I have never used Moblog, but a quick skim of the docs it will do exactly that with the User Authorization override.
https://docs.expressionengine.com/latest/add-ons/moblog.html#user-authorization
If you really need it to send a rejection email I would think you could rig something up to do that if necessary.
Like most everything else in EE, I’m sure you can extend the core functionality if you need to.
Hope that Helps R
That requires members to email their username and password, which is not really secure. It works for admin/staff use but my idea was to let regular users email to a specific address, and it would create a channel.
Maybe I can clone the addon-on and make some modifications to it to only check the username email FROM only instead of the auth username and password.
To me, that would be even less secure than username:password. If the page you are sending to is secure, then the Authorization override I think should be safe(ish) I guess it comes down to use of the add-on. If the goal is so that a member can post a live article straight through Moblog and be credited for it, then you would need to do something like that I suppose.
But personally (just my opinion), I’m not sure that I would allow a post done using this method to be OPEN and live as soon as it is received. I think that I would require it be set to Pending or Draft and then moderated before allowing it to go live. Thats just me though. I view Moblog as inherently un-secure no matter what and needs to be used with caution. My personal feeling is that posts received by it need to be moderated.
Good luck…
R
Technically it’s still insecure, even if your auth page is secured because email is plain text when going from one server to the other, which means the password is going from the users mail server to the mail server hosting your Moblog EE add-on insecurely. This is the reason why transmitting passwords by email is not considered a good practice.
I’m trying to create a ticket system on which users can post support tickets. Sure, this is not really secure, but is this different from letting an authenticated user use a form to post a channel?
Technically speaking, a malicious user can register and then post to a channel. Assuming you allow visitors to register.
My idea is basically check if the FROM email comes from a valid registered member. I understand this is not really the purpose of Moblog but sounds more simple to use this than actually create a mail parser than then posts to a channel.
Ideally you would not let anyone post to a channel unless they are trusted, but if we go that route, then tons of add-ons, forms and other things in EE use channels to let members create data and entries.
I assume EE is already doing its proper validation checks before saving to the database, otherwise it’s not really different to any other CMS that also saves data to a database. And while it’s impossible to validate everything on some random email, the same would be true for a form on a website. I can only make sure emails are completely rejected unless they match an email address in the database, then try to sanitize or create some filters before posting it to a channel. My mail servers already have the proper checks that makes sure messages are not forged and other security filters, as spammers can still fake FROM addresses.
There was a ticket system add-on for EE for purchase, but the author has no plans to upgrade it to the latest EE version. I don’t have any other choice than creating something on my own. I don’t mind if it’s very simple.
I already own the Solspace and EE Harbor forms module which would let users post to a channel, but I would like them to be able to post by email.
Here is a similar idea:
https://u.expressionengine.com/article/simple-ticketing-system-using-expressionengine-moblog
Packet Tide owns and develops ExpressionEngine. © Packet Tide, All Rights Reserved.