1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.5 "Archiving" a site

Discussion in 'XenForo Questions and Support' started by Sim, May 6, 2016.

  1. Sim

    Sim Well-Known Member

    We have an old forum which we are "archiving" meaning it will become read-only.

    I want the site to remain online with all user data in place, but I don't want anyone (other than the administrators) to be able to log in.

    Is there a way I can prevent a set of users from actually logging in to their accounts without doing any development?

    I'm thinking I might have to write a small plugin to disable logging in for anyone other than the admin usergroup - but was hoping there was a nicer way to achieve the same thing without programming.

    Anyone have any suggestions on what else I should consider doing as part of the archival process?

    I had considered replacing all of the user passwords just in case - but I'll also need to ensure that nobody is able to reset them using the password reset facilities.

    Anything else I should consider?
     
  2. Mr Lucky

    Mr Lucky Well-Known Member

    I would not change passwords it will just frustrate people.

    I would just change users permissions, remove the login link and put up a notice that the forum is read only
     
  3. Mouth

    Mouth Well-Known Member

    Yup, this.
     
  4. Sim

    Sim Well-Known Member

    If they can't log in, changing passwords wouldn't annoy them? :p

    Actually, I'm more thinking defensively in case the site is ever hacked - I don't want credentials to be usable. None of the users will be able to use them anyway, so I don't see any reason not to remove that risk.

    I actually don't want them to be able to log in at all. I had considered making a static version of the site, but then I'd still have to code a solution to deal with redirecting URLs, so I figured it was easier to leave the forum in place and I can take advantage of the search index and such.

    FYI - this site has actually be in a semi-archived state for over 10 months now, currently running on vBulletin 3.8.x ... I'm in the process of migrating it to XenForo because I've already seen hack attempts in the logs and I don't want to leave it vulnerable - the intention is to have the site operating in archive mode indefinitely, it's still an extremely valuable resource / knowledgebase.
     
  5. Steve F

    Steve F Well-Known Member

    The login page would still be accessible and some users could possibly have it bookmarked.

    Just use permissions to limit everything. No profile posts, remove the ability to reply or create threads...ect. Pretty much everything is controlled with permissions.
     
  6. Sim

    Sim Well-Known Member

    I actually want to stop people logging in completely - for security reasons mostly.

    Looking at the code, I think I'll just extend the User model and write my own validateAuthentication function which only allows users in the admin group to successfully login and for everyone else, return a meaningful error message explaining why.

    Users already know this is coming (we migrated to a new site 10 months ago) - generally nobody logs into this existing site, so there's nobody to annoy.

    If I don't enable social media logins, is there any other way people might be able to log on to a site that doesn't go through XenForo_Model_user->validateAuthentication(...) ?
     
  7. Mr Lucky

    Mr Lucky Well-Known Member

    If admin only need to login occasionally, a very simple cheap and cheerful solution may be to hide and redirect the login page (with a notice to avoid the frustration)
     
  8. Sim

    Sim Well-Known Member

    Yeah, except there's two of us who live about 2,000km apart who both need to be able to log in occasionally :rolleyes:

    I ended up resetting all user passwords to use the XenForo_Authentication_NoPassword auth scheme (only the admin users now have a valid password).

    I also modified the user model to respond with a more meaningful error message to users (who aren't the admin) trying to log in.

    I reset the remember_key too, so no cookie logins either.
     

Share This Page