Restrict clippings access to authed user only

Help
neerav
2004-09-16
2013-05-29
  • neerav

    neerav - 2004-09-16

    Using the privacy filters to not display certain info to unauthed users is great.  However, if I turn on clippings they are still able to download all hidden details.  Is there a way to restrict the use of clippings to authenticated users only?  Or that they are only able to download the information visible to them after the filters are applied?

    I've had to turn off clippings to authenticated users just because of this "loophole". 

    Thank you.

     
    • Erich R. Iseli

      Erich R. Iseli - 2004-09-16

      neerav,

      I did the following in order to keep the clippings:

      In clippings php, at the very top, there's already an if statement to check if the clipping cart is not enabled and to return false. I added my own if statement: if there's no username in the session array, then return false. It works very well. I know it's a hack though and a nicer solution should be found.

      ....
      if (!isset($ENABLE_CLIPPINGS_CART)) $ENABLE_CLIPPINGS_CART = false;
      // Addition by Erich R. Iseli 2004-09-15
      if (empty($_SESSION["pgv_user"])) $ENABLE_CLIPPINGS_CART = false;
      // End Addition by Erich R. Iseli 2004-09-15

      if (!$ENABLE_CLIPPINGS_CART)
      ....

       
    • neerav

      neerav - 2004-09-16

      Thank you.  I'll make those changes ASAP.

      Maybe that should be made into an option in the next release?

       
    • John Finlay

      John Finlay - 2004-09-16

      The clippings cart should only allow people to download information that they can normally see.  There were some bugs in the clippings cart included with version 3.1 that have been fixed for the next version 3.2 release.

      But I still like the idea of resticting access to the clippings cart to certain users so I will add that for the next release too.

      --John

       
    • neerav

      neerav - 2004-09-23

      Erich, in addition to the change you mentioned, I also modified the appropriate theme toplinks.html and/or header.html to leave out the clippings button for those not logged in.

      I replaced:

                      if ($ENABLE_CLIPPINGS_CART) {

      with:

                      /* if ($ENABLE_CLIPPINGS_CART) { */
                      // Change by Neerav Modi 2004-09-23
                      // original line is above
                      if (($ENABLE_CLIPPINGS_CART) and (!empty($_SESSION["pgv_user"]))) {
                      // End change by Neerav Modi 2004-09-23

      Even when 3.2 is released, unauthed users won't even see the clippings button.  Asthetically nice too!

       

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks