[MOD] - User access profile permission

[thunderstrike]

This MOD is for add user IDs from editprofile so other user see your profile. If fail check, user is redirect to 4images error page. Same user ID value is check too.
Note: Use space for each ID add.

NO KAI - NO DEMO KAI

I post screenshot.

// Step 1

In member.php file - showprofile action,

find:

Code: [Select]

if ($user_row = get_user_info($user_id)) {      

add after:

Code: [Select]

if (function_exists('check_user_access_profile_field') && !check_user_access_profile_field($user_info['user_id'], $user_row['user_access_profile']) && $user_row['user_id'] != $user_info['user_id'] && $user_info['user_level'] != ADMIN) {
          show_error_page($lang['user_access_profile_no_permission']);
}

// Step 1.1

find:

Code: [Select]

if ($action == "editprofile") {
  $txt_clickstream = $lang['control_panel'];
  if ($user_info['user_level'] == GUEST) {
    show_error_page($lang['no_permission']);
    exit;
  }

add before :

Code: [Select]

if ($action == "exec_edit_user_access_profile") {
    if (isset($HTTP_POST_VARS['user_access_profile'])) {
        $user_access_profile = (isset($HTTP_POST_VARS['user_access_profile'])) ? un_htmlspecialchars(trim((string)$HTTP_POST_VARS['user_access_profile'])) : "";
    } else {
        $user_access_profile = "";
    }
    
    if (empty($user_access_profile)) {
        $action = "editprofile";
    }
    
    if (isset($user_access_profile) && !empty($user_access_profile)) {
        if (function_exists('check_same_user_access_ids') && check_same_user_access_ids($user_info['user_id'], $user_access_profile)) {
            $msg = $lang['user_access_profile_same_ids_error'];
            $action = "editprofile";
        } else {
            $result = $site_db->query("UPDATE " . USERS_TABLE . " SET user_access_profile = '" . $user_access_profile . "' WHERE " . get_user_table_field("", "user_id") . " = " . $user_info['user_id']);      
            if ($result) {
                $msg = $lang['user_access_profile_edit_success'];
                $action = "editprofile";
            }
        }
    }
    
}

if ($action == "edit_user_access_profile") {
    $txt_clickstream = $lang['user_access_profile'];
    
    $site_template->register_vars(array(
    "lang_user_access_profile_textarea_title" => $lang['user_access_profile_textarea_title'],
    "user_access_profile" => $user_info['user_access_profile'],
    "lang_submit" => $lang['submit'],
    "lang_reset" => $lang['reset']
    ));
    $content = $site_template->parse_template("member_access_profile");    
}

// Step 1.2

In editprofile action,

find:

Code: [Select]

"lang_icq" => $lang['icq'],

add after:

Code: [Select]

"url_user_access_profile" => $site_sess->url(ROOT_PATH . "member.php?action=edit_user_access_profile"),

// Step 2

In lang/english/main.php file,

add in top ?>:

Code: [Select]

//-----------------------------------------------------
//--- User access page --------------------------------
//-----------------------------------------------------
$lang['user_access_profile'] = "User Access Profile";
$lang['user_access_profile_textarea_title'] = "User Access Profile - Edit";
$lang['user_access_profile_edit_success'] = "Edit success !";
$lang['user_access_profile_no_permission'] = "You do not have permission to access this profile.";
$lang['user_access_profile_same_ids_error'] = "You cannot add your ID for viewing your own profile. Please try again without your own ID.";

// Step 3

In includes/functions.php file,

add in top ?>:

Code: [Select]

if (!function_exists('check_same_user_access_ids')) {
    function check_same_user_access_ids($user_id, $user_access_profile) {
        global $check_same_user_ids;  
        if (!isset($check_same_user_ids)) {
            $ids = trim($user_access_profile);
            $ids = preg_replace("/[\n\r]/is", " ", $ids);
            $ids = str_replace(",", " ", $ids);
            $ids = preg_quote($ids);
            $ids = str_replace('/', '\\/', $ids);
            $check_same_user_ids = preg_split("/\s+/", $ids);
        }
        foreach ($check_same_user_ids as $key => $val) {            
            if ($val == $user_id) {                
                return $user_id;
                return $user_access_profile;
            }
        }        
    }
}

if (!function_exists('check_user_access_profile_field')) {
    function check_user_access_profile_field($user_id, $user_access_profile) {
        global $split_other_user_ids;  
        if (!isset($split_user_ids)) {
            $ids = trim($user_access_profile);
            $ids = preg_replace("/[\n\r]/is", " ", $ids);
            $ids = str_replace(",", " ", $ids);
            $ids = preg_quote($ids);
            $ids = str_replace('/', '\\/', $ids);
            $split_other_user_ids = preg_split("/\s+/", $ids);
        }
        foreach ($split_other_user_ids as $key => $val) {            
            if ($val == $user_id) {                
                return $user_id;
                return $user_access_profile;
            }
        }
    }
}

// Step 4

In templates/your_template/member_editprofile.html file,

find:

Code: [Select]

<p align="center">
    <input type="submit" value="{lang_save}" class="button" />
    <input type="reset" value="{lang_reset}" class="button" />
  </p>
</form>
<br />

add after:

Code: [Select]

<table width="100%" border="0" cellpadding="4" cellspacing="0">
<tr>
<td valign="top" class="head1">{lang_user_access_profile}</td>
</tr>
</table>
<table width="100%" border="0" cellpadding="4" cellspacing="0">
<tr>
<td class="row1" width="100%" align="center"><a href="{url_user_access_profile}">{lang_user_access_profile}</a></td>
</tr>
</table>
<table width="100%" border="0" cellpadding="4" cellspacing="0">
<tr>
<td>&nbsp;</td>
</tr>
</table>

// Step 5

In templates/your_template , create new file: member_access_profile.html .

Add:

Code: [Select]

<form method="post" action="{url_member}">
<input type="hidden" name="action" value="exec_edit_user_access_profile">
<table width="100%" border="0" cellpadding="4" cellspacing="0">
<tr>
<td valign="top" class="head1">{lang_user_access_profile_textarea_title}</td>
</tr>
</table>
<table width="100%" border="0" cellpadding="4" cellspacing="0">
<tr>
<td class="row1" width="100%" align="center"><textarea name="user_access_profile" class="textarea" />{user_access_profile}</textarea></td>
</tr>
</table>
<table width="100%" border="0" cellpadding="4" cellspacing="0">
<tr>
<td class="row1" width="50%" align="right"><input type="submit" name="submit" value="{lang_submit}" class="button">&nbsp;&nbsp;</td>
<td class="row1" width="50%" align="left">&nbsp;&nbsp;<input type="reset" name="reset" value="{lang_reset}" class="button"></td>
</tr>
</table>
<table width="100%" border="0" cellpadding="4" cellspacing="0">
<tr>
<td class="head1" width="100%" align="center">&nbsp;</td>
</tr>
</table>
</form>

// Step 6

In includes/db_field_definitions.php file,

add in top ?>:

Code: [Select]

$additional_user_fields['user_access_profile'] = array($lang['user_access_profile'], "textarea", 0);

// Step 8

In SQL Patches MOD,

add:

Code: [Select]

ALTER TABLE 4images_users ADD user_access_profile TEXT NOT NULL default '';


[Lucifix]

Is it possible to disallow blocked users to post comments on owner images with this mod?

[kai]

Any screenshot available?

[Lucifix]

I tried this MOD but it's not working. Blocked user ID is saved in DB but user still can view my profile. 

2nd - many members doesn't know what user ID mean. It would be much more easier for then to enter user name / nickname.

[Lucifix]

This code would be perfect for this mod, but my server is down and I can't modify it.

Code: [Select]

<script language="JavaScript">
function addSrcToDestList() {

destList1 = window.document.forms[0].destList;
srcList = window.document.forms[0].srcList;
var len = destList1.length;
for(var i = 0; i < srcList.length; i++) {
if ((srcList.options[i] != null) && (srcList.options[i].selected)) {
//Check if this value already exist in the destList or not
//if not then add it otherwise do not add it.
var found = false;
for(var count = 0; count < len; count++) {
if (destList1.options[count] != null) {
if (srcList.options[i].text == destList1.options[count].text) {
found = true;
break;
}
}
}

if (found != true) {
destList1.options[len] = new Option(srcList.options[i].text);
len++;
}
}
}
}

// Deletes from the destination list.
function deleteFromDestList() {
var destList1 = window.document.forms[0].destList;
var len = destList1.options.length;
for(var i = (len-1); i >= 0; i--) {
if ((destList1.options[i] != null) && (destList1.options[i].selected == true)) {
destList1.options[i] = null;
}
}
}


function allSelect()
{
List = document.forms[0].destList;
if (List.length && List.options[0].value == 'temp') return;
for (i=0;i<List.length;i++)
{
List.options[i].selected = true;
}
}

</SCRIPT>
<html>

</head>

<body>
<form name="upload" id="upload" ENCTYPE="multipart/form-data" method="POST" action="<?php $_SERVER['PHP_SELF']?>" onSubmit="allSelect();">

<select name="srcList" multiple size=10 style="width:150;" >
<option value ="0" >Admin</option>
<option value ="1" >Public</option>
<option value ="2" >Private</option>
<option value ="3" >All</option>
</select>

<input type="button" value=" >> " onClick="javascript:addSrcToDestList()">

<input type="button" value=" << " onClick="javascript:deleteFromDestList();">

<select name="destList" size=10 style="width:150;" multiple >
</select>

<input type="submit" class="button3" name="upload" value="Insert" >

</body>
</html>

[thunderstrike]

Is it possible to disallow blocked users to post comments on owner images with this mod?

Is possible.

In details.php file,

find:

Code: [Select]

.get_user_table_field(", u.", "user_icq")."

replace:

Code: [Select]

.get_user_table_field(", u.", "user_icq").", u.user_access_profile

find:

Code: [Select]

$bgcounter = 0;

add after:

Code: [Select]

$user_access_profile = true;

find:

Code: [Select]

elseif ($is_image_owner) {
        $admin_links .= ($config['user_edit_comments'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=editcomment&amp;".URL_COMMENT_ID."=".$comment_row[$i]['comment_id'])."\">".$lang['edit']."</a>&nbsp;";
        $admin_links .= ($config['user_delete_comments'] != 1) ? "" : "<a href=\"".$site_sess->url(ROOT_PATH."member.php?action=removecomment&amp;".URL_COMMENT_ID."=".$comment_row[$i]['comment_id'])."\">".$lang['delete']."</a>";
      }

add after:

Code: [Select]

if (function_exists('check_user_access_profile_field') && !check_user_access_profile_field($user_info['user_id'], $comment_row[$i]['user_access_profile']) && $comment_row[$i][$user_table_fields['user_id']] != $user_info['user_id'] && $user_info['user_level'] != ADMIN) {
          $user_access_profile = false;
}

find:

Code: [Select]

if (!$allow_posting) {
    $comment_form = "";
}

replace:

Code: [Select]

if (!$allow_posting || $user_access_profile == false) {
    $comment_form = "";
}

Finish.

I tried this MOD but it's not working. Blocked user ID is saved in DB but user still can view my profile.

I no can reproduce this. 4images version, PHP version and mySQL version ? Jan function is purfect for match values in textarea format. If report problem from Jan of this ... I replace code if problem.

2nd - many members doesn't know what user ID mean. It would be much more easier for then to enter user name / nickname.

Is possible.

In function I post for comment:

Code: [Select]

if (function_exists('check_user_access_profile_field') && !check_user_access_profile_field($user_info['user_id'], $comment_row[$i]['user_access_profile']) && $comment_row[$i][$user_table_fields['user_id']] != $user_info['user_id'] && $user_info['user_level'] != ADMIN) {
          $user_access_profile = false;
}

replace:

Code: [Select]

if (function_exists('check_user_access_profile_field') && !check_user_access_profile_field($user_info['user_name'], $comment_row[$i]['user_access_profile']) && $comment_row[$i][$user_table_fields['user_id']] != $user_info['user_id'] && $user_info['user_level'] != ADMIN) {
          $user_access_profile = false;
}

for member (showprofile action):

Code: [Select]

if (function_exists('check_user_access_profile_field') && !check_user_access_profile_field($user_info['user_id'], $user_row['user_access_profile']) && $user_row['user_id'] != $user_info['user_id'] && $user_info['user_level'] != ADMIN) {
          show_error_page($lang['user_access_profile_no_permission']);
}

for:

Code: [Select]

if (function_exists('check_user_access_profile_field') && !check_user_access_profile_field($user_info['user_name'], $user_row['user_access_profile']) && $user_row['user_id'] != $user_info['user_id'] && $user_info['user_level'] != ADMIN) {
          show_error_page($lang['user_access_profile_no_permission']);
}

After this change, edit each user ID for each user name in textarea (member edit profile link page).

Finish.

Any screenshot available?

I post screenshot.

1st post is say.  - tseh

[thunderstrike]

This code would be perfect for this mod, but my server is down and I can't modify it.

I no like. PHP code is inside HTML. Please read this topic:

http://www.4homepages.de/forum/index.php?topic=6839.0

Is say by Chris.

[Lucifix]

This code would be perfect for this mod, but my server is down and I can't modify it.

I no like. PHP code is inside HTML. Please read this topic:

http://www.4homepages.de/forum/index.php?topic=6839.0

Is say by Chris.

No PHP is needed in this code. It shows you two textfields - one with all users and the other with selected users from 1st one. Save code as 1234.html file and check it out.

[thunderstrike]

My MOD is no need for PHP after install. Is use HTML textarea for each user value.

For your code, please change:

Code: [Select]

<form name="upload" id="upload" ENCTYPE="multipart/form-data" method="POST" action="<?php $_SERVER['PHP_SELF']?>" onSubmit="allSelect();">

for:

Code: [Select]

<form name="upload" id="upload" ENCTYPE="multipart/form-data" method="POST" action="{self}" onSubmit="allSelect();">


It shows you two textfields - one with all users and the other with selected users from 1st one.

where is update for USERS_TABLE in JS file ?

[Lucifix]

As I said this is just a example file. I can't modify it or integrated with 4images becouse my site is DOWN

Thanks for your help!

[thunderstrike]

As I said this is just a example file.

Ok, I get now. Problem is - if use 2 textfield - you need two new field in USERS_TABLE. My MOD is use 1 textarea field.

[Lucifix]

Did anyone else tried this mod, because it's not working for me.

[CanonInk]

Did anyone else tried this mod, because it's not working for me.

It's working fine at my site.

Take care, CanonInk

[Lucifix]

Okey thx, so there must be something wrong with my code 

I found out that this function is not working:

Code: [Select]

if (function_exists('check_user_access_profile_field') && !check_user_access_profile_field($user_info['user_id'], $user_row['user_access_profile']) && $user_row['user_id'] != $user_info['user_id'] && $user_info['user_level'] != ADMIN) {
Because of this:

Code: [Select]

!check_user_access_profile_field($user_info['user_id'], $user_row['user_access_profile'])
I tried echo $user_info['user_id'] and  $user_row['user_access_profile'] which show the same ID

I don't have any clue what's wrong...

[Lucifix]

Did anyone else tried this mod, because it's not working for me.

It's working fine at my site.

Take care, CanonInk

Did you try this modification: Is it possible to disallow blocked users to post comments on owner images with this mod?