Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
0 votes
in Q2A Core by
closed by
I set the permission "Asking questions" to "Registered users with email confirmed" few days ago. Before users were allowed to ask as guests.

Today I see that anonymous guests can still posts questions!

Is that a bug? Or can they do so because of a cookie set? What could be the reason?
Q2A version: 1.8.0
closed with the note: clarified
I'm not able to reproduce this. You've definitely set the correct permission? And the people posting are definitely not registered, they're not called 'anonymous' or anything?
Check if there are any plugins conflicting.
Might be that the userrules plugin is the culprit: https://github.com/q2apro/q2apro-userrules/blob/master/q2apro-userrules-overrides.php – I have a custom version, modified it (was checking for empty $userid which might have been the problem). If I don't report back, then the plugin was the problem.
Anonymous can still post, i am confused. When I visit the /ask page (private mode), it says "you need to login or register". So there must be a way for some anonymous users to post a question still.

I thought it could be a cookie issue, but checking the IP, it says it is used the first time. Unfortunately the user did not leave his email address (for notifications), so I cannot ask how that was possible.
For another user I see that he was loggedin, then posted, then logged out, then posted as guest, then logged-in again and posted with user account again. I am not sure what the cause of the problem is. In the user-rules plugin it retrieves the userid, if it is not set then it is not changing the user permissions (in my new version). So I doubt that the plugin is the culprit. It should be something else.
Have you tried completely disabling that plugin and seeing if people can still post anonymously? Also maybe try contacting that user and ask exactly what they did.
your plugin is not a problem definitely. It seems to me that it is a caching issue. On lines 168 below, if (isset($userid) &&  $userid > 0 && qa_opt('permit_post_q') != QA_PERMIT_ALL) statement can be written to fix it. Note that I have not test it as I didnt experience such as problem.

reshown by
I tend to also think it is a caching issue (I am using the q2a-caching plugin)... and as I see, the function qa_user_permit_error() checks by $userfields = qa_get_logged_in_user_cache(); --- and then takes the userid from the cache. But still weird. Maybe here it would be better to fetch the userdata from non-cache?

"maybe try contacting" - I did post a comment to their question today. Let's hope those user answer.
Please everyone, imagine me giving myself a #facepalm!

It is my new "q2apro-account-deletion" plugin that removes the userid from the post after a user decided to delete his account...

THIS is why the posts were anonymous!

Sorry for all the guessing, but finally found the answer! Thanks a lot.