Hi,
see another bug.

I wanted to add custom block, so i clicked on "add" then we used the custum page :
- position
- poids
- visible Y/N
- where
- title
- NO text area,
- NO style of content (php, html, auto)

I 've think that they appeared after "validate" but i've had an error message :



Now, i've the same error when i try to go to "block / list of Block"

I can't use admin block now...

Continuing...


Quote:

Didn't have an 'Extended profile' in Preferences even though the module was installed. Updated the System module but no use. Updated the 'Extended profile' and at last it showed up in the menu. 'Display Disclaimer' is set to 'No' and the disclaimer text box is empty. The 'Notify by mail when a new user is registered?' is set to 'Yes' but before the upgrade was set to no.

5. Extended profile module settings
5.1. In General Settings the line 'Minimum posts required?'. Required for what? If it is for avatar upload then I think this should be moved to User Settings.
5.2. The values for:
- Minimum password length;
- Allow custom avatar upload?;
- Avatar image max width (pixel);
- Avatar image max height (pixel);
- Avatar image max filesize (bytes);
- Names that should not be selected as username;

that were used before the update to the nightly version are not there. Instead the default XOOPS ones (I think) are used.

5.3. 'Enter names that should not be selected as username' - erm... is this still valid? Shouldn't this be Real names? Or perhaps have one for usernames and one for real names?

6. As a normal user I was able to change my real name to be the same as someone elses.

7. Decided to post this request about user trackability in this thread as well 'Webmasters are not able to see the username of a user when visiting a the user's profile page. I think this info should be available to webmasters. I would like also to be able to assign this right to some groups in my site.'



Oh, *****. I forgot to post what's my environment last time. Using XAMPP Lite 1.4.14 (Windows + Apache 2.0.54 + PHP 5.0.4 (without PEAR) + MySQL 4.1.12).

Thanks for the help guys.

I'm still a little divided as to what to do about the Real Name/Username. On one hand I think it is the best thing to have Real Name as "Display Name" and the Username only used for login purposes (which is also why I don't find it useful information for webmasters - who do have the option of seeing the username when editing the user)

Should Real Names be unique? I'm still considering this. Perhaps a setting in the module's preferences?

I'm re-adding the Findusers functionality in the System Module, but will take out the non-core and non-System Module fields (such as URL and PM link)

Quote:

Sounds reasonable. But I still think that some groups should be allowed to see the username on the profile page. The reason is user 'trackablity' (just made up that word ;). Yes, the uids are unique but... we aren't very good with remembering numbers.

The 'Display name' should be unique. Why? Because if it's not I would be able to change it to let's say Mithrandir. Then there will be 2 of us. Then somebody will follow my example and then there will be 3 of us. Faster than you know it there could be an army of Mith's strolling around the forums. :) So who would be who? And if webmasters or other groups (such as mods) don't see our usernames how will they know whom they issued a warning and whom not?
A setting in the module's preferences would be alright for me... Although I suppose there would be quite a lot of people who won't see this setting and start asking for help on the forums here. Perhaps if it is as a setting it should be turned on by default?

Another request concerning usernames. In the comments system to add above the avatar (or below) a field which shows the username of the user only to those who have admin rights for comments.

Another suggestion. At the preferences to have an option to set a theme as a default for all users. Just the way it was in the 1.3 series.

Tell you what. You've convinced me. Real Name will be changed to Display Name throughout the system and be unique. Then you can identify a user through the Display Name and not need the username except in rare cases, where it will be available in "edit user" - for those, who have that permission. Then I don't see the need for it being displayed in comments or anywhere else.

Default theme can be set as usual - and if you enable the Theme field in the Profile module, you will be able to set a default value (which the user can override, naturally). I'll see if I can add a "Use Site Default" value so when users have this selected and you change the default theme, these users will not still be with the old theme (unless they actively select it in their profile)

How's that?

Quote:

I have not thought it in detail but I do not feel comfortable with the change.
One quick concern, how about if multiple users do have same names?
And, we will have uid, uname, name for identifying a user, isn't it too redundant?

I suppose it's not bad. But... then... if my username is not outright visible for those who have the powers...

Let's think of another scenario. I'm breaking the rules of the site here. In comments/forums/whatever else has a userside. In hundreds of small ways. You send me a note to stop.

The site is quite lively so you can't remember who is doing what or keeping an eye especially on 1 specific user. So I lay low for several days, make perfectly reasonable posts... and change my display name and start misbehaving again.

And you send me a note again instead of banning me. And again... But if you can see outright my username then you would be able to ban me right ahead on the second occasion. What do you think?


Wow. It seems that hiding the username and using a changeable display name instead can be quite a fuss. But I think it is useful because of: user privacy, added layer of security, being able to change your display name when you are tired of it... Actually, in the past I have been asked by my users for a similar functionality.

Just my... hmfhm... 2 cents. I suppose that other people could have different views on the subject. Lets hear them too. Maybe, this deserves a thread on its own and a more serious discussion?

phppp: Display names will be unique - I'll add that (need to consider existing names and whether they are unique or not... ah well... I'll figure something out)

The reason for doing this is exactly that, Cebe - security. When someone doesn't know my login name, it is even harder for him to break into my account with a brute-force attack.

Whether a user should be allowed to change his display name or whether it should be a preference setting... I'll sleep on that one.

another ones

6/ Just go to your site as anonymous
click on PM in main menu.
Xoops says error,you don't have rights to
but back link is wrong.

7/ Module install / Uninstall-Resinstall
If you uninstall a module, then install it, and forgot to select a group that will have admin rights, XOOPS says nothing, and you won't be able to access to this module any more.
This should be the same with new XOOPS install.
And if you click in admin top toolbar in module menu, this module doesn't appear. If you select administration, your module is here, but if you click on its logo --> 404 error white page
COuld be great to add a warning :an admin group should be selected, or main webmaster should be able to see it in admin

Alain & marco

So will the real name field be a required field in all future registrations by default?

I know most of my members never filled in that field. If it is not filled in for existing users will it use the username?

Is there some way, if implemented as planned, to force the filling of that field by existing users?

I like the idea of not using the username from a security perspective. I would also like the option of asking users to reset their password if I feel that their account has been compromised.

Can we also look at the option of more secure passwords, requiring alphanumeric plus special characters for passwords?