Error for member sending email: "You are not allowed to access this section"?

Started by Prids, May 11, 2018, 06:25:10 PM

Previous topic - Next topic

Prids

Hi,

New 2.0.15 install, set up how I need it to be, and now running through the final checks before release.

I have registered several 'new members' (for testing only - all me, on different emails).

My problem is, that attempting to email from one 'member' to another, it fails with an error " You are not allowed to access this section".

I cannot find a permission to turn on/off email entitlements.  All members get the default "Allow users to email me" checked in their Profile > Account Settings.

I never had this in previous versions, so probably an "idiot at the controls" problem.

Any help appreciated!

Cheers,

Paul

Aleksi "Lex" Kilpinen

How are you trying to send the email? I think SMF shouldn't even show the option if you aren't allowed to use it.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Prids

Hi Thanks,

Welcome and announcement mails go out fine.
A member can access the member list; click the email icon for a particular member; fill in the email template; click send.  That is when the error pops up (no corresponding error in the log).
Checking/unchecking the permission to allow members to "Send a forum email to members" (which seems to relate to mass mailing - which is not required) has no effect on the ability to send individual emails.

Paul

Aleksi "Lex" Kilpinen

Out of curiosity, what's the url in your browser when the error comes up?
I am currently away from PC, but will definitely look in to this later. Would sound like a redirect to a restricted area to me.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Illori

do you have any mods installed?

are you testing with an admin account or a user account?

if a user account do they have permission to view users profiles?

looks like after the email is sent it redirects to the users profile.

Code (SendTopic.php) Select

// Now work out where to go!
if (isset($_REQUEST['uid']))
redirectexit('action=profile;u=' . (int) $_REQUEST['uid']);
elseif (isset($_REQUEST['msg']))
redirectexit('msg=' . (int) $_REQUEST['msg']);
else
redirectexit();


if you dont want to grant access to the profile, the redirectexit can be changed to another location like the forum index.

Prids

Thanks Aleksi and Illori,

The URL when the error returns is:

https://forum.[domain.com]/index.php?action=profile;u=7

Packages installed by the package manager are:
1.   Custom Form Mod (This needed a code edit - one of the last posts in it's support: https://www.simplemachines.org/community/index.php?topic=248871.1820 )
2.   Country Flags
3.   PM Attachments   2.11
4.   Who Downloaded Attachment
5.   Alternate User Posting 1.0.1
6.   Topic Viewers   1.0     
7.   SimplePortal   2.3.7 

I have to go know, will look at the further advice from Illori later.

Thanks!

Paul

Prids

Further info on this, relating to Illori's advice.

Some progress.  This using a standard member account, emailing either Admin or another member.  The error URL returned indicates to me that the re-direct is to the recipient's profile.  However I do not allow members to view each other's profiles or email addresses, for confidentiality. 
If they want to share their email with another voluntarily that is fine.

As Admin, if I email a member I am also returned to the recipient profile, which is logical as I am allowed to see and edit it.

Is this a valid code edit I can use to return them to the board index, and do you think this redirect is the blockage on the send?


// Now work out where to go!
if (isset($_REQUEST['uid']))
redirectexit('action=forum' . (int) $_REQUEST['uid']);
elseif (isset($_REQUEST['msg']))
redirectexit('msg=' . (int) $_REQUEST['msg']);
else
redirectexit();



Many thanks.

Paul

Kindred

You do know that the email address I sent only visible to admins, by default?   Normal users can not usually see another user's email address in their profile...

So restricting access to view the profile is kind and pointless
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Aleksi "Lex" Kilpinen

Yeah, the redirect is the culprit to the error if you do not allow profiles to be viewed.
But for the email addresses, In Admin -> Configuration -> Security and Moderation -> General,
there's a little setting just for that: "Allow viewable email addresses". :)
Without that, no one (except Admins) can see email addresses.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

Prids

Quote from: Prids on May 11, 2018, 06:25:10 PM
I never had this in previous versions, so probably an "idiot at the controls" problem.

How perceptive of me!

Very many thanks for the tips Aleksi, Illori, and Kindred.
I now have things as I want them.

Paul

Advertisement: