privacy issues
-
Hello Friends,
I have been testing buddpress module. And want to discuss with ppl issue like privacy.
A person surfing on site can see users profile ok this is some what understood but a person can see users birthdate, wire, friends etc.
There has to be features by which user will decide what is to be private and what is to be public. There has to be roles like anonymous, logged in user, friend now this is for profile.
As far my knowledge for anonymous user only restriction is not to insert content other that all site is visible for him/her.
I have seen roadmap for bp core functionality privacy is there. May be bp guys are going to have these ideas too for user profiles.
-
The first version of BuddyPress is for open networks, there won’t be any real privacy settings.
Once we have a 1.0 release, then the plan is to work on a generic privacy component that will introduce privacy levels across an install.
I am very much interested to see it working. But yes things comes step by step. It will rock surly.
I did a simple check of $current_user to restrict access to the profiles while waiting for privacy options to be included in BP.
gr8. but i am sure it will be there with gr8 flexibility to the user. we have to wait for that mean while we can u urs patch. thanks and keep digging.
Did you put it on the index.php of every single page Ron? What syntax did you use? I was thinking about just putting the if_logged_in argument, but is $current_user better to use?
Trent
I did
if($current_user->ID) {
in header.php . I have my own widgets as well that the output depends on whether the user is logged in and whether they are looking at a blog, profile, group, etc.You should able to use is_user_logged_in(). I chose not to because every function call chews a few cycle putting data on the stack and taking it back off and I already have alot of custom code running that I’m trying to keep as slim as possible.
Thanks Ron. I will try that out and see what goes on. Did you put ending tags in footer.php then?
Trent
Yes and no. Throughout the template files output is based on whether the user is logged in or not. So there are some things that do get shown, mainly profile info is not. So, all my tags are closed, but not particularly in the footer
I’ve not tested it extensively yet, but this plugin:
http://wpmudev.org/project/More-Privacy-Options
seems to allow the blocking of all users, except the registered community, from viewing anything related to buddypress.
If I set “I would like my blog to be visible only to registered users from blog community” for the main/first blog where all the buddypress features sit, then you have to login before being able to see anything except for blogs, which have their own privacy options.
Is it really this simple to create a private social networking community but allow the blog privacy to remain under the control of the blog owner? I hope so. Perhaps someone can test and verify this?
Thanks.
Josswinn, I do this now. You can use that plugin or in another thread I made reference to another one that works out of the /plugins/ folder for people to lock down their blogs. Members Only or something like that. Works well.
Trent
Could you please point me to that thread (the plugin working out of /plugin/)?
That’s very reassuring that you’re using dsaders privacy plugin, too. Nice to see such a simple solution already exists to provide private BuddyPress communities while not affecting the privacy of individual’s blogs. In education, I can see this being very attractive. Hopefully Andy is aware of this for future core feature development.
thanks trent
I’ve just posted this to the WPMU forums, but it’s just as relevant here: Regarding dsader’s more privacy options plugin…
“I’m testing this plugin on a WPMU 2.7 and BuddyPress (both from SVN) installation. It can turn BuddyPress into a private social network quite simply by making the main/first blog private. However, there’s one issue I can see:
the ../activity/feed RSS feed is private when the ‘main’ blog is private.
But, member’s activity feeds i.e. ../members/josswinn/activity/feed remains public.
Any way to fix this? I appreciate that the plugin wasn’t written to support BuddyPress, but it’s so close to working well on BuddyPress that it would be good to look at this and provide a way to create truely close BuddyPress networks.
Thanks!”
I’ve since found that this is happening to me on a site installed in a sub-dir but not on an install using wildcard DNS/sub-domain. Can anyone verify this?
I am sure dsader can fix it without much effort. I opted generally to go with the plugin I have referenced before called “Members Only” on my smallest install which is just for family. Reason I went with this plugin over dsaders was both the RSS feeds as well as the ability to have the blogs you want still being “public” in their settings, but still members only.
What that means is the main WPMU blog can be private and only accessible to logged in members. If blog 1 is public, it shows in the main sitewide feeds. If blog 2 is private to members only, I can still set it as “public access” in the privacy options, but the “members only” plugin will not allow viewing without logging in, but the blog posts will still show in the main WPMU blog widgets.
Not the best solution for larger sites, but I am assuming that when Andy has a chance to implement the privacy options into buddypress, this will be a moot issue at some point.
Just some additional thoughts.
Trent
Ok…figured it out for dsader’s plugin. Just needs priority added to it. Check out this post in WPMU forums, but basically add priority to the template_redirects like:
add_action('template_redirect', 'ds_users_authenticator', 1);
add_action('template_redirect', 'ds_members_authenticator', 1);
add_action('template_redirect', 'ds_admins_authenticator', 1);
Just adding the “1” for priority makes it go before Andy’s changes. All those lines are near the top of the plugin.
Trent
Hmmm, now the BuddyPress activity feeds are being publicly exposed even when the blog is marked as for ‘registered members of the community’ on a wildcard DNS install. Anyone else noticed this? It’s happening with both dsader’s plugin and the members-only plugin.
I’m sure this was fixed a few days ago. So now /activity/feed/ and /members/joss/feed/ etc. are all publicly exposed even when the main blog is set as ‘registered community only’.
Hiya, here’s what I’m trying. I’d like to password protect my entire BuddyPress install with one username and password (I’ll change it from time to time).
Here’s BuddyPress’s htaccess file
RewriteEngine On
RewriteBase /community/
#uploaded files
RewriteRule ^(.*/)?files/$ index.php [L]
RewriteCond %{REQUEST_URI} !.*wp-content/plugins.*
RewriteRule ^(.*/)?files/(.*) wp-content/blogs.php?file=$2 [L]
# add a trailing slash to /wp-admin
RewriteCond %{REQUEST_URI} ^.*/wp-admin$
RewriteRule ^(.+)$ $1/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule . – [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-.*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]
<IfModule mod_security.c>
<Files async-upload.php>
SecFilterEngine Off
SecFilterScanPOST Off
</Files>
</IfModule>
To which I tried to add:
AuthType Basic
AuthUserFile /home/username/sitename.org/subdirectory/.htpasswd
AuthName “Community Name”
require valid-user
and I made a .htpasswd file too.
Possibly because I installed into a subdirectory of an exising WP install, it winds up going to sitename.org and nothing is protected.
I will try the whole thing in subdomain.domain.org to see if I can get the htaccess stuff to work.
So, can anyone point out how I can just password protect the whole BuddyPress site with one username and password?
Possibly some people subscribed to this topic would like to know that i modified my access restriction plugin and now it works with buddypress 1.2.
Please try
https://wordpress.org/extend/plugins/registered-users-only-2/
- The topic ‘privacy issues’ is closed to new replies.