| Author | Post |
|---|
reviewum
Member
| Joined: | Mon May 30th, 2005 |
| Location: | |
| Posts: | 8 |
|
Posted: Thu Jun 9th, 2005 10:03 pm |
|
I'm super interested in the "Automatic Signup" feature but couldn't find more information on how to set this up, especially with details on how to have editWrx automatically create a folder for that user along with how to "populate their new folder with the files and folders you specify".
I did some playing around and discovered how to create a community:
- Create a super user and login as that user
- Click on the "Insert Add User Form" icon.
- Follow the instructions.
So far so good.
A quick question. Let's say I want all the users to use common header and footer includes. I've currently got this setup with PHP so I'm thinking about creating an index.php page as a default file that will be automatically populated for each user. My question is this: How do I force each new page the users create to include these headers and footers?
Thanks in advance!
|
reviewum
Member
| Joined: | Mon May 30th, 2005 |
| Location: | |
| Posts: | 8 |
|
Posted: Thu Jun 9th, 2005 10:08 pm |
|
Another quick question. Are there any suggestions on how to limit malicious usage of the auto signup? I'm thinking that some people may find the signup page, create an account, and upload some images / files and usurp quite a bit of bandwidth.
One possible solution is to have a signup verification so the super user and/or admin has to okay the user before they are allowed to start using their account.
Any other suggestions?
|
Keith
Moderator
| Joined: | Fri Apr 8th, 2005 |
| Location: | |
| Posts: | 578 |
|
Posted: Fri Jun 10th, 2005 12:58 am |
|
A quick question. Let's say I want all the users to use common header and footer includes. I've currently got this setup with PHP so I'm thinking about creating an index.php page as a default file that will be automatically populated for each user. My question is this: How do I force each new page the users create to include these headers and footers?
A lot of people ask why EditWrx does not let a user create a new page from scratch. The answer to your question answers that question too. In a community context the site owner wants to control page layout, etc.
When you fill the folder to populate their folder, add a template.html page for them to always use for creating new pages. Since you are using includes you will need to create editblocks that do not contain those includes (to keep EditWrx from overwriting your include tags). Since they can not edit that part of the page your headers and footers remain intact.
They could upload a totally bogus page and use it as their template instead. There is no way to programmatically prevent that. So, in your instructions.html just state plainly that use of the site template is required, and pages not using it may disappear without notice.
|
Keith
Moderator
| Joined: | Fri Apr 8th, 2005 |
| Location: | |
| Posts: | 578 |
|
Posted: Fri Jun 10th, 2005 01:06 am |
|
Are there any suggestions on how to limit malicious usage of the auto signup? I'm thinking that some people may find the signup page, create an account, and upload some images / files and usurp quite a bit of bandwidth.
One possible solution is to have a signup verification so the super user and/or admin has to okay the user before they are allowed to start using their account.
That's actually the way I do it. Create a separate form for them to submit an application that gets emailed to you. If you approve them send them an email with the url to domain.com/efiT4v7T/signup.html so they can get started. Sure the url looks goofy, but nobody is going to "find the signup page" if there are no links to it.
You you could put the signup.html behind Basic Authentication and include the username and password to get to it, but guessing something like efiT4v7T/ (or whatever) would require a brutforce attack equal to one needed to attack an .htpassword file, so nothing is really gained.
|
reviewum
Member
| Joined: | Mon May 30th, 2005 |
| Location: | |
| Posts: | 8 |
|
Posted: Fri Jun 10th, 2005 01:36 am |
|
Keith, thanks for the help.
A bit of clarification.
1) When they do a "save as" how do I limit them to only php extentions? Do I have to limit all the extentions for the whole site via admin access to only allow php extention files?
2) Your solution sounds like it will work. I guess the only problem would be if a search engine spider somehow found the signup page, or if people sent the link to their friends. Other than that your solution should work just fine.
|
Keith
Moderator
| Joined: | Fri Apr 8th, 2005 |
| Location: | |
| Posts: | 578 |
|
Posted: Fri Jun 10th, 2005 07:35 pm |
|
1) When they do a "save as" how do I limit them to only php extentions? Do I have to limit all the extentions for the whole site via admin access to only allow php extention files?
2) Your solution sounds like it will work. I guess the only problem would be if a search engine spider somehow found the signup page, or if people sent the link to their friends. Other than that your solution should work just fine.
1) The only limitation on extensions is the list of allowable extensions in the Site Parameters. Again, this is something you want to note on your instructions.html (or perhaps .php) that they are re-directed to when their folder is created. Guarantee, they wont use the wrong extension twice.
2) It is impossible for a search engine to find a file that does not have a link to it, unless you specifically tell the robot.txt file where the file is and that robots should index it. Don't mention the goofy named folder or link to it and it is invisible to the world. If you are using some application process you'll know who should have access. Good business practice of periodically looking at your members folder will alert you to any unaccounted for signups by "friends".
If you really need to police signups, route them through a paid subscription. That routine is built to guarantee that only a paying customer can signup and then only once.
|
lazerbri
Member
|
Posted: Sun Jun 12th, 2005 07:08 pm |
|
sorry but I can not find "Insert Add User Form" icon.
please help
Brian H
|
Rob
Member
| Joined: | Wed May 25th, 2005 |
| Location: | |
| Posts: | 21 |
|
Posted: Sun Jun 12th, 2005 07:48 pm |
|
Brian,
Make sure you:
1) Created a super user
2) Gave the super user the ability (through the admin panel) to create new users. There is a checkbox when editing users that needs to be checked to give them this ability.
3) Make sure you are logged in as a "super user".
There should be a little icon with a blue person in the middle of the bottom row.
Good luck.
|
lazerbri
Member
|
Posted: Sun Jun 12th, 2005 08:02 pm |
|
great thanks for the help
I now got it working, thanks again :)
Brian H
|
Current time is 05:14 pm | |
|
