• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Setting up groups correctly...

discoian

Active member
#1
I think I need some guidance, on IPB this is easy, i'm sure it is on XF as well but i'm just not seeing the light.

Currently, we run our XF as a private community. We don't accept registrations, members are invited and pay to join.

Currently I have 4 member groups, guest, member, staff and admin. We sign each new member up manually (we can't do it through XF as it doesn't yet support custom fields and we take a lot of info) and they get added to the "Guest" group. We use the user upgrades system inside XF to put the member into an additional user group upon payment. Currently it all works fine but it's not exactly how I want it.

I want the forum to be truly private, i.e. you can't see anything unless you're a member and logged in.

If I set the View/View Node group permission to "never" then no-one can get on the forum as pretty much everyone's primary user group is "Guest". If I set this permission to "Not Set (No)" then none of the guests prior to their user upgrade can see the forum.

As the forum is private I don't want anyone to see any element of it, i.e. member lists, help sections, nothing, just a message that says "sorry you need to be a member".

Any ideas?
 

Jake Bunce

XenForo moderator
Staff member
#2
If we are talking about "correctness" then the Unregistered / Unconfirmed group (user_group_id 1) should not be used directly. That group defines the permissions for guests and pending registrations, but users are never directly assigned to that group. New registrations are assigned to Registered (user_group_id 2).

And you should use Not Set (No), not Never. See this thread:

http://xenforo.com/community/threads/understanding-permissions.5830/
 

James

Well-known member
#3
Set up usergroup ID 2 to not set (no) for everything, then build on that.

You may need to use a conditional in some areas that the permission doesn't cover (i.e. help section), the conditional is:
Code:
<xen:if is="{xen:helper ismemberof, $visitor, 2}">
//code
</xen:if>
 

discoian

Active member
#4
Ok so we need to create an additional user group for new signups...ok, that's fine, it only affects around 40 users so that's not a problem...
 

James

Well-known member
#5
All of your sign ups should go in the Registered group and then promoted to another usergroup (such as Premium Members) using the User Upgrades system.
 

Ingenious

Well-known member
#7
I agree with James, and I think there is some confusion about the use of the word "guest" and "registered" here. If I'm reading right, you need your members to register themselves, but still remain "guests" until they pay.

So once you have set up the unregistered permissions so you're happy it stops people viewing stuff (who have neither registered nor paid), you then want them to register, at which point they go into the default XenForo registered user group. So just set the permissions of that equally low (or copy the unregistered permissions) so even though they are registered, they don't see anything. Then as James says create an additional usergroup which you promote paying users into, that gives them access.
 

Ingenious

Well-known member
#8
BTW an alternative (which is how I used to run my forum when it was members only) is to protect the whole forum area with .htaccess and use a membership processing script to deal with registration and payment. The disadvantage is that members still need to register in the forum afterwards if they want to post (but at least you know everyone who registers in the forum has already paid, otherwise they wouldn't be able to get that far!), the advantage is you can protect other content too, such as video, pictures etc, and it is independent of the forum.
 

Ingenious

Well-known member
#10
Scripts like AMember (there's actually quite a few, if you look for membership management scripts on resource sites like PHP resource: http://php.resourceindex.com/Complete_Scripts/User_Management/ ).

Some of these use a PHP template to do the login stuff, which isn't a lot of good unless it integrates with the forum, or if you simply want to protect a whole directory of content like files, but a lot simply modify the .htpasswd files with the relevant username and password.