Forced anonymity doesn't work

[alexxis]

I encounter an issue, where a group with the enabled forced anonymity in its settings doesn't make the assigned user invisible. It only allows that user to incognito browsing other users' profiles. And that's it. In widgets, in the user's hoverCard and profileHeader he is still visible to Anyone with his nickname presented and with the Online status shown.

The user tried to log out and to log in again. Tested on a default theme without any modifications on the latest IPS version (4.6.12.1). Doesn't matter, whether it is a primary or secondary group. Tested as on users with several assigned groups (all other assigned groups were with the disallowed anonymity) and as on users with only one group (with the forced anonymity). We are using Redis.

Please help to check, what is going wrong.

[Jim M]

Could you please provide an example user who is encountering this? I can then take a look at your configuration to see what is happening here.

[alexxis]

On 6/10/2022 at 8:09 AM, Jim M said:

Could you please provide an example user who is encountering this? I can then take a look at your configuration to see what is happening here.

Hello,

I sent all the necessary information as a personal message to you three days ago.

[Marc Stridgen]

Sorry for the delay there, it seems something may have been missed. Could I ask, are you checking this as a member of admin?

[Nathan Explosion]

This appears to be quite easy to test and verify how it occurs (tried it on IPS 4.6.12.1)

For my testing, I've just used my own account as the Member and Administrator for ease, but here are the reproduction steps:

• Set the 'Can login anonymously?' setting for a group to 'Allowed'
• In a private window, login as a member of that group
• In a normal window, logged in as admin, view that members profile

Result: User is online now (as expected)

• As the member, go to /settings/account-security/ and click the 'Hide my online status' button
• As the admin, refresh the screen

Result: User is online anonymously (as expected)

• As the member, go to /settings/account-security/ and click the 'Show my online status' button
• As the admin, refresh the screen

Result: User is online now (as expected)

• Now, set the 'Can login anonymously?' setting for the group to 'Forced'
• As the member, refresh your screen or logout/login
• As the admin, refresh the screen

Result: User is online now (not expected)

It appears that the 'Forced' setting only works if the member has previously set their status as hidden prior to the 'Forced' being enabled.

 

 

Edited June 14, 2022 by Nathan Explosion

[Nathan Explosion]

\IPS\Member doesn't care about the 'Forced' option being enabled:

public function isOnlineAnonymously()
	{
		if ( !$this->member_id ) //That's a guest
		{
			return FALSE;
		}

		if( $this->group['g_hide_online_list'] == 2 ) //That's "Can login anonymously" set to 'Disallowed 
		{
			return FALSE;
		}
		
		return $this->members_bitoptions['is_anon']; //This returns whatever the user has enabled
	}

This sorts it...

public function isOnlineAnonymously() {
        if (!$this->member_id) {
            return FALSE;
        }

        if ($this->group['g_hide_online_list'] == 2) {
            return FALSE;
        }

        if ($this->group['g_hide_online_list'] == 1) {
            return true;
        }

        return $this->members_bitoptions['is_anon'];
    }

 

[Jim M]

Thank you for bringing this issue to our attention! I can confirm this should be further reviewed and I have logged an internal bug report for our development team to investigate and address as necessary, in a future maintenance release.

 

[Marc Stridgen]

This issue has been resolved in 4.7.0 which has recently been released. Please upgrade to that version to resolve this, and of course, let us know if you are still seeing any issues.