I'm trying to secure the Forum (boards) folder of the NOPCommerce 2.8 website. I would like to use the existing membership provider and roles that come with it. I just want the role group, "Forum Moderators" to be able view content in the forum and any other role group or anonymous user would be redirected to login page if they click on forum.
This used to be easy with .aspx pages where I would say ", and that would prevent anonymous users from accessing, but with .cshtml pages, it doesn't work.
Does anyone have a simple solution for using existing role security from nopcommerce to secure the Forum?
Thanks
If you understand ActionFilters, you can easily achieve the result by mean of a plugin. All you need to do is to check the role at the 'OnActionExecuting' method of your ActionFilters. If you search on nopCommerce.com forums, I've also written a few post to explain about this. :)
Here is how I secured the forum with the help of someone in the Nopcommerce forum
#using Nop.Core.Domain.Customers;
#using Nop.Services.Customers;
#using Nop.Core;
#{
bool customerHasRoleX = EngineContext.Current.Resolve<IWorkContext>().CurrentCustomer.IsInCustomerRole("Administrators");
bool customerHasRoleY = EngineContext.Current.Resolve<IWorkContext>().CurrentCustomer.IsInCustomerRole("ForumModerators");
}
#if ((customerHasRoleX == true) | (customerHasRoleY == true)) {
}
else
{
Response.Redirect("~/login?ReturnUrl=%2fboards");
}
Related
I have created a website whereby users register and create their own templated profile pages. The profile pages are automatically created as Custom Posts upon registration, with the user being set as the Author of their specific post (profile).
(Users can only ever have one Custom Post)
I want to redirect a "dumb" URL like www.website.com/my-profile to a user's custom post when they are logged in.
For example, when John Smith visits www.website.com/my-profile he is directed to his profile page: www.website.com/users/john.smith
I have found many PHP solutions going the other way, but I can't seem to find a solution that does what I need. Any help would be greatly appreciated. Thanks!
This may not be the correct answer to the original query, but proved to be a solid workaround:
Instead of redirecting www.website.com/my-profile to www.website.com/users/john.smith every time it is entered in the URL bar, I created a shortcode that could be used when needed throughout the site.
add_shortcode('bt_redirect_user_link', 'bt_redirect_user_link');
function bt_redirect_user_link ($atts) {
// check if user is logged in
if (is_user_logged_in()) {
// get current user object
$current_user = wp_get_current_user();
// get user nickname
$user_nickname = $current_user->data->user_nicename;
// set the link href
$link_href = '/users/' . $user_nickname;
// output the link html
return $link_href;
}
}
Fortunately for me, the www.website.com/my-profile link (which needs to be redirected) is only available on buttons/icons visible to logged in users. This may not be a fully workable solution for websites that need to display the link to logged out users, and I assume IF/ELSE statements would needed to be added in those cases.
i have a wordpress site. I want to restrict access sources. Restriction should be people who write url or copy-paste to web browser. People should only enter via Google search results to my website.
How its possible? could you explain to me step by step ?
You must work with $_SERVER['HTTP_REFERER'] value. When you access to site directly - this field is empty.
Something to play around:
$referer = strtolower($_SERVER['HTTP_REFERER']);
if (strpos($referer,"google")) {
//FROM GOOGLE
} else {
//OTHER WAY
}
I have a setup of Wordpress blog with a couple of password-protected pages, each of them with special content and a different password.
I would like to have a login form (password-only) on a single public Wordpress page, which redirects to the corresponding password-protected page, according to the submitted password.
Anybody know of a good free plugin for that or any ideas how to fetch Wordpress pages by password?
I found a solution:
$result = $wpdb->get_results("SELECT ID FROM wp_posts WHERE post_password = '{$_POST['post_password']}'");
if($result) {
wp_safe_redirect(get_bloginfo('url') . "/?page_id=" . $result[0]->ID);
} else {
wp_safe_redirect(wp_get_referer());
}
Do you think it is reliable enough?
How can this functionality be implemented in such a way, that it preserve itself upon Wordpress update?
Thanks!
I'm in the process of making some improvements to a live Drupal site that's using the Domain Access module to run a number of microsites. I'm trying to find a way of restricting the menus a user can post content to from the node edit screen. A user on one of the domains should only be able to post content to menus associated with that domain.
Is there a simple way of achieving this? I'm guessing there are some hooks I could use, but so far I have been unable to identify them. I'd prefer not to have to install further modules to achieve this and to be able to add some code to the current site to alter the forms. The site is struggling with the large number of modules we've had to install on it already.
According to the readme for the module, you need to set some specific permissions in user management:
To enable this feature, you should grant the 'edit domain nodes' and
(optionally) the 'delete domain nodes' permission to some roles. Then assign
individual users accounts to specific domains to assign them as Domain Editors.
From my experience many moons ago with the module, you can check the global $user object and figure out what domains the user should have access to. You can then use a form alter to remove any options from the select box that you don't want them seeing. As always with Drupal though, it's better to let someone else write the code - so if the Domain module provides this functionality, use it!
Here is some updated code for Drupal 7:
/**
* Implements hook_form_FORM_ID_alter().
*/
function MYMODULE_form_page_node_form_alter(&$form, &$form_state) {
global $_domain;
if (isset($_domain['domain_id'])) { // only display domain's primary links
$menus[domain_conf_variable_get($_domain['domain_id'], 'menu_main_links_source')] = $_domain['sitename'].' Main menu';
}
if (isset($menus)) {
$options = menu_parent_options($menus, $form['#node']->type);
$form['menu']['link']['parent']['#options'] = $options;
}
}
Eventually found a way of fixing this for the particular project I have been working on: in module_form_alter I've added the following:-
global $_domain;
if (isset($_domain['domain_id'])) { // only display domain's primary links
$menus[domain_conf_variable_get($_domain['domain_id']
,'menu_primary_links_source')] = $_domain['sitename'].' Primary links';
}
if ( isset($menus) ) {
$options = menu_parent_options($menus, $form['menu']['#item']);
$form['menu']['parent']['#options'] = $options;
}
This restricts the menu options to just the current domain's primary links menu which is just what we wanted.
Thanks to Fabian who pointed me in the right direction earlier.
I would like to have a Google Adwords conversion trigger when a new node is submitted on my Drupal 6 site, but cannot find a way to do this.
Basically I want a user to submit some details into a custom node type, let's call it "Player". When a new Player is added, I want to trigger an Adwords conversion. I have looked at the Custom (Form) Destination module, but this doesn't seem to work for this form. Even if it did work, I'd have to somehow cleverly distinguish between new submissions and edits because they have the same form_id.
Anyone have experience of something similar to this and can offer any advice?
This is likely going to take a small bit of coding in a custom module.
I would recommend creating a hook_node implementation which fires when a node is being created. It then fires off the adwords conversion.
Something like:
function mymodule_nodeapi(&$node, $op, $a3 = NULL, $a4 = NULL) {
if ($op == 'insert' && $node->type == 'whatever_content_type') {
// Code to trigger adwords conversion.
}
}
If you need help creating a custom module, I would suggest you visit the Drupal Development IRC Chatroom at #drupal on irc.freenode.net. Someone there would be happy to help you get started!
In the end it turns out they wanted it just when someone used the contact form, so I created a webform (using webform module) for my contact form and then used php code in the thankyou page to achieve this.