I'm using DNN 7.1.2 and what I want to do is prevent users from navigate on other profiles and see their usernames - make the profiles private (I've already disabled all the info from Profile Settings).
If I login on any user and than paste this url in the browser http://example.com/ActivityFeed/tabid/58/UserID/93/language/en-US/Default.aspx , I can see this guy's username, and if I increment the UserID I cand see the next users.
My initial solution was a rewriterule in IIS for url: ActivityFeed/tabid/58/UserID/*/language/en-US/Default.aspx but the problem is that the edit profile url is similar to this and this will prevent users to edit the profiles, which is not acceptable :)
Does anyone know a solution or how can it be done with code?
I resolved this using code.
In the file DesktopModules\Admin\ViewProfile\ViewProfile.ascx.cs I added the following lines:
if(!IsUser)
{
Response.Redirect(GetRedirectUrl(), true); // Redirect to homepage
return;
}
If you want show a message like "Access Denied" you can use:
Response.Redirect(Globals.NavigateURL("Access Denied"), true);
I would be a lot simpler to set profile properties to be not publicly viewable.
And, your method will be overwritten by an upgrade.
Related
I'm unable to login to my own subscription. When I try to login the page shows next error: "Your account has been locked. Contact your support person to unlock it, then try again.". The URL of this page looks like https://login.microsoftonline.com/[ANOTHERORG].onmicrosoft.com/oauth2/..., but I do not work in ANOTHERORG anymore and I want to login into my own subscription.
The ID of my own subscription should be f77b7b54-c38f-44e0-a471-95a4914cf742. I tried to login multiple times from incognito windows of different browsers and for some reason it tries to login into ANOTHERORG instead of my own. BTW, I used the same email address to login into ANOTHERORG and my own so I do not understand what the problem is, I think Azure should suggest to select which subscription I want to login to. How can the problem could be solved? How can I login into f77b7b54-c38f-44e0-a471-95a4914cf742 ?
Also I'm unable to create issue using https://azure.microsoft.com/en-us/support/create-ticket/ because of the same problem: it tries to login to ANOTHERORG which I do not have access anymore
I hope people from Microsoft are read questions on stackoverflow and will help to solve my problem
Finally I was able to find solution: I opened link https://portal.azure.com/#blade/Microsoft_Azure_Billing/SubscriptionsBlade which was mentioned in https://learn.microsoft.com/en-us/azure/cost-management-billing/manage/troubleshoot-sign-in-issue. From here I was able to change my default directory (Switch Directory -> Set your default directory dropdown). Now when I open portal.azure.com it opens my own subscription without an issue.
Clean Dnn Version : 09.01.01 (129)
When I work with Dnn and have javascript console opened, a lot of times I get error:
/DnnImageHandler.ashx?mode=profilepic&userId=1&h=32&w=32 500 (Internal
Server Error)
At the same time the image in the toolbar profile is missing. Where an how I can see what is working wrong what logs to check? If I go to Manage / Admin Logs and select Log Settings There is a lot of stuf I can enable, but dont know what can be right to see this error and try to find something more.
If I try to open this link in another browser window most of the time everithing is OK and I get generic user image with "?" back.
Also does anyone else see this errors?
Found the same error here:
https://dnntracker.atlassian.net/browse/DNN-9581
It is fixed in dnn 9.2
So I just spent the past hour trying to figure this out, and had to do a lot of cleanup on one of my DNN instances where it was occurring, but once I got all the cleanup done I think it comes down to this.
You're logged in with a Host/SuperUser account correct?
If you login as ANY other user, one of the Users in the Portal, it works correctly?
I ended up having to fix my "profile" page, the site was referencing skins that didn't exist anymore on the profile page, then containers that didn't exist. Once I cleaned all that up, I was able to navigate to the profile page, click on Edit profile, and once I edited the profile, I uploaded a new avatar for the HOST user and was able to get the image to render properly.
I think the issue has something to do with HOST accounts and either referencing an image that isn't part of the current portal, OR HOST accounts and referencing a default image that doesn't exist due to it being a host account, instead of a standard user account.
So how to fix?
Try uploading a profile photo for your account on the current portal and see if that resolves.
currently i'm trying to implement the opauth plugin for cakephp found here using the facebook strategy at present. I've followed the instructions however when I attempt to login using my facebook account I am redirected to the login page. What I have noticed is that the authentication is occurring and successful using this->Auth->login($user) where $user is an array of the user's stored information, but on redirection, the login function of my UserController is called an I'm returned to the login page. Any ideas? Thanks in advance!
So I figured it out. Turns out its a config setting, I noticed it while staring at his commit comments on github. In the config of the plugin the default option for the callback transport was changed from session (losing the session was my issue) to post. The change can be seen here. After making that change to the config everything worked.
I'm working on some projects (all in CakePHP) and I found an issue. The problem is that when I'm logged in one system and I try to log into another one with SAME USERNAME, it logs me in to the second one and logs me out of the first one. The problem only appears when I try it with same user name. I have different Security.salt and Security.cipherSeed variables.
Can anyone help me ? Thank you very much
are you using the same Session Name in all your apps?
Edit:
What about the cookie name? Maybe you are using the same name and same domain, thus every time you login you rewrite the cookie. I would change the name of the cookie in every app.
Edit your core.php
Configure::write('Session.cookie', "app1");//app2, app3, etc
You can set session path for different project in AppContoller or UsersController
function beforeFilter() {
$this->Session->path = '/projectname/';
}
So, Each time session path will be different for different project and not conflict in Login process
I decided to write a personal blog engine on Google App Engine.
But I really do not like the idea of adding a login button somewhere. How can I still do admin things, i,e, post an article, delete a comment and etc, without a login button?
One ugly solution may be not showing the login button but still proviing the login url which you can type in manually to login. There is not much difference. I don't like this one.
Any one know some other ways around this? I've seen many blogs without the login button, how do they implement this?
UPDATE:
One offline solution may be using the remote_api provided by App Engine, that is somewhat applicable and I'm considering using it. But you always need the App Engine Toolkit to do it. So it might not be as portable as an online version in which case every thing you need is just a modern and the network connection.
You can restrict access to a specific resource of your application by using the login option in app.yaml handler definition:
- url: /admin
login: admin
script: admin.app
Then using the Users API you can easily check on your main page if the current user in is an admin, and decide to show or not a link to this protected resource:
if users.is_current_user_admin():
# render link to /admin