GLOBAL settings confusions in 2.6.0 vs 2.5.x [message #15899] |
Fri, 09 January 2004 01:20 |
|
Wild_Cat
Messages: 144 Registered: November 2002 Location: Odessa, Ukraine
Karma: 0
|
Senior Member |
|
|
I have just installed anew the 2.6.0 first time now after 2.5.3RC3 and now have a few confusion about seetings:
1) You have the entry for $MAX_LOGGEDIN_USERS from GLOBALS twice in the main admin config...
2) I don't see in GLOBALS disallowing session urls variable any more, while there is such an option on the admglobal page. Where is it gone? Did the process for setting URL sessid became automatic if the user's browser does not accept cookies? And what is SQ in the url standing for at all if not sessid? And what is empty S= standing for?
I'm afraid that it's my weakest comprehension point - for the use of cookies (had previous version on local machine not logging me in without URL sessions at all... - no solution)
3) What the "name" field in profile (and database for that matter) is used for in the forum? I can't see it anywhere...
4) What the $SITE_HOME_PAGE in GLOBALS.php is used for? I havent' found it referenced anywhere on settings page or in display views...
Lady of Avalon
|
|
|
Re: GLOBAL settings confusions in 2.6.0 vs 2.5.x [message #15900 is a reply to message #15899] |
Fri, 09 January 2004 01:58 |
Ilia
Messages: 13241 Registered: January 2002
Karma: 0
|
Senior Member Administrator Core Developer |
|
|
Quote: |
1) You have the entry for $MAX_LOGGEDIN_USERS from GLOBALS twice in the main admin config...
|
Hmm none of the forum's I've upgraded have this entry twice. If you can send me your GLOBALS.php via PM, maybe it'll give me a clue on why this may have happened/
Quote: |
2) I don't see in GLOBALS disallowing session urls variable any more, while there is such an option on the admglobal page. Where is it gone? Did the process for setting URL sessid became automatic if the user's browser does not accept cookies? And what is SQ in the url standing for at all if not sessid? And what is empty S= standing for?
I'm afraid that it's my weakest comprehension point - for the use of cookies (had previous version on local machine not logging me in without URL sessions at all... - no solution)
|
All YES/NO variables were folded into FUD_OPT_* bitmasks. You can find out the individual bitmasks by reading GLOBALS_HELP.
SQ stands for sequnce and it's a session security measure.
Quote: |
3) What the "name" field in profile (and database for that matter) is used for in the forum? I can't see it anywhere...
|
User's full name, only used for administration.
Quote: |
4) What the $SITE_HOME_PAGE in GLOBALS.php is used for? I havent' found it referenced anywhere on settings page or in display views...
|
Useless field that has been there for ages, I am removing it in the next version.
FUDforum Core Developer
|
|
|
Re: GLOBAL settings confusions in 2.6.0 vs 2.5.x [message #15908 is a reply to message #15900] |
Fri, 09 January 2004 11:28 |
|
Wild_Cat
Messages: 144 Registered: November 2002 Location: Odessa, Ukraine
Karma: 0
|
Senior Member |
|
|
Wild_Cat: | 1) You have the entry for $MAX_LOGGEDIN_USERS from GLOBALS twice in the main admin config...
|
My mistake in exlpanation! In GLOBALS.php I have this entry only once but I have a field to update it twice admglobal.php! (1st between
Ilia: | 2) SQ stands for sequnce and it's a session security measure.
|
So I can't strip it from URL any more to give external links? When I enter as anonymous from another browser (IE) on the index page, it generates URLs without SQ parameter and I cannot enter any forum - it gives me error: wrong URL.
Oups! It was quite another bug, I see it now: the index page urls for anon user gives links to forums as following: t=threadt So it IS wrong...
Well, I do can strip this SQ thingy together with rid from urls to forums & messages?
I am beginning to think of another hack to have a "neutral" URL generated for each forum and message (not that I already have done many but have many in mind... )
Wild_Cat: | 3) What the "name" field in profile (and database for that matter) is used for in the forum? I can't see it anywhere...Ilia: | User's full name, only used for administration.
|
|
Actually, I think this could be useful to include on profile page? Well, that's up to me I guess and I will just put this value somewhere in the profile page as well as a number of other values I'm thinking of... Yet, may be it could be used in general forum distribution too - could be handy to address PMs by name, not the nick if need to contact, it isn't listed to users anywhere that it's a private field anyway, right?
Wild_Cat: | 4) What the $SITE_HOME_PAGE in GLOBALS.php is used for? I havent' found it referenced anywhere on settings page or in display views...Ilia: | Useless field that has been there for ages, I am removing it in the next version.
|
|
This could be actually a useful field if we could have automatic link to our site homepage if this parameter were set besides the forum "Home" link in userCP above now..
5) BTW the admglobals.php when I change the anonymous user name only changes LOGIN & ALIAS to a new setting, the NAME remains on Anonymous Coward. Unhandy, may be have it changed to this new value automatically too?
(I were thinking about a hack allowing anonymous users to enter a name otherwise I had an awful confusion once from people I knew but who didn't want to register for 1-2 messages - they were all Anonymous and even without realising they'll be so they didn't sing their posts, so it was for me to guess who is who and I do think of allowing a couple anonymous forums) - I would actually put this possibility to specify name for anon users as a suggestion..
6) And I see yet another kind of bug - sorry for posting it here but it's in the context of discussed things - now Administrator is put as Custom Status to user 0 - Anonymous Coward! It's true the anon user doesn't get this custom status displayed it seems, yet... me neither! =)) (OK, I can set it by hands, but before it was set automatically and now it automatically sets my NAME to administrator and Custom Tag Administrator to anonymous user in the MySQL table
7) BTW, the anon user level is set to 3 but it doesn't get shown, also as I see msg count is not updated for anon users, so its level doesn't get updated either, right?
Why the anon user_id is 1 but he is referred in rid=0 in URLs and poster_id=0 in MySQL tables? A bit confusing if trying to figure something new for the forum customisation... I guess it's because the automatic enumeration in MySQL put the first number to 1, but where the mechanism for tracking it as 0 in FUDforum, a bit of everywhere in MySQL SET queries regarding this anon user? But why not just use it as id=1 then and was the anon user anti-deletion securisation regarding this "double numbers"?
Lady of Avalon
[Updated on: Fri, 09 January 2004 11:38] Report message to a moderator
|
|
|
Re: GLOBAL settings confusions in 2.6.0 vs 2.5.x [message #15912 is a reply to message #15908] |
Fri, 09 January 2004 12:59 |
Ilia
Messages: 13241 Registered: January 2002
Karma: 0
|
Senior Member Administrator Core Developer |
|
|
Quote: |
My mistake in exlpanation! In GLOBALS.php I have this entry only once but I have a field to update it twice admglobal.php! (1st between
|
Fixed in CVS.
Quote: |
So I can't strip it from URL any more to give external links?
|
Yes
Quote: |
When I enter as anonymous from another browser (IE) on the index page, it generates URLs without SQ parameter and I cannot enter any forum - it gives me error: wrong URL.
Oups! It was quite another bug, I see it now: the index page urls for anon user gives links to forums as following: t=threadt So it IS wrong...
|
I think the problem is due to the fact you have enabled threaded forum listing for anon users but disable threaded forum views. To fix this either edit the profile of anon user (access via user manager with anon user's nick name) or eanble threaded topic views & then disable it (it should set correct values).
Quote: |
Well, I do can strip this SQ thingy together with rid from urls to forums & messages?
|
That would open a big security hole in your forum.
Quote: |
Actually, I think this could be useful to include on profile page? Well, that's up to me I guess and I will just put this value somewhere in the profile page as well as a number of other values I'm thinking of... Yet, may be it could be used in general forum distribution too - could be handy to address PMs by name, not the nick if need to contact, it isn't listed to users anywhere that it's a private field anyway, right?
|
It's a private field, mostly intended for when the admin needs to contact the user.
Quote: |
5) BTW the admglobals.php when I change the anonymous user name only changes LOGIN & ALIAS to a new setting, the NAME remains on Anonymous Coward. Unhandy, may be have it changed to this new value automatically too?
|
Since NAME is a private fields users do not see it does not matter.
Quote: |
(I were thinking about a hack allowing anonymous users to enter a name otherwise I had an awful confusion once from people I knew but who didn't want to register for 1-2 messages - they were all Anonymous and even without realising they'll be so they didn't sing their posts, so it was for me to guess who is who and I do think of allowing a couple anonymous forums) - I would actually put this possibility to specify name for anon users as a suggestion..
|
No, you are either anonymous or you should register account. I generally do not recommend allowing anonymous users to allow to post messages.
Quote: |
6) And I see yet another kind of bug - sorry for posting it here but it's in the context of discussed things - now Administrator is put as Custom Status to user 0 - Anonymous Coward! It's true the anon user doesn't get this custom status displayed it seems, yet... me neither! =)) (OK, I can set it by hands, but before it was set automatically and now it automatically sets my NAME to administrator and Custom Tag Administrator to anonymous user in the MySQL table
|
Not sure I understand the problem, could you give me simple step by step instructions on how to replicate the bug? Thanks.
Quote: |
7) BTW, the anon user level is set to 3 but it doesn't get shown, also as I see msg count is not updated for anon users, so its level doesn't get updated either, right?
|
No info such as post counts etc... are shown for anon user, because it's not a real user.
Quote: |
Why the anon user_id is 1 but he is referred in rid=0 in URLs and poster_id=0 in MySQL tables? A bit confusing if trying to figure something new for the forum customisation... I guess it's because the automatic enumeration in MySQL put the first number to 1, but where the mechanism for tracking it as 0 in FUDforum, a bit of everywhere in MySQL SET queries regarding this anon user? But why not just use it as id=1 then and was the anon user anti-deletion securisation regarding this "double numbers"?
|
It is necessary for simpler checks ala if (!user).
FUDforum Core Developer
|
|
|
Re: GLOBAL settings confusions in 2.6.0 vs 2.5.x [message #15916 is a reply to message #15912] |
Fri, 09 January 2004 14:06 |
|
Wild_Cat
Messages: 144 Registered: November 2002 Location: Odessa, Ukraine
Karma: 0
|
Senior Member |
|
|
Thank you for your answers!
Wild_Cat: | I see it now: the index page urls for anon user gives links to forums as following: t=threadt
Ilia: | I think the problem is due to the fact you have enabled threaded forum listing for anon users but disable threaded forum views. To fix this either edit the profile of anon user (access via user manager with anon user's nick name) or eanble threaded topic views & then disable it (it should set correct values).
|
|
Not quite sure I understand. I have three view of threads disabled and tree view of messages enabled and default view is set to Flat thread/Tree message. But enabling three view of threads had solved the problem and it remained OK on its diabling. Thank you. A note for future fix in installation may be too?
Wild_Cat: | Well, I do can strip this SQ thingy together with rid from urls to forums & messages?Ilia: | That would open a big security hole in your forum.
|
|
How severe is this hole? I mean this string was not present in previous forum versions, so is the security level just the same this way or even worse?
Because you guess it is REALLY unhandy to give such urls externally.
Also, is this string embedded as part of url in PATH_INFO template too? (I can't check it now, my own server doesn't support PATH_INFO, but when I put it on Internet, I wanted to do so)
Linking from outside could actually present a big discomfort because certain systems do not handle long urls (threating them as any other long string, breaking it apart by a space) and users who might give links to my forum will certainly take the whole string and may be even unaware that it's broken for lenght reasons wherever they posted it, so I lose potential visitors!
Wild_Cat: | 5) BTW the admglobals.php when I change the anonymous user name only changes LOGIN & ALIAS to a new setting, the NAME remains on Anonymous Coward. Unhandy, may be have it changed to this new value automatically too?Ilia: | Since NAME is a private fields users do not see it does not matter.
|
|
OK, I get the message. If I wish to show the name on profile, it's my concern to edit NAME field in the DB too Although I think for customizability, logic & integrity reasons you could just add another VALUE in SET query for this user_id 1 setting in future releases
Wild_Cat: | 6) And I see yet another kind of bug - sorry for posting it here but it's in the context of discussed things - now Administrator is put as Custom Status to user 0 - Anonymous Coward! It's true the anon user doesn't get this custom status displayed it seems, yet... me neither! =)) (OK, I can set it by hands, but before it was set automatically and now it automatically sets my NAME to administrator and Custom Tag Administrator to anonymous user in the MySQL table
Ilia: | Not sure I understand the problem, could you give me simple step by step instructions on how to replicate the bug? Thanks.
|
|
Very simple actually! Make a new installation and look in the fud_users table. user_id=2 (which is admin installing the forum) does not have the custom tag 'Administrator' any more (no custom tag is set by installer at all), it's the user_id=1 (anonymous) who has such custom tag ('Administrator')! (I guess it concerns only new installations, still there is a change toward an almost unnoticeable mistake in new installation)
Thanks again for explanations!
Lady of Avalon
[Updated on: Fri, 09 January 2004 14:15] Report message to a moderator
|
|
|
|
|
Re: GLOBAL settings confusions in 2.6.0 vs 2.5.x [message #15925 is a reply to message #15923] |
Fri, 09 January 2004 16:05 |
Ilia
Messages: 13241 Registered: January 2002
Karma: 0
|
Senior Member Administrator Core Developer |
|
|
Quote: |
Is this hole however something new to 2.6.0 or it also existed in 2.5.3RC3 and this is just a fix?
|
The issue not new, it was present in older versions.
Quote: |
I need to know, because of the potential visitors loss possible (through non-working external links, which being too long are broken apart on some other systems, as well as any other long string) I might want to consider staying on the old engine...
|
The fact you got SQ attached to a link, WILL NOT break it. The anon user links do not have SQ prefixed to them, so it won't affect search engines etc...
FUDforum Core Developer
|
|
|
|
SQ free urls for external links [message #15949 is a reply to message #15925] |
Sat, 10 January 2004 14:55 |
|
Wild_Cat
Messages: 144 Registered: November 2002 Location: Odessa, Ukraine
Karma: 0
|
Senior Member |
|
|
Just one more question about SQ string in the url:
The notification e-mails do have an SQ free URL of the form:
http://fud.prohost.org/forum/index.php?t=rview&goto=15935
More, you do have send a link option, making an SQ free url of the form:
http://fud.prohost.org/forum/index.php?t=rview&th=3275&rid=542
(BTW, what is user_id doing here? )
If I want to provide a separate 'link' url on my forum messages or threads for external linking (smth like {LINK}) thingy over a thread or {LINK} over a message), could this be a better option to make a similar url formations instead of just stripping SQ & rid from the url?
Oups, a FUDcode surprise with double square brackets:
It works just fine for obtaining [internal forum code] when used like this: [[url=?t=rview&th=3275]internal forum code[/url]] (as seems logical without any additional transformations)
But when I tried to write an external link in double square brackets like this [[url=http://fud.prohost.org/forum/index.php?t=rview&th=3275]LINK[/url]] I've got a desired linked text [LINK] but look at the url behind it: http://fud.prohost.org/forum/<br />http://fud.prohost.org/forum/index.php?t=rview&th=3275 especially the <br /> thingy looks strange, although I don't understand why and what for this transformation occured at all (certainly I just don't know something about new FUDcode? for in the 2.5.3 the double square brackets just made the url FUDtage not work as a tag any more but handled as simple message text, which gave the brackets and the url words visible and transformed the url itself to a link if it was a normal URI, not jut a query string, of course)
----------
P.S. My oh my, somtimes I still get dropped out to index with url like http://fud.prohost.org/forum/index.php?S=4ebbb111ee9ed71e2d354c5a5c495748 instead of posting or previewing my message! Could be totally disastrous with IE which doesn't keep the form text fields entered content on 'next' or 'back' navigation (the more with your anti-cashe headers and the more that it's still somehow the heckmost used browser I am allergic to ...) and I'm afraid it will do the trick to our users with this new engine, what's the possible cause of it? (then I go back and add this text and hit 'preview' or 'post' again and it would work fine)
Lady of Avalon
|
|
|
|
|
Re: SQ free urls for external links [message #15970 is a reply to message #15969] |
Sat, 10 January 2004 22:05 |
Ilia
Messages: 13241 Registered: January 2002
Karma: 0
|
Senior Member Administrator Core Developer |
|
|
The logic is as robust as it can be without sacrificing security. If you choose to browse the forum while writing the message either do not do so for an extended period of time or periodically click on the "preview" button in the post form. Personally I have yet to experience this problem myself.
Keep in mind that post form (when replying) already provides means for browsing the topic/message you are replying to at the bottom of the page.
FUDforum Core Developer
|
|
|
Re: SQ free urls for external links [message #16178 is a reply to message #15962] |
Sun, 18 January 2004 15:01 |
|
Wild_Cat
Messages: 144 Registered: November 2002 Location: Odessa, Ukraine
Karma: 0
|
Senior Member |
|
|
Ilia ÐÉÓÁÌ(Á) óÂÔ, 10 ñÎ×ÁÒÑ 2004 21:56 |
Quote: | Oups, a FUDcode surprise with double square brackets:
|
Cannot replicate here or on my development forum.
|
I've just seen the url still distorted as described in my previous message (you can look@ my initial post or your own quoting me to see the described effect), but now the same thing seems to render quite fine
[LINK]
[[url=http://fud.prohost.org/forum/index.php?t=rview&th=3275&rid=542]LINK[/url]] It has been perhaps an unnoticed mistake that is not there any more - and that's fine.
Quote: | Don't browse the forum (in another window) while writing a reply.
|
But that's quite an incovenience especially for forum admins who might often want to give links to other threads while writing a reply, but another user may want doing so too occasionaly for the same reason or quoting another thread. He will get dropped out of his reply and he won't know what happened - beacuse this never happened to him on any other popular forum engine, and I can't explain to everyone that they shouldn't browse the forum while posting and why (& for more still insist that I like this engine over others! ... whie I can myself open windows in another browser or before posting, of course, but that's quite a pain in the ... Of course, you're the chief, but seeing your job done so accurately in most details, it seems that you could hear me if I suggest that security should not take over ease of use...
Oh more bug add-on, there is something strange with thread messages preview - when I hit 'preview post', I am told to be on the 2dn page, but I see thread posts below in quantity of 3 and they are from the first thread page, not the first ones, but starting around 3rd from the beginning in the thread if I'm not mistaken (here we're stuck at first try with not browsing wile posting!!!) and not ending with my last post on the 1st page either (3 was the quantity of posts on the 2nd page but they were other 3 posts, those truly from 2nd page...)
AND what's going on with u tag turning into /u at the beginning while reverse transformation (on edit or quote)?
Lady of Avalon
[Updated on: Sun, 18 January 2004 15:06] Report message to a moderator
|
|
|
Re: SQ free urls for external links [message #16183 is a reply to message #16178] |
Sun, 18 January 2004 17:16 |
Ilia
Messages: 13241 Registered: January 2002
Karma: 0
|
Senior Member Administrator Core Developer |
|
|
You can still browse other pages while writing a reply, just click preview once in a while to refresh the session validity id.
FUDforum Core Developer
|
|
|
|
|
|
Re: SQ free urls for external links [message #16197 is a reply to message #16194] |
Tue, 20 January 2004 14:45 |
|
Wild_Cat
Messages: 144 Registered: November 2002 Location: Odessa, Ukraine
Karma: 0
|
Senior Member |
|
|
It doesn't matter, it's just a convenient place and only for the user - to give the information, because it's not evident or logical for the user at all that he should not browse the forum while posting, and when he gets cicked out instead of posting his proabably hard worked reply he will never guess why, while you can predict it, but you said it to me only, not to all the users of all the FUDforums. So I proposed a way to inform & warn him without revealing the reasons which should corrspond to your security efforts btw, that's all! I can do it for myself on my forum no problem, but it could strongly help the others because for now it's 'setting up' to know about such issue and not warn the users - not only admins but all FUD forums users (although those ones too for that matter because they can be addressed for the issue and it's not everyone who can come here and find this thread with explanation or even read it in English)... Up for you to decide as always of course - once I know this, I cann add this message for the template on my own forum and 'clean my hands off'
Lady of Avalon
|
|
|
|