Is it possible to lock temporally and unlock the whole OJS or any upload / article creation functionality

I use the Command line Tools NativeImportExportPlugin to programmatically mass import articles into the OJS. While doing this I have to know the IDs the new articles will get before they are imported. I can anticipate them safely by asking the the DB for the last used ID, but this can become unsafe if some other user would upload some data to the OJS at the very same time.
I would appreciate if I could prevent other users to upload anything while the mass import is ongoing. Ideally would be a way to do this programmatically.

Therefore my questions:

  • Is it possible to lock temporally and unlock the whole OJS or any upload / article creation functionality?
  • Is it possible to get the active sessions via the command line tools?

Hi @paf,

Concerning your first question: there is no such mechanism in the system. But you could eventually write a few lines of the code (in the login function) to check if the user is not and if so make a redirect to the journal home page – to forbid the new user log ins.
Concerning your second question: I don’t know that, but as admin you can use the Expire User Sessions under Site Administration page, to log out all users that are currently logged in. Might be a little bit ‘rude’, but maybe you can define a time and inform them on your web site.

Best,
Bozana

Okay, expire user sessions is a beginning. I would need to run that from the script, but I think I can figure that out.
The other thing is to prevent them from login in the crucial time… I don’t want to midify OJS code, I put everthing else I developed in a plugin.

Hi,

In similar situations I usually just add a htaccess file with

Deny from all
Allow from my_own_ip_here

And remove that after I am done. Alternatively you could add a htaccess password prompt.

Hi ajnyga,
I had this idea as well. I could create the .htaccess programmatically without any problem. my_own_ip_here would be omitted at this point, because only the script shall be allowed to do anything, The question if how reliable this is, since it does not prevent the DB to be altered / articles to be created but only user from logging in with the browser.
The question is: is the user logged in via the browser really the only scenario, in which someone could do some inserts on the DB? OJS has so many features, maybe there are some data insertion APIs, or Chronjobs or whatever processes which could still insert data in the crucial seconds.

Hi,

I guess APIs are not a problem, because they would require a connection to be possible and htaccess would, to my knowledge, prevent that.

But crons are maybe something worth considering. However, I have a feeling that there are no cronjobs in OJS that create articles. But someone else with better knowledge of this can give a better answer.

Thats good to know. Another thing that with .htacces you can not only prevent users from login but also prevent visitors from visit your stuff. Also it’s a bit uncomfartable to replace the normal .htacces wich makes pretty urls with another and then switch back… maybe there is another way of preventing users from login

I guess there is no need to replace any htaccess files. You can just add those two lines to the beginning of your htaccess and remove them when you are done.

Of course there is other ways of preventing login (involving editing the code), but if you are worried about OJS doing something like cronjobs during the import, then preventing only login in OJS is probably more likely to cause problems. That is, in case some cronjobs are triggered by visitors on the site.

But I will switch to just tracking this thread, it would be interesting to see if someone knows an alternative way of closing a site.

@paf

Just a note/comment:
You could investigate what cron jobs are running on that machine and also disable Acron plugin. Also, the OJS change to redirect users to the start page is a very small one and you would remove it immediately after you have finished the necessary work. – Nothing programmatically, but…

Best,
Bozana

I totaly forgot: you can of course add the rewrite rules to the .htaccess, to redirect the login, registration, notification subscription and eventually commenting pages.

Yes, I use the following .htaccess now:

RewriteCond %{REQUEST_METHOD}                     POST
RewriteCond %{DOCUMENT_ROOT}\/ojs\/lock         -f
RewriteCond %{REMOTE_ADDR}                         !127.0.0.1
RewriteRule ^                                     /ojs/                                     [L,R=302]

as long as file called lock exists in the folder, no user can POST anything which means, no one can do anything crucial. Still, I do not know if OJS has some other ways to alter the DB like chronjobs for instance, but it’s a beginning.