Content last modified Monday 6 March 2017
hop to #bottom
Categories:
Author:
About It:
Rate it:
  • Helpful?
  • 0 Yes
  • 0 No
Flag it:

If you'd like to provide updated information and do not have access to directly edit, please contact the site admin; thanks!

Hiding the Authors List

So it came to my attention that, even though only Managing Editors and Publishers (Textpattern privilege assignments) are given access to the ‘admin’ tab in the Administration Panel, anyone who is logged in can access the ‘site admin’ screen if they point their browser to ?event=admin
e.g. http://goodgrape.net/textpattern/?event=admin

This means two things:

  1. users are able to change their own passwords by visiting that link — this is good
  2. any user is able to access the full list of registered users, including their real names and email addresses — this is possibly bad

Perhaps you don’t mind having the names and email addresses exposed. But in case you do, here’s how to hide that list from view:

  1. Open the txp_admin file:
    /textpattern/include/txp_admin.php

  2. find the following code (the line number is approximately 210, but it may be different with your file/your text editor):

    	function author_list() 
    	{
    		global $myprivs;
    +		if ($myprivs != 1) return;
    		$out[] = hed(gTxt('authors'),3,' align="center"');
    		$out[] = startTable('list');
    
  3. Add the line with the + sign in front of it, in the context shown above. (Remove the plus sign from your actual code, though.)

And there you have it. Users will still be able to access the page to change their password, but your list of authors will now be restricted for viewing only by those with regular admin access.

thanks to Manfre for this

Article Request Count:
Initially released:
2004-11-26
Posted here:
26 Nov 2004
Article modified:
25 Jan 2008

Comments/questions? Leave a message in the form.

Your comment will NOT be submitted until you click the 'Submit' button on the next pageload.

Commented (2)

Is this “fixed” in TXP 4.0?
Symptom is still existing in TXP 4.0.3. :( Would prefer to have the ability o change one’s own password located somewhere else than in “site admin” because:

* once you loaded ?event=admin you see the entire admin tab row
* whereas most of the tabs simply display “restricted access” (or similar) you are still able to access the “logs” tab and see all the logs (if activated) [need to have a look for a similar solution]
* I do not want to see the user more than he actually need to do his job porperly (trying not to confuse her), TXP has a learning curve steep enough already…
... waiting for a fix …

Subscribe to this article's comments RSS feed. [ ? ]   View Recent Comments across the site.

You know you want to visit the Archives.

Browse

Categories


Articles

There are also tag clouds, 'cause those are fun.
Published with Textpattern