and yes i know the whole, you can just disable it in JS thing, but i can careless, also keep in mind if i don't mind side server hosting codes to prevent then from going down with js.Would it be possible to get a code that make it so that only assigned usergroups can see the members list? I know i could just hide the link how i have it, but in i dont want normal members to see it
You could write a code to replace the table if they're not in the group. Have it say that they're not allowed to view it or something.
something like that?
Code:
- <script type="text/javascript">
- <!--
- if(vf_usergroup == "3" || vf_usergroup == "2" || vf_usergroup == "1"){
- if(location.href.match(/\/members(\/|$)/i)) {
- document.write('An Error Has Occurred');
- }
- }
- //-->
- </script>
or maybe this:
Code:
- <script type="text/javascript">
- <!--
- if(vf_usergroup == "3" || vf_usergroup == "2" || vf_usergroup == "1"){
- if(location.href.match(/\/members(\/|$)/i)) {
- get('members_list','id').innerHTML = '<table cellpadding=0 width=100% cellspacing=0 border=1 class="window1"><tr><td class="title1"><center><b>An Error Has Occurred</b></center></td></tr></table>';
- }
- }
- //-->
- </script>
my js sucks, but i'm sure i'm on the right path.
Your check for the usergroup doesn't work.vf_usergroupIs an array. So you need to loop through it!
I won't do it for you at the moment, but will if you don't get it down!
i've done the usergroup check just like that in the past, and it works fine
Thing is, if the person's in multiple groups it won't work.
oh ok, when i did it before it was with someone that was in a single group
edit: though i think there is something else wrong, cause i did a little debugging and removed the usergroup check and did a username check, and put some random name so that i wouldn't be able to see it, and i was able to, so something other then the usergroup check is wrong
What's your modified code, I hadn't said the rest was correct or not.
well this is what i'm using for the main part:
Code:
- <script type="text/javascript">
- <!--
- if(vf_usergroup != "1" || vf_usergroup != "2" || vf_usergroup != "3"){
- if(location.href.match(/\/members(\/|$)/i)) {
- get('members_list','id').innerHTML = '<table cellpadding=0 width=100% cellspacing=0 border=1 class="window1"><tr><td class="title1"><center><b>An Error Has Occurred</b></center></td></tr></table>';
- }
- }
- //-->
- </script>
I realized that i screwed up and put == when i needed !=, and even when using this it don't work:
Code:
- <script type="text/javascript">
- <!--
- if(vf_username != "dfsdfsdf"){
- if(location.href.match(/\/members(\/|$)/i)) {
- get('members_list','id').innerHTML = '<table cellpadding=0 width=100% cellspacing=0 border=1 class="window1"><tr><td class="title1"><center><b>An Error Has Occurred</b></center></td></tr></table>';
- }
- }
- //-->
- </script>
Which that should be saying if the user assign's username isn't dfsdfsdf then is shows An Error Has Occurred instead of the member table. I seen the member list check done before so i took that from another code that i know works, so the location check should be fine. That makes me wonder if the ID is wrong, but thats the id i found in the source code
Edit: I've even tried this:Code:
- <script type="text/javascript">
- <!--
- if(vf_username != "gdsfgds"){
- if(location.href.match(/action\/members(\/|$)/i)) {
- document.getElementById("members_list").style.display = "none";
- }
- }
- //-->
- </script>
Code:
- <script type="text/javascript">
- <!--
- if(vf_usergroup != "1" || vf_usergroup != "2" || vf_usergroup != "3"){
- if(location.href.match(/action\/members(\/|$)/i)) {
- document.getElementById("members_list").style.display = "none";
- }
- }
- //-->
- </script>
and yet no go
Code:
- <script type="text/javascript">
- <!--
- for(i = 0, block = false; i < vf_usergroup.length; i++)
- if(!vf_usergroup[i].match(/^(1|2|3)$/)){
- block = true;
- break;
- }
- if(block){
- if(location.href.match(/\/members(\/|$)/i)) {
- get('members_list','id').innerHTML = '<tr><td class="title1"><center><b>An Error Has Occurred</b></center></td></tr>';
- }
- }
- //-->
- </script>
Try that in the main footers.
I know, I think you were probably putting it in the header. Your code would have worked (not sure about the usergroup check though!), but it needed to be in the footer.
umm for some reason its blocking me out
but my by group 1 (admin) and my group 2 (mod) need to be working with both group 3 (free account), and group 4 (paid account) and since i'm both group 1 and group 4, it doesn't work lol, i completely forgot about that
but yes i was trying the header and not the footer lol
Edit: Plus I made a few edits:Code:
- <script type="text/javascript">
- <!--
- for(i = 0, block = false; i < vf_usergroup.length; i++)
- if(!vf_usergroup[i].match(/^(1|2)$/)){
- block = true;
- break;
- }
- if(block){
- if(location.href.match(/\/members(\/|$)/i)) {
- var f = document.title.split(" - ")[0];
- document.title = f + " - An Error Has Occurred";
- get('nav_tree','id').innerHTML = "<a href='/'>" + f + "</a> :: An Error Has Occurred";
- get('members_list','id').innerHTML = '<tr><td class="title1"><b>An Error Has Occurred</b></td></tr><tr><td class="window1">Invalid Module</td></tr>';
- }
- }
- //-->
- </script>
anyways the groups need to be pair up like: Group 1 + Group 3 | Group 1 + Group 4 | Group 2 + Group 3 | Group 2 + 4 Group
Then change the regexp match! >.<
Hmm.. What you're wanting is a bit harder actually. You'll have to check if it equals etc.
Group 1 + Group 3 | Group 1 + Group 4 | Group 2 + Group 3 | Group 2 + 4 Group
^^ Is that the grouping that you want?
yes as well as just group 2 and group 2. Group 3 and Group 4 are meant for the non-staff for the most part
anything? cause i seriously have no idea how to do the group check myself
Rather much harder to do tbh. to make it match two things when it's in an array, what's the problem with the current?
cause each staff account has two groups assigned, and I can't add those groups to the check because then the non-staff version of the groups can see then and thats what i'm trying to prevent.
Its rather complicated to explain, but the best i can say is that there is no posting groups, just the members groups (Free Member | Paid Member) and those are the groups i'm trying to prevent from seeing the members list. The thing is that the staff have to have those groups as well, but still need to see the user list where, i feel if it was public the list could be considered a privacy problem for members. Its bad enough that the URL in the suer profile contains the users username, which is a major security risk
Edit: I figured it just be easier to see if ross will integrate a feature like this. There is so many uses a a person can come up with when having the ability of being able to set who can view the members list. If it goes through i wont need this code, so i hope it does, but i will need something to that effect. I seriously wonder if ross would code custom features for a forum if he was paid good money to do so
I don't see why it's a security risk to know someone's username... Or for that matter, to see them on the member list!
the members list is a privacy problem cause not everyone like the idea of other people knowing what they are doing. I know i don't like the idea of people being able to find out if i play a game just by looking at a list of things.
as for the username, when knowing the username it just makes it that much easier to hack the users account. Especially with the admin account
Knowing username, or userID is no different to anything. I honestly think you're being over cautious here.....
I'd being logical, i know there is going to be people complaining because of it. There is reasons why you never see video game websites displaying their members list, its because it is an invasion of privacy to the user, and so is displaying the username. At list if the username was changed to the userid that is assigned to each account anyways, it would knock out the risk of people getting upset thinking displaying the username they used is an invasion or privacy, as well as it would remove the possible security risk and help protect the members
All i'm doing is thinking from the point of view as if I was a member of the site. I can see perfectly how they can complain, because there is privacy issues with it displaying their info to the public and stuff like that. I'm sure there is people here on the forum that can understand what i'm saying and agree with why I am saying it.
Thing is though, by signing up people know what they're getting into. That will mean that you're not going to display names next to posts, in the info center, in the last post column. For that matter, remove profiles completely, remove the PM system.....?
I have the registration system setup so that they have to assign a display name upon registering, which they can't change after registering. I also have it so that when they click modify profile it redirects them to the website so they can only edit the information I allow them to edit, which is the basics like password, email, gender, avatar, all set so they can still set just what they want. As for the info center, that would display their assigned display name. The pm system would be the only other problem
Though i don't deny that its not perfect, i need to come up with a way to build a check to make sure the display name has not been used before, similar to the username check.
either way ross assigned an ID to every account that is made, i know this because I noticed it when printing out the array from the API, so it wouldn't be hard to chance http://support.virtualforums.co.uk/action/view_profile/user/ username to http://support.virtualforums.c o.uk/action/view_profile/user/ 1 but even if taht doesn't change, it still be more secure not allowing people to search through the members, then if they could
You wouldn't be able to change the vF system to use numbers instead of names. There's no way for you to get the username of the person from that etc. So no way that you could get it to still show the right profile. What if someone registers with a number username?
There's no way for you to get the username of the person from that etc.
Thats not true, you can still call the username query from the database, just find ways not to display it.
So no way that you could get it to still show the right profile. What if someone registers with a number username?
I thought about that too, and what is the odds? Plus its not liked it change anything if they had, no one will ever guess that, not even if the users userid and their username are exactly the same
To the first quote... I mean that on vF you can't get it to call the username from the User ID.
not without a little bit for recoding, but if a check is done on the userid then check the username field assigned to that ID, i'm sure it can be called. Especially for a great coder like ross.
Oh it can. But The thing is, Ross isn't going to recode the system to something that's less SEO friendly or whatever.
I also never said the modification would work for everyone
Edit: do you know why money amounts are censored?
In what way are they censored?
$ 5 <-- is an example, if you remove the space between the $ and the 5 it vanishes
Go post it in bugs!
$5
ah lol i thought it was just censored
