31
lubdub
Re: Attention Xoops RC3.0.4/3.0.5 Users
  • 2002/10/30 8:20

  • lubdub

  • Just popping in

  • Posts: 64

  • Since: 2002/2/28


I work with Linux, so, no chance (!) to use IE, I might finally turn that feature of Mozilla off, but I guess a check from XOOPS would be more secure and not very costly.

Regards



32
lubdub
Re: Attention Xoops RC3.0.4/3.0.5 Users
  • 2002/10/29 8:21

  • lubdub

  • Just popping in

  • Posts: 64

  • Since: 2002/2/28


This was probably hanging around for a long time, it's not completely a XOOPS bug, but some "joint problem":
I use Mozilla 1.1a, which has a password manager, to keep track of usernames and passwords, somehow like IE does. Now, I made it remember my name for my XOOPS site.
The problem is: if I don't watch enough, when I'm changing the details of some user, it replaces the username in the fields with MY name, and saves it without a complaint from xoops. Thus, I have 2 users with my name and can't login anymore (luckily, I have some direct db access on my provider's host). As far as I can tell, XOOPS checks, when a new user registers, that the login isn't already used. I think it should be the case also when modifying a user.

Regards,



33
lubdub
Re: I'd like smarter polls
  • 2002/10/16 23:59

  • lubdub

  • Just popping in

  • Posts: 64

  • Since: 2002/2/28


Err... mmm... ok, let's forget what I said, then.. I'm still with RC 3.0.4 (I thought the 3.0.5 only included the security fix, which I didn't need, and I was too lazy to upgrade... )

My mistake... (but ... ok, whatever )



34
lubdub
Re: I'd like smarter polls
  • 2002/10/15 18:15

  • lubdub

  • Just popping in

  • Posts: 64

  • Since: 2002/2/28


Quote:

I think the polls are based on username, if the voter is logged in. For anonymous users, we use IP.

IMHO, nope... I think there is some logic to correct, here:
here is the code from XoopsPollLog:
$sql "SELECT COUNT(*) FROM ".$db->prefix("xoopspoll_log")." WHERE poll_id=".$poll_id." AND (ip='".$ip."'";
        if ( !empty(
$user_id) ) {
            
$sql .= " OR user_id=".$user_id."";
        }
        
$sql .= ")";
        list(
$count) = $db->fetchRow($db->query($sql));
        if ( 
$count ) {
            return 
true;

The request is thus, for a logged user:
AND ( IP = ... OR UID = ... ) ==> has voted
in other words, when I have 2 users behind the same firewall, the first is able to vote, but for the second, the IP is the same, the OR condition is true and thus he can't vote.

The correct logic should be:
UID not null ==> use it whatever the ip is.
UID null ==> use the ip whichever it is (this will prevent two anonymous from behind the same firewall, but prevents also a logged user from logging out and voting again)

The corrected code should looks like:
$sql "SELECT COUNT(*) FROM ".$db->prefix("xoopspoll_log")." WHERE poll_id=".$poll_id." AND ";
        if ( !empty(
$user_id) ) {
            
$sql .= " user_id=".$user_id;
        } else {
            
$sql .= "ip='".$ip."'";
        }


Quote:

Yes, sounds like some nice ideas.

thanks



35
lubdub
I'd like smarter polls
  • 2002/10/15 11:16

  • lubdub

  • Just popping in

  • Posts: 64

  • Since: 2002/2/28


Missing features I'd really would appreciate (of course, I could code them myself... but... not time for now )
- choose the way to record votes (for now, I think it's based on ip, but I have several users behind the same firewall, so it should be allowed to be based on username)
- allow/prevent anonymous users to vote
- show the list of voting users with their vote (at least for admin, but some polls could be completely public)




TopTop
« 1 2 3 (4)



Login

Who's Online

77 user(s) are online (47 user(s) are browsing Support Forums)


Members: 0


Guests: 77


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits