Semi-anonymous user [message #17998] |
Wed, 28 April 2004 18:36 |
Gribnif
Messages: 82 Registered: December 2003
Karma: 0
|
Member |
|
|
I'll bet the answer to this suggestion will be "no", but we really do have a need for it, so I figured I should ask.
On our site, we need to be able to creat private forums that only certain people can use. But it needs to be only the people that we choose to allow in.
We can't have users sign up for their own account and then request permission to enter a forum, because then we have no way of verifying that they should be allowed in. We don't always know the email addresses of the people we want to allow in in advance. Sometimes it will just be people who are sent a postcard in the mail.
The usual "Anonymous" account can't be used for this purpose, since it can't read any forums on my system. I need to be able to limit who can read each forum.
Instead, I think we need to be able to have a single account that can be used by all the users of a single forum, but not others. The forum's administrator would give out the same username and password to all potential users of the forum, but it would only be usable in that one forum.
I can't just create any old account for this purpose, because there are several problems:
1. Any user can change the password or email address, thus ruining the account for everyone else.
2. Any settings changes made by one user of the account will affect the other users.
3. The lists of what messages have already been read will get shared among all users of the account.
So, I guess what I'm proposing is a special kind of flag which would cause any account to be treated like the Anonymous account (can't change password, no settings changes, etc.) But it would be assignable to groups, so I can control which forums it can post to or read.
The icing on the cake would be to add a field to the New Thread and Reply forms, allowing the user to add their own username and email address to their post. I realize that this would be insecure, and easy for them to spoof, but at this level that's not too important to me. It's more important that they had to authenticate to get into the forum in the first place.
I realize this feature might be of limited use, but it's the only way I can see around this problem we're having. It's what's keeping us from completely doing away with wwwboard, which I want to do because it's so old and so attractive to spammers.
I'd be willing to help make the code changes, but unless I knew they are going to be incorporated into the full program, it would be difficult to justify. The number of customizations I have to make now when installing a new version is already pretty large, and I think this feature change will require a lot of small changes to a number of source files.
|
|
|
Re: Semi-anonymous user [message #18002 is a reply to message #17998] |
Wed, 28 April 2004 19:15 |
Ilia
Messages: 13241 Registered: January 2002
Karma: 0
|
Senior Member Administrator Core Developer |
|
|
The blunt answer is NO, but let me give you a few suggestions that may be of some use.
Your main problem is that you do not have means of identifying people who need to be given access to the forum.
Here are several possible solutions:
1) For people who request access for it via e-mail, post cards etc... you can create an account via the Admin "Add User" control page and send them the login/password via whatever means are available. When creating an account via the control panel you can enter a bogus e-mail address the person can change later on.
2) Turn on account moderation, meaning that new forum accounts must be approved by the administrator before they become active. Whether or not account should be activated would be based on the data a person had entered upon registration.
3) You can allow anyone to read the forum, but set a posting password, which is something only authorized users would be aware of. This would allow those users to post new topics and replies.
FUDforum Core Developer
|
|
|
Re: Semi-anonymous user [message #18007 is a reply to message #18002] |
Wed, 28 April 2004 20:12 |
Gribnif
Messages: 82 Registered: December 2003
Karma: 0
|
Member |
|
|
Thanks for the suggestions. None of them is quite perfect, though. #1 and #2 aren't automatic enough, and #3 lets too many people read the forums.
They did get me thinking of another way to do it, though. Here's what I think I may try:
1. Create a special account sign-up form (a version of register.php) and put it into a special folder on the web server. Protect this folder with a username and password (Apache .htaccess), which can be given to just those users who are to sign-up for the service. Include, as a hidden field in the form, the number of the forum they should be added to later on.
2. When they access the form, they'll be asked for the username and password they were given on the postcard. They can then fill-out the registration form, and go through the normal FUDforum registration confirmation stuff. When the user entry is created, add them for read/write in the correct forum.
3. Send out the confirmation email, as normal. When they click on the link, they get in.
This is a little bit bad, in that I'll be keeping a customized version of register.php.t for myself, that I'll have to update when you update yours, but at least I won't have all the other problems I mentioned.
I'll try to write this myself, and see how far I get .
|
|
|
Re: Semi-anonymous user [message #18008 is a reply to message #18007] |
Wed, 28 April 2004 20:23 |
Ilia
Messages: 13241 Registered: January 2002
Karma: 0
|
Senior Member Administrator Core Developer |
|
|
You can make the process much simpler, when people request access via a postcard or whatever you would give them a special id of sorts. This ID they would be required to enter on the registration page, when it comes to approving new accounts (turn on new account moderation) you can display the entered id and based on it approve or decline the user.
This would only require very basic modification to the code itself.
FUDforum Core Developer
|
|
|