next »

[paulvallance]

How can I allow an anonymous user to search a calendar for an event without allowing them to view the calendar. For example a company might want to let customers know if they are available on a particular date without letting the user see just how busy or quiet their business is

[DanO]

** a company might want to let customers know if they are available on a particular date without letting the user see just how busy or quiet their business is **

Its pretty simple to pull up most of a calendar's events using a search. I wouldn't think limiting other's access to just the search would produce any kind of obstacle at all.

But if you want to proceed with a futile exercise, you could set up a conditional as to whether a person was logged in or not. If not, make the default 'view' for the calendar "Search". See what the query string below does on your own calendar.

cgi-bin/calendar.pl?view=Search

You'd also have to negate printing of the menu links at the side of the page but that too is easy to get around for anyone familiar with CalendarScript.

Alternately you could conditionally exclude most of the if/elsif blocks at the top of that template so that only the if ($VIEW eq "Search") clause is executed. That would make it slightly more difficult to see most of the calendar's events (but see point #1).

Dan O.

[This message has been edited by DanO (edited December 05, 2003).]

[paulvallance]

thanks,

have set the default view to cgi-bin/calendar.pl?view=Search but anyone can see the calendar by modifying the URL to cgi-bin/calendar.pl. Can You hide the URL when an anonymous user accesses the URL ? this would help.

regards

Paul

------------------

[DanO]

** anyone can see the calendar by modifying the URL to cgi-bin/calendar.pl. **

That's what I said.

** Can You hide the URL when an anonymous user accesses the URL? **

If you displayed it in a frame but that wouldn't stop anyone that knew what they were doing.

If you used the alternate suggestion that I posted, there would no need to use the ?view=Search query string on the URL and the user modifying the URL would have no effect either.

But as I said, it's pretty simple to pull up most of a calendar's events just using the search feature so what you're proposing is no solution to security IMO.

Dan O.

------------------

[paulvallance]

Hi,

If I remove all the if else clauses then what happens when the administrator logs in ? The Administrator needs to see the full calendar and all the anonymous user shoud be able to do is a search to see if a particular day is free of an event. Can the Admin be set up to view a different template to the anonymous user.

Apologies for all the questions.. i don't find the documentation very helpful

thanks for your help

Paul

------------------

[DanO]

** Can the Admin be set up to view a different template to the anonymous user. **

Not to my knowledge. You can however exclude/include different parts of the template code depending on different conditions like for example if the Administrator is the current user or just if the user is actually logged in or not (among a plethora of other possibilities).

** If I remove all the if else clauses **

I did say "Alternately you could conditionally exclude most of the if/elsif blocks", the key phase being conditionally.

If you changed the first if statement:

if ($VIEW eq "Month") { &getEvents( { 'range'=>'month' , 'month'=>$MONTH } ); }

to:

if ($User->{username} eq "anonymous") { # meaning not logged in
$db = $main:    BEvents;
# Keep form values to populate form fields
foreach (keys %in) {$name = $_; if ($name =~ s/^FIELD_//) { $search_params->{$name} = $in{$_}; } }
$VIEW = "Search";
}
elsif ($VIEW eq "Month") { &getEvents( { 'range'=>'month' , 'month'=>$MONTH } ); }

It would do the search thing for anyone not logged in.

Dan O.

------------------
BTW. the code
$main:  BEvents;
should be
$main : : D B E v e n t s ;
without any spaces between the characters.
------------------

[This message has been edited by DanO (edited December 06, 2003).]