disable some SMF functions/pages

anonymous001 · August 21, 2015, 07:26:04 AM

huhey smf community;

Because I use SMF API to handle all login/logout process with my external database I need to disable the following functions of SMF, so no user can use this functions via "browser" anymore (I will handle all these processes using scripts):
1.) disable user registration (I handle all registrations via SMF API)
2.) disable logout of a user (logout page) (SMF API + my scripts will logout a user)
3.) disable "change settings" page, user should not be able to change e-mail/password
4.) disable user login page (+password forgotten page)

Any idea how to get these points done?

margarett · August 21, 2015, 07:45:11 AM

Edit index.php and remove the necessary actions from the known actions array

Kindred · August 21, 2015, 07:47:27 AM

disabling registration is simple -- turn off registration in the admin.

actually DISABLING 2 and 4 could be complicated.... but you can remove the menu options for those very easily... just edit the menu array in Subs.php
MAYBE (untried) you could comment out the login and logout actions in the action array in index.php

regarding #3 - you could turn off the permission to edit their profile -- but that turns off more than just the email/password.
stopping just the email/password could get very complicated...

anonymous001 · August 21, 2015, 08:15:41 AM

Any idea where I have to disable the lines?
Disabling registration was easy, yes but I don't know where in Subs.php I will find the points I need to disable.

Kindred · August 21, 2015, 08:30:11 AM

in subs.php, search for "home"

there are only a couple of instances -- and the menu array is pretty obvious.
Actually -- in the menu array, you can CHANGE the action from being an internal forum action and trigger your own script action in place of that (thus, leaving the buttons, but using your site action)
(or just remove it, if that's what you prefer)

See the wiki article/faq on how to ADD a button in 2.0 -- removing a button is done in the same place.

anonymous001 · August 21, 2015, 10:07:26 AM

Dear smf devs;

I want to disable the following functions:
-changing e-mail/password
-login
-logout
-user registration

I think the last three points can be archived by changing the internal SMF routes. Deleting the buttons in the template was easy, but changing the routes directly maybe would be the best option.
Is there any global routing file to do so?

Keep fit;

Kindred · August 21, 2015, 10:30:04 AM

hrm.... please stop opening multiple topics on the same issue?

(merged)

the action array is in index.php -- however, that is very specific to SMF's action calls -- so, no, there is no clear "global routing" to handle functions outside of SMF.

although, in theory, you could create a Sources file e.g. "Integrate-functions.php"
and then -- in that file create functions which call your external functions...

thus preserving the requirement to use SMF format action calls that just so happen to point to external actions.

margarett · August 21, 2015, 11:12:15 AM

Did anyone read my previous post?

anonymous001 · August 21, 2015, 11:20:47 AM

could you please show me the line how to do so?
index.php isn't "small"

Kindred · August 21, 2015, 12:11:46 PM

look at the action array....

the actions are called with file and function...

anonymous001 · August 21, 2015, 03:14:33 PM

All things are done nearly completly, but I need some help on:
-disabling the possibility for users to change username and/or e-mail adress in settings page.
Any idea how to find the correct lines for this?

All the best;

Kindred · August 21, 2015, 03:18:56 PM

well, the FIELDS themselves would be in one of the profile source files and profile.template.php

Apart from that, I don't know what else might be involved

anonymous001 · August 21, 2015, 03:54:45 PM

Hmm seems to be a hard task to get done.
I don't find any hint in this files, maybe because of the size

.
The controller, which validates the entrys and save the edited settings to db is located in???
Changing this controller wouldn't be a good idea or does the admin "change user details" controller is another one?
Hope you understand my question, I don't want to crash the option to edit users (as an admin).

Kindred · August 21, 2015, 06:44:50 PM

no, the "controller" for users is the same as for admins

anonymous001 · August 22, 2015, 12:30:48 PM

Hmm okay, I think deleting the field + buttons of the users settings page should to the task.
Any lines where I could find them? profile.template.php is so huge $:-\$

margarett · August 22, 2015, 02:26:29 PM

The "Profile-Modify.php" is not a straightforward thing to analyze because you don't see the fields just hard-coded there.

You can easily tweak the access levels for it. Example for email address:

Code Select

		'email_address' => array(
			'type' => 'text',
			'label' => $txt['email'],
			'subtext' => $txt['valid_email'],
			'log_change' => true,
			'permission' => 'profile_identity',
			'input_validate' => create_function('&$value', '
				global $context, $old_profile, $context, $profile_vars, $sourcedir, $modSettings;

				if (strtolower($value) == strtolower($old_profile[\'email_address\']))
					return false;

				$isValid = profileValidateEmail($value, $context[\'id_member\']);

				// Do they need to revalidate? If so schedule the function!
				if ($isValid === true && !empty($modSettings[\'send_validation_onChange\']) && !allowedTo(\'moderate_forum\'))
				{
					require_once($sourcedir . \'/Subs-Members.php\');
					$profile_vars[\'validation_code\'] = generateValidationCode();
					$profile_vars[\'is_activated\'] = 2;
					$context[\'profile_execute_on_save\'][] = \'profileSendActivation\';
					unset($context[\'profile_execute_on_save\'][\'reload_user\']);
				}

				return $isValid;
			'),
		),

See the "'permission' => 'profile_identity'," bit? just raise that permission to, eg, admin_forum and only admins will be able to edit email addresses.

Kindred · August 22, 2015, 02:48:09 PM

Thanks, margarett... that's what i was trying to remember

anonymous001 · August 22, 2015, 04:12:32 PM

-Thanks for this huge bunch of code snippet

.
So here's what I understand.
Changing the permissions of email_address, passwrd1, passwrd2 to administrator level would make the forms not appear on settings page.
But here are some questions.
-What's the permission I should set into the array?
-Did this block the function of the SMF api?
-How to disable the "submit" button at the bottom of the "profile settings" page?

All the best;

margarett · August 22, 2015, 04:26:20 PM

QuoteChanging the permissions of email_address, passwrd1, passwrd2 to administrator level would make the forms not appear on settings page.

Yes

QuoteWhat's the permission I should set into the array

admin_forum should work. It will allow admins to still edit profiles

QuoteDid this block the function of the SMF api?

No, I don't think so (although, admittedly, I never used the API...)
I'm pretty sure that the API doesn't use Profile-Modify...

QuoteHow to disable the "submit" button at the bottom of the "profile settings" page?

Removing the form submit element. But why would you do that? If you don't want your members to edit their profile, just remove that permission...

Kindred · August 22, 2015, 04:58:09 PM

right.... there are OTHER parts of the forum profile that they SHOULD be able to edit, since it i unlikely that your script will handle everything in the profile

News:

disable some SMF functions/pages