Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Forum Module /

Discuss the Forum Module.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Active user confirmation


Go to End


2 Posts   1679 Views

Avatar
DesignCollective

Community Member, 66 Posts

30 July 2010 at 9:01pm

Edited: 30/07/2010 9:45pm

Hello, I am developing a site for a client that requires all users are confirmed prior to accessing any site and forum content. Not so much based on e-mail but there is an external personal check that would happen that has to be done by hand.

Some thoughts first. I was thinking of adding a boolean "Confirmed" db field to the DataObjectDecorator of Member, where until "Confirmed" is not checked, no access would be allowed. I'd set Confirmed to false and upon "Registration" send an email to a pre-set email address. Perhaps there could also be a simple link in the email that would bring the page with the particular Member DataObjectManager popup, so the admin can simply check that. For that, I see the form for a particular member can be pulled up like this: /admin/security/EditForm/field/Members/item/$ID/edit

Curious if anyone's done that and how checking for Cofirmed would be done simply on the level of Security - if Confirmed is not true...

I am implementing the site-wide protection as suggested in one of the forums here:

public function init() {
		parent::init();
		if($this->URLSegment == 'ForumMemberProfile') {
		}
		else if($this->URLSegment != 'Security' && !Permission::check("VIEW_SITE")) {
			 Security::permissionFailure(null);
		}
	}

Q: How would I limit access only to the ForumMemberProfle/register action and no other actions under it?
Q: If I set the permissions from the SiteTree to allow access only to logged in Forum Members, then the Registration Page is invisible. If I use the above, i can have the Register page visible, but when logged in with a Forum Member user, the pages are inacessible (saying I need to login as someone else). What's the best way?
Q: Do I need a <% control %> to access Member variables in the email template or do I ented the variables directly?

Intend to use the ForumMemberEmailNotification class as follows:

<?php

class ForumMemberEmailNotification extends DataObjectDecorator { 
function onAfterWrite() { 
$email = new Email(); 
$email->setTemplate('NewMember');
$email->setTo('...@gmail.com'); 
$email->setSubject('New Member'); 
$email->sendPlain();

parent::onAfterWrite(); 
} 
} 
?>

Q: Would perhaps a better way be to work with the VIEW_SITE permission or maybe even with group membership directly, and to actually not set the membership by default upon registration. Then the admin could just add a newly registered user to the appropriate group to allow access? Maybe the user would have to be added to a different group to allow differentiating between confirmed Forum Members and those that are not?

Thanks for any input.

Avatar
DesignCollective

Community Member, 66 Posts

31 July 2010 at 8:07am

So I figured out to just add the users upon Registration to a new group - Unregistered. And I'll try to figure out how to send a notifcation to the Admin when it happens.

How would I send an email to the user that they are confirmed, when the Admin moves the user to the Forum Users Group? That possible?

Also, I am still figuring out how to allow access only to Logged in users, but allow the /ForumMemberProfile/register to be visible. That's currently my biggest thing.

And on top of everything else, I realized how unclear the title to this topic was - that's what you get when you enter stuff at 5am :)