by the way... I've just learned through your example above that [var1_id] contains the user's ID and that in AutoActions the fields names should be surrounded with bracket... Is this documented somewhere? Like a list of all core variables for example?
I just can't get the part that checks if the person viewing the profile is or is not the profile owner's right, except for that, it's working fine. Here's my final code in case it helps someone:
Code:
function checkSecret(){
var x;
var secret=prompt("Do you know the magic word?");
if (secret=='[cb_secretword]'){
x="You do know the magic word!";
alert(x);
} else {
x="Sorry but you are not allowed to access this profile...";
alert(x);
window.location = "/index.php";
}
}
checkSecret();
Now I thought this...
Conditional 2: [user_id] Not Equal To [var1_id]
... was meant to verify who is trying to view the profile (the profile's owner or not?) but it doesn't seem to work for now.
And then I'm also guessing if JS was disabled then there'd be no protection so I'll have to find a way to forbid access to the profiles with JS disabled but that's another matter...
I just can't get the part that checks if the person viewing the profile is or is not the profile owner's right
I've already done this for you. Please see my previous reply. You need to compare the viewer user id against the displayed user id, which can be done in the conditionals.
... was meant to verify who is trying to view the profile (the profile's owner or not?) but it doesn't seem to work for now.
You need to ensure "User" is set to "User". This way the substitutions like [FIELD_NAME] will be from the viewing user instead of the displayed user.
And then I'm also guessing if JS was disabled then there'd be no protection so I'll have to find a way to forbid access to the profiles with JS disabled but that's another matter...
That's why you need a PHP implementation with PHP side validation. A custom plugin to do what you're wanting would be best.
Kyle (Krileon) Community Builder Team Member Before posting on forums:
Read FAQ thoroughly
+
Read our Documentation
+
Search the forums CB links:
Documentation
-
Localization
-
CB Quickstart
-
CB Paid Subscriptions
-
Add-Ons
-
Forge
-- If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
-- If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please
send me a private message
with your thread and will reply when possible!
-- Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
-- My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
krileon wrote: Yes, see the descriptions next to the inputs. For a list of variables that a trigger contains please see the trigger documentation below.
krileon wrote: I've already done this for you. Please see my previous reply. You need to compare the viewer user id against the displayed user id, which can be done in the conditionals.
I guess that's where I got lost... I did it just like you said in your previous reply and it seems that condition has no effect. I guess I did it wrong. I'll take a screenshot just to confirm I didn't make some stupid mistake.
krileon wrote: You need to ensure "User" is set to "User". This way the substitutions like [FIELD_NAME] will be from the viewing user instead of the displayed user.
This is the part I don't get... How do I do that?
krileon wrote:
And then I'm also guessing if JS was disabled then there'd be no protection so I'll have to find a way to forbid access to the profiles with JS disabled but that's another matter...
That's why you need a PHP implementation with PHP side validation. A custom plugin to do what you're wanting would be best.
I have no doubt you're right. But this goes beyond my skills...
Anyway, I've found a solution that has nothing to do with CB. Since other parts of that website are going to require JS to work properly anyway, I'm simply redirecting all visitors with JS disabled to an alternate page that gives them instructions to enable it. I'll even refine it by detecting the URL and seeing if for example I have the alias attributed to CB in it... All this is done with the noscript tag simply in the template.
If I set user to "user" with the same condition you previously mentioned then on any profile I go to it's my own secret word that works.
That's not what I'm looking for...
Each member should be able to define his secret word to prevent access to his profile, without being asked for it himself.
krileon
