering your suggestions. We are primarily a community and support network. Our secondary goal is to provide a phpBB2 MOD Author and Styles area.

[RELEASED] Page Permissions


 
Search this topic... | Search MOD Development... | Search Box
Register or Login to Post    Index » MOD Development  Previous TopicPrint TopicNext Topic
Author Message
drathbun
Board Member



Joined: 24 Jul 2008

Posts: 653
Location: Texas


flag
PostPosted: Thu Dec 11, 2008 4:29 am 
Post subject: Page Permissions

This MOD has been validated and released at phpbb.com. I am copying the text of the first few posts here. Note that this MOD will be moved into the MOD Releases forum once the MOD Catalog is complete. This MOD has been installed on this site and every other phpBB2 board that I own or manage. icon_smile.gif

MOD Name: Page Permissions
Author: drathbun
MOD Description: Allows a board owner to set up permissions for any page that uses the phpBB permissions system. The /contrib folder includes some instructions on how to add new pages that use the permissions system as well.

MOD Version: 1.2.2
Tested on phpBB Version: 2.0.22

Frequently Asked Questions... please read the questions and see if your question is here. If it is, scroll down in the post to find the answer.
  • What does this MOD do?
  • Does this MOD replace the existing permissions system?
  • How do I use it?
  • Will this MOD make my board more difficult to upgrade?
  • I have "unknown" for several groups. Can I fix that?
  • I have pages outside of the phpBB script path. Can I still use this MOD?
  • I want to add new pages, can I do that?
  • eXtreme Styles clears out my cache, what can I do?
  • I want guests to be able to view topic subjects but they have to be registered to read them. Can I do that?
  • I want "bots" to be able to view content that regular users cannot.
  • Does it work with PostgreSQL? Other databases?
  • I can't run SQL commands, did you write an installer?
  • Does it work with Category Hierarchy? or with <insert MOD here>?
  • Does it work with EasyMOD?
  • Can this MOD be used to replace other MODs?


What does this MOD do?
In a nutshell, you can set an access level for any php page that includes the phpBB session handling logic in it. Access levels include:

Public (Guest)
Registered
Private
Moderator
Administrator

If you set a page permission to Registered then only users that are logged in can view that page. Private requires membership in a group. Group membership is checked before granting access to a page. Moderator access simply checks moderator status. So if you have users that are moderators for only one forum (as opposed to board-wide moderators which is more common) they will still be able to access moderator level pages.

Are there other options?
Sure. Pages can require (in addition to access levels) certain post counts. For example, I don't allow access to the memberlist on my board until a member has reached a set post count, even if they are registered. So in this case the access level would be Registered and the minimum post count would be 5.

Sounds cool, anything else?
Yes, there's more! This MOD provides a page counter for each page that you set up. If you don't want to use the access control features you can still use the page counter. I find that I want to know not just how many pages my server is providing, but which pages my users are using. And the counter is broken down into Guest views and Registered User views.

You may turn this feature off to improve performance if you like, but it only adds one query to your board.

Anything else?
Yes, there's still more! icon_biggrin.gif You can disable individual pages while you are working on them without disabling the entire board. You can provide a custom disable message for each page. So if you are installing a MOD on the memberlist and you don't want users to see errors while you are working, you can disable the memberlist page and users will receive a custom message like, "The memberlist is currently offline for maintenance" or whatever you like. As a board admin you can still access the page even while it's disabled so you can test the code changes you are making.

Does this MOD replace the existing permissions system?
No, it does not. It supplements it. But you would not want to use this MOD to grant access to forums.

How do I use it?
Here's a screen shot of the admin control panel (ACP) page:

Image link

The first column is a list of pages that you want to count or protect. You don't have to list every page here if you don't want to; the ones shown here are fairly standard. You can see the different columns for guest and member views. The series of checkboxes lets you enable or disable an entire group of pages all at once without having to edit them individually. The Access Level shows you the minimum level of user that is allowed to access the page. A moderator is also registered, and so can see all pages that require "Registered" access. The min / max posts is shown here; note that in this case you must be registered and have at least one post before you can view the memberlist.

Clicking Add new page will allow you to add a new page to your list. Any page that is not listed here will not be protected and no page view counters will be incremented.

Clicking Update Selected Pages will process the checkboxes for disabling pages. This features was requested during development to make it easy to disable more than one page at a time, and I felt it was an excellent suggestion. This way you can disable any number of pages all at once by clicking the checkboxes and then clicking the "update" button.

Clicking Rebuild cache will rebuild your cache file if it has become corrupted. Since the page permissions don't change very often the permissions information is cached to a file in the /cache folder. If for some reason your cache is destroyed or becomes out of date you can refresh it here. Making any alterations to the configuration information (by adding / editing / removing a page or even the using the Update Selected Pages button) will automatically update the cache.

The Increment page view counters option allows you to turn that feature on or off. If you turn off page view counters your guest views and member views will not be incremented, but you will save one update query per view on each protected page. That setting is stored in the phpbb_config table and defaults to "on" should that row ever be removed from your database because of an upgrade or any other reason.

One item that might need explaination is the Page Name. You might have noticed that there are two entries for profile.php. One is for viewing profiles, and the other is for new user registration. When you add a new page to the list you have the opportunity to include a URL parameter like "mode" to help distinquish one function of a particular page from another function. You can even use this to allow users to see a forum on the index but require a certain access level in order to view topics from that forum. To be honest, while this MOD would work for that, the "Forum Auth by Post Count" is a better choice, and it is fully compatible with this MOD.

Here's a shot of the Edit page:
Image link
On this page I show the memberlist.php settings. You can see the custom disable message which will be displayed if I ever disable that page. At the moment it has not been disabled. The Access level is set to Registered meaning guests cannot view the page; they will be prompted to log in first. And even a user that is logged in must have at least one post in order to view the page. And the best part? There is not one single line of code of memberlist.php that has been changed by this MOD. 8) It's all done via the session handling process. If you have a valid session and you request a valid page then it can be protected via this MOD.

The other important fields on this screen are the Parameter and Value. This is how we can protect pages that have more than one function. The default installation sets the access level to Registered for viewing profiles (profile.php?mode=viewprofile) while allowing guests to click to the registration page (profile.php?mode=register). If guests had to be registered before they could register for your board that would be a bit of a problem. icon_wink.gif

At this time I only allow for a single parameter=value pair. I did not find any reason to need more than one, and the added complexity was more than I felt was needed. At some future date if there is a compelling reason to add this I will consider it. I do not need more than one parameter for any of the boards where I am using this MOD.

Will this MOD make my board more difficult to upgrade?
In theory, installing any MODs makes your board more difficult to update. However I have used external language files and mostly external code for this MOD. You do NOT have to alter the php code for every page you want to protect, which is nice! You only modify several standard phpBB files (common.php, constants.php, and functions.php) so any updates are fairly simple. Or just about as simple as they can be for a MOD with the features that this one has.

I have "unknown" for several groups. Can I fix that?
I have written code for all of the standard group types in phpBB. If you have installed a MOD that includes new group types, then they should have included code in includes/constants.php that defined the new group types. If so, you can open admin/admin_page_permissions and find the code that sets up the text for each group type and include those new groups. Someone suggested they had added a PayPal MOD that included a new group type called "Paid". If that MOD included a constant called GROUP_PAID and a language entry called $lang['Group_paid'] (I'm guessing) then the code to fix the list would look like this:
Code:

         switch ($group_row['group_type'])
         {
            case GROUP_OPEN:
               $group_type = $lang['Group_open'];
               break;
            case GROUP_CLOSED:
               $group_type = $lang['Group_closed'];
               break;
            case GROUP_HIDDEN:
               $group_type = $lang['Group_hidden'];
               break;
            case GROUP_PAID:
               $group_type = $lang['Group_paid'];
               break;
            default:
               $group_type = 'Unknown';
         }

If the group constant or language entry is different then you would have to do a bit of investigation. Note that this MOD will function just fine without these changes.

I have pages outside of the phpBB script path. Can I still use this MOD?
With this release, no. It only works on pages within the same location as your forum files. I hope to add this to a future release, but at this point I am not even working on that.

I want to add new pages, can I do that?
Sure! There is even a tutorial and a sample script contained within the /contrib folder that will help you get started. Just unzip "newpage.zip" and load it onto your server. You can copy "newpage.php" to whatever filename you like, edit the template, and you are all set. The instructions include information on how to properly set up your new page so that it appears as a valid location in the "Who's Online" screen as well.

eXtreme Styles clears out my cache, what can I do?
Bug the eXtreme Styles MOD author to fix their code. icon_razz.gif Seriously, the eXtreme Styles MOD is very popular and for a very good reason. I use it myself. But the routine that totally clears out the cache folder does just that: it totally clears out the folder. There is a list of exclusions contained within the code, so that "known" MODs do not get affected. For example, the Attachment MOD cache file is protected. There are instructions in the MOD Author notes as to how to prevent this from happening, and I have reproduced them here:
Quote:

OPEN
Code:
admin/xs_cache.php

FIND
Code:
$skip_files = array(
   '.',
   '..',
   '.htaccess',
   'index.htm',
   'index.html',
   'index.php',
   'attach_config.php',
   );

IN-LINE FIND
Code:
);

IN-LINE BEFORE, ADD
Code:
   'cache_page_permissions.php'

Note that in my version this line
'attach_config.php',
has an extra comma at the end, which should not be there. If your version does not have this extra comma then you will need to add one in order to avoid a syntax error, then add in the extra line as noted above. The final block of code should look something like this:
Code:
$skip_files = array(
   '.',
   '..',
   '.htaccess',
   'index.htm',
   'index.html',
   'index.php',
   'attach_config.php',
   'cache_page_permissions.php'
   );


That should fix is so that if you clear out the cache folder using the eXtreme Styles process that your cache file remains.

I want guests to be able to view topic subjects but they have to be registered to read them. Can I do that?
Interesting question, and the answer is Yes. icon_smile.gif You cannot do that with the standard phpBB permissions system. But with this MOD in place you can set permissions on viewforum.php to Public and set permissions on viewtopic.php to Registered. That means that anyone can view the list of topics, but in order to actually read them they have to be logged in.

I want "bots" to be able to view content that regular users cannot.
Well, hm. I have no idea how to do that, and won't be adding that feature to this MOD.

Does it work with PostgreSQL?
Member R45 posted the required schema changes for PostgreSQL here. I have not tested with databases other than MySQL. If you can get the tables created then you should be fine.

I can't run SQL commands, did you write an installer?
I did not, but you can find several on the web including the following:
http://phpbbstyles.com/sql.php
http://www.phpbbhacks.com/forums/db_generator.php
Please do not post in this topic asking for support on those utilities. I did not write them and do not support them, I am only linking for your convenience.

Does it work with Category Hierarchy? or with <insert MOD here>?
I do not know, test it and see. I did not write it specifically to support Category Hierarchy but it might work. I do not intend to test every other released MOD with this one to determine compatibility, if you are interested in trying it with another MOD make sure you have backups and give it a try. If it works, feel free to post a note in this topic and I will update it.

Does it work with EasyMOD?
It's supposed to, as that's part of the standard MOD validation process. But I do not personally use EasyMOD and do not offer support for it. I have seen posts where EasyMOD has some complaints about perfectly valid SQL that are not always correct.

Can this MOD be used to replace other MODs?
Yes, actually, there are quite a few MODs that can be replaced by this one single MOD. And in many cases this MOD (Page Permissions) is easier to handle during upgrades because there are really very few edits to existing phpBB program files. Some examples of MODs that this can replace:
  • Any MOD that protects the member listing, as Page Permissions can
    • Restrict access to logged in users only
    • Set a minimum post count required to view the memberlist
    • Restrict access to the memberlist to Moderators or Administrators
  • MODs that disable the ability to register, as Page Permissions allows you to disable that specific feature of profile.php while also adding a specific disable message
  • MODs that prevent guests from viewing user profiles (same reasons as given above for protecting memberlist)
  • MODs that disable your board while still allowing the Admin to use it (for testing new features, as an example). Simply disable every page on your list. Admins are exempt from the page disable process, so you (as admin) are free to do anything on the board while other users will see whatever message you issue.
And the best part, in my opnion, is that all of these options are available without having to edit other files like memberlist.php or profile.php or index.php! Since everything is tied to the session handler, and since every phpbb page calls that code, the changes are all handled in a central location.



page_permissions.1.2.2.zip
 Description:
MOD Install File (zipped)

Download
 Filename:  page_permissions.1.2.2.zip
 Filesize:  42.36 KB
 Downloaded:  722 Time(s)


_________________
phpBBDoctor Blog
Back to top
Display posts from previous:   
Register or Login to Post    Index » MOD Development  Previous TopicPrint TopicNext Topic
Page 1 of 1 All times are GMT
 
Jump to:  

Index • About • FAQ • Rules • Privacy • Search •  Register •  Login 
Not affiliated with or endorsed by the phpBB Group
Powered by phpBB2 © phpBB Group
Generated in 0.0229 seconds using 17 queries. (SQL 0.0021 Parse 0.0023 Other 0.0185)
phpBB Customizations by the phpBBDoctor.com
Template Design by DeLFlo and MomentsOfLight.com Moments of Light Logo