We have a problem on a drupal 7 site. Logged in or anonymous users are not able to access other user's contact forms. Admins can access the forms.
We have set permissions to allow users and guests to access both the site wide and other users contact forms. Users can access the sitewide contact form.
If we give users permission to administer and edit all user accounts, they can view the contact forms. Obviously, we don't want to grant this access.
Any ideas to solve this problem?
This is a permission problem.
You have to set the permission to guest users to see this form.
In Administer - Users - Permission.
Regards.
Go to People - Permisions, find a module "User", find a line "View user profiles" and set permissions there for your user roles.
17/11/2014.
I had the same problem.
Go to:
Modulos-> Contact(Module) -> Permission -> In the column "ANONYMOUS USER" pick up -> "Administer contact forms and contact form settings", "Use the site-wide contact form", "Use users' personal contact forms".
It's works perfectly.
I also had this problem. Feedback from anonymous users through contact form always returned "Access denied".
From the logs it turned out seckit module was blocking form submission with the following error "Possible CSRF attack was blocked." All I did to get the contact form working again was to comment out the "Base Url" in Drupal setting which I added earlier on.
We ran into this issue recently when testing some changes, and permissions were correct, but it turned out that any 5 submissions from the same IP address resulted in an "Access denied" message for an hour (unless logged in as an admin). This was a result of Drupal's core but hidden flood control/limit settings (to prevent spam/bot activity).
Workarounds we found (if necessary, though we just ran into the problem while testing contact forms more than normal) were either to change the default allowed submissions/time in settings.php by adding lines like the following (for example):
$conf['contact_threshold_limit'] = 10; # limits to 10 submissions from same IP
$conf['contact_threshold_window'] = 1800; # reset flood after 1800 seconds (half an hour)
or to install the Flood control module, which provides a handy GUI for changing these and related settings (i.e. login attempts) without having to bother editing settings.php (which would take precedence, I believe).
Related
I am new working in drupal-commerce module .Currently the system I have is that a logged in user should buy products from my site but there are two particular product I need to my users buy without doing any login . Is it possible in drupal-commerce ? My english is not good so if anyone have any query regarding my question please ask me.
Please help me if there is any solution to this .
Thanks
Purchasing without creating accounts? It is possible.
It is possible to purchase products without creating an account.
By default anonymous users aren't permitted to complete the checkout process. What you need is grant them the Access checkout permission. Changing this permission is really easy:
From /admin, click on the People link, then Permissions
Under the Checkout section, grant the Access checkout permission to anonymous users
Click Save permissions.
Now anonymous users can use checkouts.
How to setup your site to always be anonymous
There is another way to accomplish this, however it is more complicated and possibly you don't want this, I'm just sharing if so.
Users on your page don't have to be logged in (authenticated) or anonymous. To setup your site to always be anonymous, you have to disable only two rules.
The rules can be found by going to the Store Configuration screen and selecting Checkout Settings and then selecting Checkout Rules.
Assign an anonymous order to a pre-existing user
Create a new account for an anonymous order
Disabling these rules mean the users can't login to see their Orders, however it has no side affect to being able to purchase items.
If you want to read more about this, check out this page.
Hope that helps
In my wordpress site i wants to add an additional step in user login.
Means After user enter username and password successfully. He/she has to enter the security question answer which is enter by the user at the time of registration.
Till he/she has not enter the correct answer is not able to access rest of the page.
I can able to redirect the user after login to security question answer page but here he/she can access all other pages without going any security validation.
Please suggest how to restrict user to access all other the pages before validating the security question answer page.
Why don't you let them answer all 3 questions in one form? That way you could verify the security question first and check for the right password/log-in immediately afterwards.
You could start here and build in the security step yourself: http://natko.com/wordpress-ajax-login-without-a-plugin-the-right-way/
WordPress by itself does not provide such functionality of multi-factor authentication. Just redirecting the user after login process to security questions page will not work as the user is already authenticated and cookies are set in the browser. So the user can browse any authenticated URL without answering the security questions.
What should be done is to delay the authentication process of the user until the validation of security questions so that the authentication cookies are not set in our browser.WordPress has several free plugins that provide this functionality.
miniOrange 2-factor authentication plugin in WordPress directory enables to implement this feature easily. The user will have the option to set the security questions in the settings page of the plugin. These questions are presented in a single form after the login process. Without validating these answers users will not be able to navigate to any post-login page even if the URL is correctly entered.
It is better to go for such trusted plugins rather than creating the functionality from the scratch. This plugin is free to use after registration.
Check this guide to add security question in a few simple steps.
I've tried the "Protected Node" module, but that goes to the 404 instead of the password prompt page which it's supposed to give.
Also tried the "Simple Access" module, and after getting it to control access, realised that it still shows users the "edit" menu and there doesn't seem to be a way to switch it off for them.
Thanks to anyone who can help.
I have used the "Node Access" module before. But for one site I had to work on recently, I needed something that allows me to restrict access for anonymous users on a single page. Only visitors, who have received the password should have access.
Installing the Node Access module and creating a specific role seemed to be an overkill for this limited requirement, and I went with the "Protected Pages" module, which allows to set a password for a certain path. (d7 only)
Access to the admin is usually controlled via the user permissions as for limiting access to a specific page, this could be achieved with Panels.
Use NodeAccess module to restrict that page based on role.
Users with the 'grant node permissions' permission will have a grant
tab on node pages which allows them to grant access to that node by
user or role.
So I've enabled the site-wide and user contact forms through the Contact module, enabled ALL of the permissions (for good measure) under the Contact permissions for ALL roles. The contact form tab appears and is accessible for all users when I'm logged into my Admin account, but doesn't appear for any other user role.
I've scoured all over Drupal forums and can only find people making the mistake of forgetting to change permissions or enable the personal user contact form. I've flushed all caches and run updates, done everything I can think of.
Any ideas on what might be causing this?
I was hitting a very similar issue in respect of giving Authenticated the permission Use users' personal contact forms, then logging in and going to user/[uid]/contact results in Access Denied.
Simply I hadn't picked up that each user has to opt in to being contacted via the Personal Contact Form.
EDIT - in a comment below #tanius has provided a link to some code that could be used to mass update the settings for 'opt in' to personal contact form.
If you trip the flood filter you will also get an access denied page. You should get a system message saying "You cannot send more than 5 messages in 1 hour. Try again later.", it prevents you from even seeing the page via the access denied text.
If this is the case, you can resolve it by going to the flood table and deleting some of the entries it. It bases it on IP address so just knock a few of those out.
Give site wide contact contact form permission using code :-
<?php
function mymodule_menu_alter(&$menu)
{
if(isset($menu['contact']))
{
$menu['contact']['access callback'] = TRUE;
}
}
?>
* mymodule is your custom module name.
Try this :
1) go to admin/structure/block
2) Find the block of your contact form
3) Click Configure
4) Check visiblity settings
option - roles
Make sure none are selected so that it will be shown to all roles.
Hope this helps.
Cheers,
vishal
I had the same issue. This is what I did.
Go to Structure --> Blocks
Find here "Main content" and from drop-down menu choose "Content" field. Save your settings and check.
hi i have installed node privacy byrole module from http://drupal.org/project/node_privacy_byrole.when i enable this module some content displaying form from home page.but when i loged in every thing displaying as it was showing previous.
how can i resole this issue. although i have given the view permission for annoymus user
if i'm understanding you right your asking why when you log in you can see everything this is probably because you are logged in as the superuser or user 1 if you are not logging inas the first user you created try checking permissions for the user group of your logged in user