Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+2 votes
in Q2A Core by
I have found instructions regarding enabling private mode in versions prior to 1.7.

However, these do not apply to the current version and/or if I try to enable them by finding similar code in another file it creates a redirect loop.

Are there any instructions on how to enable private mode in version 1.7?

I am in need of this prior to releasing our install to the user base.


Q2A version: 1.7
Can you post a link to those "private mode instructions"? It's impossible to know what to suggest without knowing what is causing the problem.
And what was the "similar file"? qa-app-users.php has moved to qa-include/app/users.php
Also there are two answers there, did you try both?

2 Answers

–1 vote
The method of hiding the content there are several ways. User might access specific content directly by clicking the link that was written in the notification email. Therefore, redirect is not so easy. What is the private mode you desire? My site is one example of private mode. This is like Facebook.

I would like no user access at all to any portion of the site without a valid login.
We use Active Directory for logins with the LDAP AD plugin.

So right now when a user logs in the first time an account is created for them (only if they have entered valid AD credentials).  There is no registration at all for people who are not in our organization.

+1 vote
I had the same problem, using version 1.7.5 and finally found a method that seems to work.

In users.php search for $qa_logged _in_userid_checked=true and add:

if (


    && (!(preg_match('/^.*\?qa=login.*/',($_SERVER["REQUEST_URI"]))))

&& (!(preg_match('/^.*\?qa=forgot.*/',($_SERVER["REQUEST_URI"]))))

){       qa_redirect_raw('?qa=login');


I have the register link in the menu, visible only to Admins, so that I can control access.  I've done just a little testing and my site  is not yet live, so any suggestions to make this better are welcome, but it seems (so far) to do the trick. Since OP is using external auth, the line for "forgot my password" (matching ?qa=forgot) could be removed as it would be of no use.