292351
double1
Re: Autologin - does it update xoopsmembers "last login date"
  • 2003/7/28 18:18

  • double1

  • Just popping in

  • Posts: 8

  • Since: 2003/4/26


Yes the code for the checkbox should be within the form tag, put it right after this:

<input type="hidden" name="xoops_redirect" value="<{$xoops_requesturi}>" />

More importantly, make sure you have set your cookie session to "custom" in your Admin Preferences -> General Settings -> Use custom session = YES, otherwise the hack won't work!

Btw, I tried Jan304's Login hack but for yours it should be the same.

Good luck



292352
DobePhat
Re: Autologin - does it update xoopsmembers "last login date"
  • 2003/7/28 15:15

  • DobePhat

  • Friend of XOOPS

  • Posts: 656

  • Since: 2003/4/15


Ok guys Ive treid one of these versions...
(aud's) and it doesnt seem to uh work...but then I thought about something...inserting the code for the checkbox.....
should that be within the form tag? No one mentioned specifically...
but it seems like it should be or am i wrong? If thats not it I dont know really why it wont work?

Again , looks promising.



292353
tzvook
Re: htmlArea - WYSIWYG editor
  • 2003/7/28 10:58

  • tzvook

  • Just can't stay away

  • Posts: 875

  • Since: 2003/2/1 2


Quote:
Giving them the full range of HTML layout (like font, color, size etc.), they will ruin our coporate look


Depends on the htmlarea buttons you'll "give" them...

Quote:
Just to put a general question out there... what are the main difficulties with the BB code editor right now? IMHO, it doesn't seem any more difficult than HTMLarea to use.


As developers we usualy can't look inside the users head, we think different, I used to end up giving too much options to the users, which made them not using any of them in the end.

So I started folowing my users (not just Xoops, but a lot of systems We made), and I'm talking about thousands of users: munivipalities, big companies and so... and I found out the abious answere - the most important thing for a user, almost all skills levels is the INTUITIVITY - they'll use something they are used to it (WYSIWYG looks like their WORD editor, and that's it ... they need the confidance of the friendly interface).

Xoops users might not need it so much, but the editors/moderators which are content ppls and not tech ppls, needs it badly, and when I gave them the option, they used WYSIWYG about 400% more then with the original BBCODE....I had to take off the wysiwyg hack for XOOPS 1.3.x, due to a very buggy hack, but I was very sorry about it.

So in the end we stayed with this answere:
users will use WYSIWYG much more then the BBcode, will feel much better with it, we simply need to think "how to" , "who to give the HTMLAREA options to" and "how much (options) to" to give, and be aware that every CMS will use it soon, due to the reason we all know - everything runs forward, not backwards !!!

Quote:
I usually just end up typing in the codes by hand, but I come form a programming background so this makes sense to me. Also I find typing the codes much faster. But what do others think? What is lacking and what makes htmlArea such a *great* alternative?


The answere is in the question - ppl's like to give their feelings, not just their content, and they do it with bold, colorfull fonts, they need the "redo - undo" of the WYSIWYG, the "copy - paste" is good for the comon user that don't know the CTRL+C and CTRL+V, the "find and replace for big articles, tables ability, special characters ability, "align right ... align left" , and, well, do I need to go on with this...

Quote:
To make the editor 'configurable' (e.g. make certain tags/codes allowed or not) will bring up the same security issues as have been discussed with the htmlarea. The security threat here though is only the 'look' of the site, wheras with html could be far worse.


That's the point: it's almost the same security issues as the BBcode, that's the reasons it needs to be done by the XOOPS developers, and not as a CORE hack - it needs a lot of thinking and planing, but a good integration of it to the core (even just for the editors/moderators) will bring XOOPS one level up as a leading CMS (though to my opinion it's in the top right now !!!)

WOW - this was long !!!!!!!!!!!!!!!
The XOOPS community done it again - I just come to see what's new and I ends up with killing a half work day, but well .. using XOOPS and seeing how much ppl's help to each others worth the effort !!!




292354
GOwin
Re: Custom block for Coppermine Gallery
  • 2003/7/28 8:58

  • GOwin

  • Just popping in

  • Posts: 78

  • Since: 2003/5/2 9



are there any updates about your attempts integration/modularization of this nice gallery module?

TIA



292355
mvandam
Re: htmlArea - WYSIWYG editor
  • 2003/7/28 7:52

  • mvandam

  • Quite a regular

  • Posts: 253

  • Since: 2003/2/7 2


Quote:

Giving them the full range of HTML layout (like font, color, size etc.), they will ruin our coporate look (which was very expensive to create, and more expensive to maintain!).

Other than the needed extra data "cleaning" that is needed to allow HTML code in posts, this has always been my other reason to *not* want an html editor. For a community board maybe it is nice to allow people to change font color/face/size (??), but I don't think the result looks that great... and on a corporate support forum it will look extremely unprofessional. That leaves only 'bold', 'italic', 'heading', 'img'?, 'link', etc... The BB code already covers most of this in a very simple manner. There is also the 'color' code which is good as an alternative way to emphasize text, but it could in theory be abused. IMHO, the 'size' code should be dropped in place of a 'heading' code (possibly 2-3 levels worth of different styles).

Just to put a general question out there... what are the main difficulties with the BB code editor right now? IMHO, it doesn't seem any more difficult than HTMLarea to use. I usually just end up typing in the codes by hand, but I come form a programming background so this makes sense to me. Also I find typing the codes much faster. But what do others think? What is lacking and what makes htmlArea such a *great* alternative?

To make the editor 'configurable' (e.g. make certain tags/codes allowed or not) will bring up the same security issues as have been discussed with the htmlarea. The security threat here though is only the 'look' of the site, wheras with html could be far worse.



292356
Herko
Re: htmlArea - WYSIWYG editor
  • 2003/7/28 6:46

  • Herko

  • XOOPS is my life!

  • Posts: 4238

  • Since: 2002/2/4 1


Just a thought here.. if HTMLaerea isn't stable and/or secure enough, is there a way to make bbcode more n00b friendly? perhaps add (admin pre-defined) styles for header, intro, links, images, etc?

The people using and maintaining the websites I made with XOOPS aren't tech wizzards at all. They're no communications experts either. Giving them the full range of HTML layout (like font, color, size etc.), they will ruin our coporate look (which was very expensive to create, and more expensive to maintain!).

So, wmy not bring together the best of both editors and create a secure, extended, configurable, n00b friendly text editor for xoops.

Herko



292357
mvandam
Re: htmlArea - WYSIWYG editor
  • 2003/7/27 23:05

  • mvandam

  • Quite a regular

  • Posts: 253

  • Since: 2003/2/7 2


Just to reiterate... it doesn't matter how limiting you are with your editing controls (e.g. stripping out most of buttons on htmlarea or whatever), there is always a risk. You cannot assume that someone with use *your* form to enter their post. An attacker can easily figure out how to make a local copy of that form, remove all the restrictions and send *arbitrary* HTML to your server.

i.e. the HTML area has all kinds of controls to set a field "content" which gets sent to the server when the form is POSTed. If using the HTMLarea then the things that go into that "content" field are controlled. If an attacker finds another way to set that "content" field (actually quite easy), then any security that the HTMLarea offers has been circumvented.

The security needs to be handled on the backend, and that is currently what is lacking XOOPS 2. Right now you can either 'enable HTML' or 'disable HTML'. The only way the htmlArea would be useful is if you 'enable HTML' for all posts. But because the backend does *NO* real tag checking, this will allow an attacker to upload arbitrary HTML to your server.

Anyways, not trying to say it is not worthwhile. I'm not sure it is 'necessary' to support this, but it does seem that more and more people want it. I'm just trying to point out the security issues are not as simple as many people think.



292358
kotis
Re: htmlArea - WYSIWYG editor
  • 2003/7/27 22:42

  • kotis

  • Just popping in

  • Posts: 82

  • Since: 2002/12/23


Well, i decided to come back to you because i saw you have a lot of questions about security and risks for htmlarea.

Follow my thoughts... You just need a decent editor for your site visitors and your editors. You can't expect your site visitors and even your editors to be able to write html - this is where every nuke like portal fails and it ends up to be webmaster-centric. I decided to go with XOOPS and it's been months now since the release of XOOPS 2.0.3 I'm still trying to find free time and complete the integration of htmlarea.

Security risks? Not at all. I just want to replace the (difficult to use by novices) bbcode editor. So, i only enabled bold, italics, underlines, left-center-right aligns and two or three more things. It's even more secure because noone can write even a single html command. The editor is responsible to convert the text to html. THAT simple...

Soon i will be ready to give you a preview of the htmlareea integration. Believe me... It's so beautiful and works so nice that all developers will start thinking the integration of an advanced editor inside the core. I really hope so because i already know that it is already impossible to upgrade my XOOPS engine to a newer version. The changes are so many that it's almost impossible...



292359
DarkDeath
Re: Alerts for Private Messaging
  • 2003/7/27 18:25

  • DarkDeath

  • Just popping in

  • Posts: 29

  • Since: 2002/8/17


Bumb.....i am so close.... thanks for the help... but im still a tad unclear....on placment of the code.... please help! I am using version 1.3.8 RC3



292360
Olivier
Re: dictionary modules
  • 2003/7/27 15:05

  • Olivier

  • Just popping in

  • Posts: 16

  • Since: 2002/6/16


Creating a module will be hard because you have not access to the main database of those online directory (i suppose)
and so except if you use an iframe in which you include the result page you won't be able to show results (but it will be horrible)

And it will a dictonary per language (i am french so I don't think I will put an english dictionnary on my site )

But your idea is not bad !

Why not trying to make a block in php with a search field and when you validate it opens in a new (framed or not) window the result of the request !

But I don't kno if this is easy to do (I will try )







Login

Who's Online

154 user(s) are online (93 user(s) are browsing Support Forums)


Members: 0


Guests: 154


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits