New Posting Features - QHSF Private Thread

Private Threads

This hack has been ported to vBulletin 3.7.2 from the vBulletin 3.5.4 version with permission granted by:

Quote:

Originally Posted by Eikinskjaldi

Quote:

Hi there,

Feel free to release it

This hack starts from this thread Completely Private Thread and this thread vBPrivate Thread

This private thread mod allow administrators allow a certain forum to have this feature on or off.

With this modification members can create threads that are useful for private conversations. Here are the basic options

• Allow Selected Users To View and Prevent Others from viewing.
• Allow Selected Usergroup To View and Prevent Others from viewing.
• Prevent Selected Users From viewing.

Hack Overview:

• Products: 1
  • 2 Queries
  • 15 Phrases
  • More than 15 Plugins
• File Edits: 1
• File Uploaded: 2
• Template Added: 4
• Estimated Install time: Under 5 minutes

vbadvanced cmps support: (3.0.x)

• Block Content From Private Thread From Displaying In News Module
• Block Content From Private Thread From Previewing In Recent Thread Module

Note : To make the message of a private thread less offensive, I use the invalid thread link

Install Instruction:

Upload :

• functions_privatethread.php to your includes folder
• hooks_privatethread.xml to your includes/xml folder

Edit :

• Open archive/index.php

Find

PHP Code:

else
{
    $globalignore = '';
} 


add under

PHP Code:


($hook = vBulletinHook::fetch_hook('privatethread_archiveindex')) ? eval($hook) : false; 


Install the product using your Plugin & Products System
Edit your forum information to turn private thread option on/off

Bug Fixed :

VBPhrase Tranlation:

Please post your comments, suggestions, ideas for this product. I will read all posts.

Make sure you click INSTALL!
You will be contacted when a new version is released.

[gmerin]

Quote:

Originally Posted by btotw

I kinda agree. To me, its not even "Not Quite Private Threads." Its more like "Deny Post Viewing For Certain Users or Groups."

@The author: Dont get me wrong, the hack itself is excellent...I simply feel that its misnamed.

For example, a private message cant be seen by anyone at all except for those whom its intended for. Thus i think that a private THREAD should be 100% invisible if you arent part of the usergroup(s)/ person(s) who are allowed to see it...

It should be like ts not even there. If I start a private thread as an admin, I should be able to see it...but if I log in as a regualr user, it should be as it it doesnt exist at ALL...

Again, just my two cents. Its partially there by disallowing the viewing of the conversation in question. If it were to be taken to that last step? It'd be killer...

and if the denied users or groups really want to see what they're begin denied they only have to go to the thread creator's public profile and look at all posts by user to read everything in the thread. it's kind of like when children make something invisible by covering their eyes

other than that little issue, the hack is beautiful and my users value it so much that they are willing to lose the searching facilities of VB in order to maintain the security of the hack.

[Rene Kriest]

Hello folks!

I am finally back after some testing and I also had a look at the source code of this addon aswell.

To make it short:

1. This addon is save only under certain additional conditions which need to be set by an admin
   
2. The addon has no flaws

Kinda paradoxical, or? But read on!

Here are now the results of my investigations regarding the so-called security flaws

The "search postings" issue is a flaw but not of the addon but of the cache.
You need to rebuild your search index cache to make the addon work 100%. After rebuilding there will be a message in the search posting preview "This is message from private thread". Technically the addon is flawless - the problem is the forum search cache.

How to fix that issue

• Rebuild your cache often via cron
• Allow the addon only in certain forums which aren't searchable
• Allow the addon only in certain forums which are restricted to certain usergroups only, but take care: then the problem applies to the members of the usergroup itself if you do not alter the search rules to the forum
• Turn of "posting preview" or reduce the number of letters (standard: 200, to be found in search.php)
• Use a spoiler to at least 200 letters for each posting

My suggestions
Use the addon only in forums where the search function is put off or at least restricted to titles only.

Rebuildung your Search Index Cache somehow sucks, because of the time gaps and the huge server load it creates.

[murekhalir]

So does this mod still work.

Does it really create thread privacy or are there loopholes?

[gmerin]

Quote:

Originally Posted by murekhalir

So does this mod still work.

Does it really create thread privacy or are there loopholes?

If I'm reading Rene correctly the mod does create fully private threads if you limit it to forums that are not searchable, and if you rebuild your search cache often.

Unfortunately constantly rebuilding the search cache is not realistic due to the time and server resources required.

So this leaves us with the option of shutting off the search function on the board or limiting the mod to forums which have the search function disabled.

I have no problem with exchanging the search functionality for the private threads.

I am indifferent as to where the fault lies: I prefer to fix the flaws than to affix the blame. Whether you want to say the mod is flawed or the caching algorithm of VB is flawed, is immaterial to me.

I do believe the limitations and implicit requirements should be noted prominently in the mod's documentation so that admins are forewarned, rather than finding out about it after one of your members realizes that she posted info about her adulterous affairs in a private thread that wasn't all that private...

[Phornixx]

Can't find the ON/OFF Switch!!!

What does Admin Panel/Forum Rights/?

There is no such option in the Admin CP

Thanks!

[gmerin]

Quote:

Originally Posted by Phornixx

Can't find the ON/OFF Switch!!!

What does Admin Panel/Forum Rights/?

There is no such option in the Admin CP

Thanks!

go into the Admin CP -> Forums & Moderators -> Forum Manager

expand the forums and permission each in the Enable / Disable Private Thread Option towards the bottom.

[btotw]

Quote:

Originally Posted by gmerin

and if the denied users or groups really want to see what they're begin denied they only have to go to the thread creator's public profile and look at all posts by user to read everything in the thread. it's kind of like when children make something invisible by covering their eyes

other than that little issue, the hack is beautiful and my users value it so much that they are willing to lose the searching facilities of VB in order to maintain the security of the hack.

I understand your point.

Understand mine.

My point is that the hack is GREAT. But it should be called "Private POSTS" instead of "Private Thread"

[Birched]

There is a plugin that is disabled by default:
Private Threads: Get Private/Restricted Users showthread_complete
What does that one do? Why is it disabled?

Also -- do you know how the mod interacts with mysql fulltext search? Does it still have the same problems?

Also -- is it still set up for admin only to be able to 'private' things?

It's an excellent mod -- I used the older version (long ago) and found them useful for our boards. Thanks for putting it together (it's BIG!) and thanks for supporting it.

One comment: I am running a huge board with many forums. It would be great if the admin controls had a setting that would propagate through child forums.

[Birched]

BUG: Edit (AJAX) of the first post of a thread results in the loss of the private flag for the thread.

[buro9]

A question, does this work with VB4?

Has anyone tested it?