Hi everyone,
I'm working on setting up email for userspice. In the /users/email_settings.php page, I'm getting the "Mail Error" error when I test my email settings in /users/email_test.php. I'm wondering what could be the cause for this error? I use a company internal server and tried both TLS and SSL but neither works.
Thank you very much!
Best,
Angel
Hi Mudmin,
Thank you so much for your reply! I later found the cause and solved the problem. I'm not sure if there is any change that I made to the program that causes the error, but I see that in mysql databse, the "transport" column under "email" table is storing "TLS" or "SSL" in lower case. Because of this, in the users/helpers/helpers.php file, at around line 120:
$mail->SMTPSecure = $smtp_transport;
This $mail -> SMTPSecure variable is getting lower case "tls" instead of upper case "TLS". I changed this line to be:
$mail->SMTPSecure = strtoupper($smtp_transport);
Then the problem is gone.
I don't no if it is a bug or it is caused by some changes I made after I downloaded UserSpice. But I think it might be helpful to post the cause of my problem here so that other people doesn't get the same error.
And....one more question if you don't mind, right now userspice is redirecting users to their account page if they are trying to access a page that they don't have access to. I'm trying to add a "Sorry you don't have access" page and have the program redirect the user to this page when they don't have access. I already have this page written (just a very simple page with one line of message), but wasn't able to find where to replace the "account.php" to my "no_access_notice.php". Based on your expertise, what would you recommend to do?
Thanks a lotttt!
Angel
For the email issue, I'm surprised that's an issue, but I will take a look and see if it has an impact on PHPMailer, the SMTP library we are using.
There have been a few requests around what UserSpice should do when the user doesn't have permissions. I think we'll need to have a separate discussion about that to solicit some of the possible behaviors that should be implemented.
If you wanted to make you're own change temporarily, you can go to users/helpers/us_helpers.php and go to the securePage function and look for this block of code.
//Check if user's permission levels allow access to page
if (checkPermission($pagePermissions)){
return true;
}elseif ($user->data()->id == $master_account){ //Grant access if master user
return true;
}else {
Redirect::to("index.php");
return false;
}
Change the "Redirect::to("index.php"); and point it to your page with something like Redirect::to($us_url_root."path_to_file");
Or another option I'm thinking about is that, when user don't have access to the page, we still redirect them to their account page, but meanwhile pops up an alert box saying "Unauthorized to access.". But still, where do you think is the proper place in the code to add this alert box?
Thank you so much for all your efforts in developing and supporting UserSpice!
Angel
Hi Brian,
Thanks for your prompt reply! I just tried it out and it works perfectly. I really appreciate your help.
Have a nice day!
Angel
Oh, and I should actually clarify, when a user does not have access, the present redirect sends them to "index.php" but depending on the context of the call, that could either be /index.php or users/index.php. However, users/index.php is where if the user is logged in, it sends them to the account.php page, and if not logged in, sends them to the login page.
All that being said, in your case, you want an "Access Denied" message when a user IS logged in, but does not have access...I like that and I think we can improve things there.
Regarding an alert that pops up, that is an alternative to a page...I like that too, so we will certainly keep that in mind for UserSpice 5. As for US 4.1.x, I can talk to @mudmin and see what he thinks about providing that in either 4.2 or in a 4.1.x release.
Yeah that would be perfect. I just tried the alert box idea. I wrote a file called "no_access_notice_1.php" which looks like this:
<script>
alert("Unauthorized to access.");
location.href = "account.php";
</script>
And in users/helpers/us_helpers.php around line 415 I changed the code to be:
Redirect::to("no_access_notice_1.php");
So right now my page pops an alert box saying "unauthorized to access" and then redirects the user to account.php.
with the alert box idea what happens when a savvy user right clicks > view source ? redirect i think would be more secure
