#1190 Add Check for login before error msg

phpGedView
open
nobody
5
2010-02-05
2010-02-05
Marc Riley
No

On the Individual page, it should check to see if you are logged in befpre displaying privacr errors.

Just added the following to Line 1396 of /includes/controllers/individual_ctrl.php. would like a better login link though.

if (!PGV_USER_ID) {
print "<br /><span class=\"error\"><font size=+1>";
print $pgv_lang["privacy_error"];
print " Please ";
print_user_links();
print "</font></span><br />";
} else {
print_privacy_error($CONTACT_EMAIL);
}

Discussion

  • Marc Riley

    Marc Riley - 2010-02-05

    Updated File

     
  • Anonymous - 2010-02-05

    Er... why? The whole point is to check if the user is entitled to view this record, which is covered by the function "if (!$this->indi->canDisplayDetails()) {"

    and, why not in all the other places where privacy is checked in that same file...?

    and why use "Please" ? Like this it won't get translated into other languages, so needs to be a language variable if you are going to use it.

    Perhaps you could explain exactly what problem you are trying to fix first?

     
  • Marc Riley

    Marc Riley - 2010-02-06

    OK the idea is to ask the user to login to view/gain access the private information, instead of just emailing tech help since he is not logged in. I also channged up the solution and added two vars in the lang.en.php file :
    $pgv_lang["please"] = "Please ";
    $pgv_lang["to_access"] = " to access this information.";

    and just modified the function print_privacy_error in the Functions_print.php
    function print_privacy_error($username) {
    global $pgv_lang, $CONTACT_METHOD, $SUPPORT_METHOD, $WEBMASTER_EMAIL;

    $method = $CONTACT_METHOD;
    if ($username==$WEBMASTER_EMAIL) {
    $method = $SUPPORT_METHOD;
    }
    $user_id=get_user_id($username);
    if (!$user_id) {
    $method = "mailto";
    }
    echo "<br /><span class=\"error\">", $pgv_lang["privacy_error"], " ";
    if ($method=="none") {
    echo "</span><br />";
    return;
    }
    if (!PGV_USER_ID) {
    echo $pgv_lang["please"] , " ";
    print_user_links();
    echo $pgv_lang["to_access"];

    } else {
    echo $pgv_lang["more_information"];
    if ($method=="mailto") {
    if (!$user_id) {
    $email = $username;
    $fullname = $username;
    } else {
    $email = get_user_setting($user_id, 'email');
    $fullname=getUserFullName($user_id);
    }
    echo " <a href=\"mailto:$email\">", $fullname, "</a></span><br />";
    } else {
    $userName=getUserFullName($user_id);
    echo " <a href=\"javascript:;\" onclick=\"message('$username', '$method'); return false;\">", $userName, "</a></span><br />";
    }
    }
    }

     
  • Anonymous - 2010-02-06

    OK, I think I understand better now. Have to say I still don't like it personally (but that doesn't mean others won't). It seems to assume either that you have a lot of registered users that don't bother logging in (I don't), or that you allow anyone who wants to to register themselves. I don't do that either.

    If I changed my site ata ll, it would be to tell anyone who gets a "Private" message to go to the registration page - but all that does is tell them to send me (Admin / Tech support) a message requesting registration. Thats what the original message does too - so need for any change as far as I'm concerned. I control registration VERY tightly. Only verified family members get a login. I regard that as a key part of protecting data on living relatives.

    If this were adopted as standard PGV it would need to be optional as far as I"m concerned.

    Perhaps a better place for it is in Patches, rather than Feature Requests, then those who want it can use it, others can ignore it.

    Just a thought - wouldn't it be easier just to change these language variables
    $pgv_lang["privacy_error"] = "This information is private and cannot be shown.";
    $pgv_lang["more_information"] = "For more information contact";

    to say what you want?

    You can use a special "extra.en.php" file to over-ride the normal language variables just for your site.

    Nigel

     
  • Marc Riley

    Marc Riley - 2010-02-06

    Well I control access to my site very closely as well, this just gets those long lost family members and new relatives to create an account before asking why they cant see something. i too only allow access to people that are actually in my tree, and deny access to anyone just asking questions but still help them.

    The original code just has them email the Tech/admin not apply for an account.

    After looking through the rest of the code , yes you could just modify the two lang vars instead of creating new ones , BUT...

    But i still like the change in code in the function print_privacy_error, if the user is actually logged in and there are privacy restrictions he is tole then to email you... so then you Would need different variables.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks