Hi,

I run the version 7 forum because of te many ways of givving right to users, gooubs and forums. But in B3 and B4 Everyone can access all the topics by rightcliking te printeble version and cut and paste the link.

like this: http://forums.webwiz.net/printer_friendly_posts.asp?FID=1&TID=1 - http://forums.webwiz.net/printer_friendly_posts.asp?FID=1&TID=1

Just put a number in TID=1 of 2 or 190
and without logining in you can read every topic even the privite group only accessebles

I think some extra testing for permisions in the printer_friendly_post.asp or even a check for the corect page calling this page wil do.

JHH

changed B7 -> B4 (typo)

I will look into this.

Replace the ASP code in the printer_friendly_posts.asp from underneth the functions with the following:-

'Dimension variables
Dim rsForumPerm   'Holds the forum permisisons to be checked
Dim strForumName  'Holds the forum name
Dim strForumDescription  'Holds the description of the forum
Dim lngTopicID   'Holds the topic number
Dim strSubject   'Holds the topic subject
Dim strUsername   'Holds the Username of the thread
Dim dtmTopicDate  'Holds the date the thread was made
Dim strMessage   'Holds the message body of the thread
Dim intForumID   'Holds the ID number of the forum

'Initialise variables
lngTopicID = 0 

'Read in the Forum ID to display the Topics for
lngTopicID = CLng(Request.QueryString("TID"))

'If there no Topic ID then redirect the user to the main forum page
If lngTopicID = 0 Then

 'Clean up
 Set rsCommon = Nothing
 adoCon.Close
 Set adoCon = Nothing

 'Redirect
 Response.Redirect "default.asp"
End If

'Get the posts from the database

'Initalise the strSQL variable with an SQL statement to query the database get the thread details
strSQL = "SELECT " & strDbTable & "Forum.Forum_ID, " & strDbTable & "Thread.Message, " & strDbTable & "Thread.Message_date, " & strDbTable & "Thread.Show_signature, " & strDbTable & "Forum.Forum_name, " & strDbTable & "Forum.Forum_description, " & strDbTable & "Author.Username, " & strDbTable & "Author.Signature, " & strDbTable & "Topic.Subject "
strSQL = strSQL & "FROM (" & strDbTable & "Forum INNER JOIN " & strDbTable & "Topic ON " & strDbTable & "Forum.Forum_ID = " & strDbTable & "Topic.Forum_ID) INNER JOIN (" & strDbTable & "Author INNER JOIN " & strDbTable & "Thread ON " & strDbTable & "Author.Author_ID = " & strDbTable & "Thread.Author_ID) ON " & strDbTable & "Topic.Topic_ID = " & strDbTable & "Thread.Topic_ID "
strSQL = strSQL & "WHERE (((" & strDbTable & "Thread.Topic_ID)=" & lngTopicID & ")) "
strSQL = strSQL & "ORDER by " & strDbTable & "Thread.Message_Date ASC;"

'Query the database
rsCommon.Open strSQL, adoCon

'If there is no topic in the database then display the appropraite mesasage
If rsCommon.EOF Then
 'If there are no thread's to display then display the appropriate error message
 strSubject = strNoThreads

Else
 'Read in the thread subject
 strSubject = rsCommon("Subject")
 
 'Read in the forum ID to check if the user can view the post
 intForumID = rsCommon("Forum_ID")
End If

'Create a recordset to check if the user is allowe to view posts in this forum
Set rsForumPerm = Server.CreateObject("ADODB.Recordset")

'Read in the forum name and forum permssions from the database
'Initalise the strSQL variable with an SQL statement to query the database
If strDatabaseType = "SQLServer" Then
 strSQL = "EXECUTE " & strDbProc & "ForumsAllWhereForumIs @intForumID = " & intForumID
Else
 strSQL = "SELECT " & strDbTable & "Forum.* FROM " & strDbTable & "Forum WHERE " & strDbTable & "Forum.Forum_ID = " & intForumID & ";"
End If

'Query the database
rsForumPerm.Open strSQL, adoCon

'If there is a record returned by the recordset then check to see if you need a password to enter it
If NOT rsForumPerm.EOF Then

 'Check the user is welcome in this forum
 Call forumPermisisons(intForumID, intGroupID, CInt(rsForumPerm("Read")), CInt(rsForumPerm("Post")), CInt(rsForumPerm("Reply_posts")), CInt(rsForumPerm("Edit_posts")), CInt(rsForumPerm("Delete_posts")), 0, CInt(rsForumPerm("Poll_create")), CInt(rsForumPerm("Vote")), CInt(rsForumPerm("Attachments")), CInt(rsForumPerm("Image_upload")))

 'If the user has no read writes then kick them
 If blnRead = False Then

  'Reset Server Objects
  rsForumPerm.Close
  Set rsForumPerm = Nothing
  Set rsCommon = Nothing
  adoCon.Close
  Set adoCon = Nothing

  'Redirect to a page asking for the user to enter the forum password
  Response.Redirect "insufficient_permission.asp"
 End If

 'If the forum requires a password and a logged in forum code is not found on the users machine then send them to a login page
 If rsForumPerm("Password") <> "" AND Request.Cookies("PrForum")("Forum" & intForumID) <> rsForumPerm("Forum_code") Then

  'Reset Server Objects
  rsForumPerm.Close
  Set rsForumPerm = Nothing
  Set rsCommon = Nothing
  adoCon.Close
  Set adoCon = Nothing

  'Redirect to a page asking for the user to enter the forum password
  Response.Redirect "forum_password_form.asp?RP=PT&FID=" & intForumID & "&TID=" & lngTopicID
 End If
End If

Just wondering why the access rights check isn't an "include"

Oh, BoRg, I  just want to say:  Keep on going. But I wil stay at version 7B3, the new option make it more a real forum, and with the old one you got a great base for more uses than just a plain forum.  see also my posting at http://forums.webwiz.net/forum_posts.asp?TID=1353&PN=1 - http://forums.webwiz.net/forum_posts.asp?TID=1353&PN=1  

JHH