In the last post in this series I explained how private forum permissions work in phpBB2, and then how an Auto Group MOD might make use of these permissions to dynamically grant permissions for a board member to view a private forum. In other words, the forums are managed by the normal phpBB2 security process and are hidden until I am added to the proper group. Then I mentioned how the Forum Auth by Post Count MOD works in an opposite direct. Forums are not private, they are public instead. The MOD hides these forums until they should be visible.
It does not override or replace the standard permissions system. It provides a new layer on top.
There are two main functions that I wanted to provide with this MOD. First is whether a board member can see a forum or not. Second is whether they can post or not. Since these are all attributes of an individual forum I decided the best place to store that information was on the phpbb_forums table. I use the following SQL script in my MOD to create the new columns:
alter table phpbb_forums add min_posts_to_view mediumint(8) default 0; alter table phpbb_forums add max_posts_to_view mediumint(8) default -1; alter table phpbb_forums add min_posts_to_post mediumint(8) default 0; alter table phpbb_forums add max_posts_to_post mediumint(8) default -1;
Hm. Let me explain these defaults. First, note that there are two columns for each permission type: minimum and maximum. I did those to provide the most flexibility to board owners. Some owners might want to have an “orientation” forum that is no longer visible after a member has reached some level of posting activity. With that in mind I added a maximum post count value for viewing a forum. But I didn’t want a board owner to have to guess what the maximum value might be. Even if you put in 999,999 there is still a chance (ok, a very small one ) that some user could get to that point.
Astute readers might realize that it is possible, however unlikely, that a user could end up with a negative post count. That’s true, and I’ve seen it myself. However I added special logic into my code to handle that.
Once these four columns are added to the database, that’s it. This MOD does not require any new tables or any rows in the phpbb_config table. Sometimes I will add a row to the configuration table in order to allow a board owner to turn features on or off, but in this case if you want to turn the feature off you simply set the post counts in an appropriate fashion.
Once these values are created, I had to adjust the existing administrator page used to create / modify forums so that the four fields are filled in. What’s next?
Checking View Permissions
Once the fields are created and filled, the next requirement is to check them before a user can see something. There are several places where this has to be done:
- index.php – this one is fairly obvious, I don’t want to display forums on the index if the user post count doesn’t qualify them
- viewforum.php – naturally Even if a user doesn’t see the forum on the index, they might try to hack a url by changing the forum_id manually. Need to make sure they can’t see hidden forums here.
- viewtopic.php – this is similar to viewforum. I don’t want users to be able to see topics from forums they’re not allowed to see, even if they hack the URL with a random topic_id value.
- search.php – this is the hard one… you can’t present the forum in the drop-list of options to search, and you can’t let any search results come back from hidden forums. Lots of changes here.
- posting.php – It’s less likely here, but still have to prevent someone from posting into a forum (or replying to a topic) that they don’t have access to.
So, are there more edits or fewer edits with this MOD than an Auto Group MOD? To be honest, I didn’t think to check that. I would rather have a few more code changes and less database work, since code changes are done only once. Database queries happen on every page.
Next time, how I set up some functions so that I only have to change the functionality in one place rather than all of the places listed above.