18.6. Modifying the PHP-Nuke Your_Account module

In this section we modify the PHP-Nuke Your Account module, one of the most central modules of PHP-Nuke. We show:

18.6.1. How to redirect users to the Homepage

Are you looking for a way to redirect a user to Home rather than Your Account when they login? Would you rather prefer them to go to Your Account only when they choose to and be automatically redirected to Home when they login? There is a simple way to accomplish this (see How to redirect users to the Homepage and Redirect login to home):

Find the following lines in function login() in the modules/Your_Account/index.php:

Header("Location: modules.php?name=Your_Account&op=userinfo&bypass=1&username=$username");

Change it to this:

Header("Location: index.php"); 

See Section 18.2.1 for the inverse procedure — but don't try both.

18.6.2. How to redirect Your Info to the Forums user profile

Figure 18-5. Your Info link in the User Preferences panel.

Your Info link in the User Preferences panel.

With the advent of phpBB forums in PHP-Nuke (starting from somewhere around v. 6.5), you not only have to cope with two administration panels, one for PHP-Nuke in general and one for the Forums in particular, your users can maintain their profile in two places too, from the Your Info link in the User Preference panel (Figure 18-5), as well as the Forums profile link in the Forums module (Figure 18-6).

Figure 18-6. Forum Profile link in the Forums module.

Forum Profile link in the Forums module.

The Your Info link has the URL

modules.php?name=Your_Account&op=edituser

and leads to a panel similar to the one of Figure 18-7.

Figure 18-7. User profile in Your Info.

User profile in Your Info.

The Profile link in the Forums module, on the other hand, has the URL

modules.php?name=Forums&file=profile&mode=editprofile

(optionally with the session ID parameter, sid, which is not shown here) and leads to the panel shown in Figure 18-8.

Both panels use the same database tables in the background, so it doesn't matter which one you use. This may be confortable for some, but also confusing for other users.

If your users find it confusing to use two different entry points for their personal information, you can modify the Your_Account module to redirect them to the Forum profile (Figure 18-8), even when they click on the Your Info link (Figure 18-5).

Figure 18-8. User profile in the Forums.

User profile in the Forums.

The Your Info link is output (“echoed”) in modules/Your_Account/navbar.php, in the following code block:

echo "<font class=\"content\">"
    ."<center><a href=\"modules.php?name=Your_Account&amp;op=edituser\">
      <img src=\"$menuimg\" border=\"0\" alt=\""._CHANGEYOURINFO.
     "\" title=\""._CHANGEYOURINFO."\"></a><br>"
    ."<a href=\"modules.php?name=Your_Account&amp;op=edituser\">"
    ._CHANGEYOURINFO."</a>"
    ."</center></font></td>";

To redirect the users to the Forum profile (Figure 18-8), you can change the above block to:

echo "<font class=\"content\">"
    ."<center><a href=\"modules.php?name=Forums&amp;file=profile&amp;mode=editprofile\">
      <img src=\"$menuimg\" border=\"0\" alt=\""._CHANGEYOURINFO.
     "\" title=\""._CHANGEYOURINFO."\"></a><br>"
    ."<a href=\"modules.php?name=Forums&amp;file=profile&amp;mode=editprofile\">"
    ._CHANGEYOURINFO."</a>"
    ."</center></font></td>";

As you can easily see, we have changed only the two links (one for the image and one for the text), the other lines are for your reference only.

Note

It is not necessary to compute the user's numeric ID and pass it on the URL through the u parameter - the mode=editprofile parameter on the URL will find the user automatically (but mode=viewprofile will not!).

But wait a minute! Is this really all we have to change? Is the Your Info link (Figure 18-5) the only one that leads a user to the profile screen of the Your_Info module (Figure 18-7)? How about the user name links in other modules, for example? Search for the string “op=edituser” and you will already find a ton of those links in various places (Newsletter, language files, Reviews...) And how about a new user? Will the new user registration screen be the one of Your_Account or the one of Forums?

Instead of chasing links in the code, there is a more elegant solution that will eliminate any attempt to bring a user to the Your Info profile at its very beginning! It is also a very good example of what type of control you can achieve over your PHP-Nuke, if you put your knowledge about the way a module works (see Chapter 21) into practice:

In modules/Your_Account/index.php find the lines:

case "edituser":
edituser();
break;

and replace them with:

case "edituser":
Header("Refresh: 0; url=modules.php?name=Forums&file=profile&mode=editprofile");
break;

This will take care of the “edit user” case. We need to do the same for the “new user” case too. Just replace

case "new_user":
new_user();
break;

with:

case "new_user":
Header("Refresh: 0; url=modules.php?name=Forums&file=profile&mode=register");
break;

The idea here is the following: instead of searching all code of all modules for links that point to the Your Info profile, we look at the parameters that such a link passes on the URL. A typical Your Info profile link is of the form:

modules.php?name=Your_Account&op=edituser

so the parameters it passes to the modules.php script are:

The second URL parameter, op, is checked at one single place in the code, in the switch statement of modules/Your_Account/index.php:

switch($op) {
    case "logout":
        logout();
        break;
    ...many other cases checked here, among them "edituser" and "new_user"
    
    default:
        main($user);
        break;
}

This is the one and only point of control for the actions taken by the Your_Account module. We make use of this fact and change the actions that are to be taken for the operations "edituser" and "new_user". We don't change the links, we change the actions that follow when the links are clicked.

This will make the Your Info profile practically inaccessible in your system and will present the Forums profile instead.

WarningMissing functionality in the Forums profile!
 

Bear in mind that, depending on the versions of PHP-Nuke and Forums, you may be missing some functionality in the Forums profile, that was present in the profile that was accessible through the Your Info link. This may include changing the fake email address, changing the subscription to the newsletter, or changing the extra info (Figure 12-1). However, this is planned to be corrected in the future.

18.6.3. How to redirect users to Login and back

We have already seen how to redirect users to the Login page (Section 18.2.1), to the Homepage (Section 18.6.1) and to the Forum profile from the Your Info profile (Section 18.6.2). Finally, it is time that we consider the general redirection problem:

You are using some module, say an eCommerce module like the Emporium Shopping Cart (Section 8.3.14), and at some point you need to ask the user to login (if not already done) to finish off the order. You would like to redirect the user to the Login screen (Figure 3-28), then bring him back where he was to continue.

This is already implemented in PHP-Nuke at some places, like the Private Messages part of the Your Account module: in the forums for example, if you aren't logged in, you see the link 'Log in to check your private messages', which when clicked on it, takes you to Your Account (address line becomes : http://www.yoursite.com/modules.php?name=Your_Account&redirect=privmsg&folder=inbox), and upon login in, you get taken back to PMs.

To accomplish this from an arbitrary module, that serves as the starting point for the redirection, open that module's code and find the place where the redirection has to happen. Initiate the redirection with the following two lines:

$redirect = $module_name;
<a href=\"modules.php?name=Your_Account&redirect=$redirect\">CLICK HERE TO LOGIN</a>

The value of $redirect is what you will key off in the next step. In this example we use the module name as the key that will point the way back, but you can use anything, as long as you know how to use it later, to trace your way back with the right link.

Now go to modules/Your_Account/index.php and look for the following code in the login() function:

if ($pm_login != "") {
            Header("Location: modules.php?name=Private_Messages&file=index&folder=inbox");
            exit;
            }

Add the following after it:

if ($redirect == "XXXXXXXXX"){
        Header("Location: modules.php?name=YYYYYYYYY");
        exit;
        }

where XXXXXXXXX is the value of $redirect from the first step and YYYYYYYY is the name of the module you want them dumped into after login.

You might think that we are done by now, but there is a caveat: the above will work as long as they log in correctly on the first try. If they make a mistake and have to try a second or more times, they will get dumped in Your Account, after they log in successfully, not in the module they came from. This is also true for the Private Messages example above.

To fix this, find the following code in Your_Account\index.php at the bottom of the login function.

} else {
   Header("Location: modules.php?name=$module_name&stop=1");
    }

and change it to:

} else {
     Header("Location: modules.php?name=$module_name&stop=1&redirect=$redirect");
    }

Then it will redirect even if they log in incorrectly the first time. See How to redirect.

18.6.4. How to disable registration

If you want to make registration of users impossible, you can apply a variation of the solution in Section 18.6.2: you can redirect the users to the main page (index.php) whenever they try to register (e.g. by clicking on some registration link). Note that just by deleting the registration links from the code (see Section 26.5 on how to find them), you still can't prevent a determined user from entering

http://www.yourdomain.com/modules.php?name=Your_Account&op=new_user

in the URL box of his browser by hand, thus triggering the “operation new_user” in PHP-Nuke. By this, it becomes clear that a real solution must at least change the behaviour of PHP-Nuke for the value “new_user” of the op URL parameter.

Again, instead of chasing links in the code, there is a more elegant solution:

In modules/Your_Account/index.php find the lines:

case "new_user":
new_user();
break;

and replace them with:

case "new_user":
Header("Refresh: 0; url=index.php");
break;

This will only disable registration from the Your Account module (more accurately: it will redirect every registration attempt to the main index.php page).

To disable it in the Forums too, edit modules/Forums/profile.php. Find

else if ( $mode == 'editprofile' || $mode == 'register' )
{
        if ( !$userdata['session_logged_in'] && $mode == 'editprofile' )
        {
                $header_location = ( @preg_match("/Microsoft|WebSTAR|Xitami/",
                $_SERVER["SERVER_SOFTWARE"]) ) ? "Refresh: 0; URL=" : "Location: ";
                header($header_location .
                append_sid("login.$phpEx?redirect=profile.$phpEx&mode=editprofile", 
                true));
                exit;
        }
        include("includes/usercp_register.php");
        exit;
}

and change it to something like:

else if ( $mode == 'editprofile' || $mode == 'register' )
{
        Header("Refresh: 0; url=index.php");
        exit;
}

i.e. we again redirect the user to the index.php page. See also How to disable registration.

TipIt's also possible without programming!
 

As so often in life, it all depends on what you want. You can of course achieve a similar effect, without any programming, if you make the Your Account module accessible to admins only, from the modules administration, in the administration panel.

If you want users to be registered directly, without confirmation mails, see Section 18.6.5. If you want to approve every user who applied for registration, you can use the Approve Membership module (see Section 8.3.4).

18.6.5. How to let users register immediately

When new users register, you may want them to be able to do so immediately, without having to wait for an email notification with an activation link.

CautionDo you trust your users?
 

If you let everyone post without being registered, you will not have *any* data as to who wrote that inflammatory, libellous, pornographic or whatever post in your forum that caught FBI's attention. Thus you should really trust your users not to abuse your system, if you plan to bypass email notification on registration.

You have two options, if you are not in the mood of programming it yourself :

  1. From the administration panel, Preferences, just choose that non-registered users are allowed to post. Then, from the modules and blocks administration panels, for each module or block you use, choose that all users are allowed to see it. That should come very close to what you want - that all users be able to use all parts of your site without registration.

  2. A module that allows the administrator to bypass email activation is NSN Your Account Tweak 650 3.0.2. According to the description, administrators can choose to bypass email activation. But the module offers a lot of other useful features around user management, see Section 8.3.3.

See also Authorization and avatars.

CautionDownload the right NSN Your Account Tweak version!
 

Be careful with the version you download from this module! The number 650, for example, indicates that it is only for PHP-Nuke 6.5. Use only the version that is in accordance with your installed PHP-Nuke version, otherwise you are guaranteed to mess up your installation completely.

See also the New User Auto Activation Hack and the Auto Registration Activation For Nuke v7.0. If you want to disable registration, see Section 18.6.4. If you want to approve every user who applied for registration, you can use the Approve Membership module (see Section 8.3.4).

18.6.6. How to approve users before registration

If you want to enforce the opposite of what is described in Section 18.6.5, i.e. be able to approve each and every user before he is allowed to register, then you should have a look at the Approve Membership module. See Section 8.3.4 and Authorize accounts for more details.

If you want users to be registered directly, without confirmation mails, see Section 18.6.5. If you want to disable registration, see Section 18.6.4.

18.6.7. How to register users through iBill

Theoretically, you could modify the Your Account module easily to accomodate for a registration through the iBill credit card option. You could proceed along the following lines (see Replacing registration with iBill credit card option):

The iBill system essentially works by users entering information into the iBill script. The script would then connect to the web server and create an account in an .htaccess file (Section 25.4) in the PHP-Nuke root directory. When a paid user account would expire, iBill's server could then remove the user account from the .htaccess file.

With iBill controlling the .htaccess file, there would be no need for a Registration option in PHP-Nuke. The only thing that would be needed would be to change the code in block-Login.php, perhaps replacing the Register link with a link to a static html page, where the iBill sign up scripts would do the trick. Or you could just put the iBill code in a block and remove the Register option.

There is no ready-made solution for this scenario yet, but the procedure outlined above points to the right direction.

18.6.8. How to change the maximum allowed length for user names

The standard maximum length for user names is 25 characters. If your users really pick up such long nicknames, they may break your blocks' layout, depending on your theme and resolution. This is because they may appear as authors of news articles etc. in headlines that appear in various blocks.

To prevent your users from using long user names, you must change the maximum allowed length in modules/Your_Account/index.php, in the function userCheck(). Find the line:

if (strlen($username) > 25) $stop = "<center>"._NICK2LONG."</center>";

and change the 25 to a lower length. A better programming style would be to define a constant for this and do the check against the constant.