I'm trying to set up a simple IT Helpdesk type thing (using database activity) on the front page of my school moodle site.
Two things, is there a way to allow guests to post entries into the database - I've tried to override permissions, not sure if I did it correctly - but didn't work.
Also, how can I alert our tech geek when a new entry is posted into the DB? Is there a subscribe feature like the forums?
Appreciate any help....
Chris
Guests are hardcodedly kicked out of the add entry page (around line 61, edit.php, 1.9.9):
if (!isloggedin() or isguest()) {
redirect('view.php?d='.$data->id);
}
There should be a patch for email notifications which you should be able to find in the tracker or a link to it down this forum.
hth
if (!isloggedin() or isguest()) {
redirect('view.php?d='.$data->id);
}
There should be a patch for email notifications which you should be able to find in the tracker or a link to it down this forum.
hth
Thanks Itamar,
Not sure I completely understand - are you saying this code can be modified? I will have a play around this weekend, maybe I can work it out.
Found the tracker patch here: http://216.40.255.50/browse/MDL-8377
Cheers
Not sure I completely understand - are you saying this code can be modified? I will have a play around this weekend, maybe I can work it out.
Found the tracker patch here: http://216.40.255.50/browse/MDL-8377
Cheers
It sounds like it is related to MDL-19852 which was marked as not being fixed. I did however provide a patch in the tracker as I had a site that wanted to allow guests to add entries. There is a security concern about robots or others maliciously trying to fill up your servers disk with garbage entries although that could be handled by putting a quota on that particular folder. In any case, feel free to use the patch at your own risk. Personally I think there should be an option for guests to add to the database but it should be a deliberate exception and require a capabilities override. In any case, perhaps it is an issue that should be revisited. Peace - Anthony
I'm just catching-up with Forum posts...
This is interesting - Anthony the Questionnaire module allows Guests to add content on the front page. Are you suggesting this has the same security issues?
Guests being able to complete a form / questionnaire / feedback / database is a truly useful option for many Moodle sites out there
Stuart - As I recall, questionnaire does not have an option to upload a file (which the database activity module does); however, without the use of captcha or something similar to ensure a human response it would be possible for an automated script to just fill out questionnaire after questionnaire and fill the questionnaire table with data. In the tracker, I had requested that the database activity module allow guests to input. I believe there is now an option for logging guest activity. All of these, in my opinion, are movements toward giving guests greater freedom. Because of the security risk, I think it should be disabled by default via capabilities; however, if overridden by the site admin, with the appropriate warning, I think the code should behave as one would expect by allowing guests to add entries to the database activity module. I wrote a patch for one client so that they could do this and recommended that a quota on the file system level be setup so that if a script were to upload a bunch of files it would not fill the drive and cause problems to the rest of the site. Does that make sense and/or help clarify things? Peace - Anthony
Hi Anthony
Yes, I think that's a great answer - helpful to anyone who reads through this post
Yes Guest tracking is going to be useful for some sites for sure. I hadn't thought about the file upload option in the database being open, because I didn't think a Bot could upload a file(?) just fill in fields. As you say, Captcha is an important process to use.
I think one of the key things from this discussion is that as Feedback + Questionnaire are essential going to be combined, that the resultant module does allow Guest input as it does right now
Stuart - Yes, I agree that having the ability for guests to be able to participate in database, feedback, questionnaire, and the new and improved survey activity module combining feedback and questionnaire is important given the appropriate awareness about how these might be used by spammers or others with malicious intent to be less than constructive and a reasonable plan to prevent those abuses. My hope is that with the new file handling that we can better manage the risk for the database activity module. In the tracker, Petr had come down on the side that it simply should not be allowed for the database but I'm hopeful that this can be re-evaluated. Peace - Anthony