|
||||||
Views:
11,030,475 |
Main | FAQ | IRC chat | Memberlist | Active users | Latest posts | Stats | Ranks | Online users | Search | 11-21-24 11:47 AM |
||||
Guest: Register | Login |
0 users currently in AcmlmBoard Developer Zone | 3 bots |
Main - AcmlmBoard Developer Zone - User Login |
Scrydan |
| ||
Normal User
Scryforce - A place that still exists. Neat. Level: 86 Posts: 531/2020 EXP: 6096550 Next: 45557 Since: 07-18-12 From: USA Last post: 982 days Last view: 964 days |
Okay, I am not sure what did it but I can't seem to login as of today on this laptop on 2.6. Which has me thinking to redo login. It might be fine but I think this should use a session/IP check system my board uses. It uses a session table which will check the logged user's IP against the current IP as well as their system info.
The idea is to make stolen cookies useless as they will need their IP and system info in order to have it be useful. There's also the problem of dynamic IPs so there might be an option to use less secure method of it only checking a certain range. I also want sessions to auto wipe after 7 days so the system won't be cluttered. I have some revamps in mind to better query usage and to make login a bit less complicated. My hope is to have $loguser started as soon as it possibly can. Thoughts on this topic? |
KP |
| ||
Retired Staff
NES Game Aficionado Level: 73 Posts: 494/1354 EXP: 3418324 Next: 67544 Since: 01-02-12 Last post: 2180 days Last view: 1688 days |
I get on here on my phone and iPad all the time from a 4G network that most likely uses dynamic IP's if I'm not mistaken. If I understand your post correctly then what you propose might make it a pain for me and any other user who posts from a cellular network. |
Scrydan |
| ||
Normal User
Scryforce - A place that still exists. Neat. Level: 86 Posts: 535/2020 EXP: 6096550 Next: 45557 Since: 07-18-12 From: USA Last post: 982 days Last view: 964 days |
Which is why the range is optional and you can instead just have it check your system but it would indeed be a bit insecure and the cookie would become more valuable to steal but eh. Depends on how exactly we want to go here. |
KP |
| ||
Retired Staff
NES Game Aficionado Level: 73 Posts: 495/1354 EXP: 3418324 Next: 67544 Since: 01-02-12 Last post: 2180 days Last view: 1688 days |
Does the user have to specify if they want a specific range instead? That seems kind of unintuitive due to many users having smartphones/tablets nowadays; to have to change a setting before they can browse the forums is something I've never heard of before.
I'd be okay with it if browsing over cellular data was an uncommon thing. |
Scrydan |
| ||
Normal User
Scryforce - A place that still exists. Neat. Level: 86 Posts: 537/2020 EXP: 6096550 Next: 45557 Since: 07-18-12 From: USA Last post: 982 days Last view: 964 days |
Full, first half, none. Those would be the options. None would use another method but it would be a bit insecure so you shouldn't really use it.
That's the problem with binding IPs to sessions. While it prevents cookie theives from getting what they want (if they somehow found a hole), it can potentially make dynamic IPs unlikely to use it. Which is why a session and not a cookie would be used in that case. I just want to make sure it isn't something that will wipe once you exit your browser and come back later. |
Emuz |
| ||
Site Administrator
11 Hit Combo: Mother's Rosario Level: 109 Posts: 1143/3393 EXP: 13563460 Next: 396185 Since: 12-30-11 From: Akron, Ohio; USA Last post: 114 days Last view: 3 days |
I actually am quite fond of the find control that BH's system gives. I would like to preserve it in a new sessions system. However I'd marry it to your approach and have both a "Normal" and "Advanced" mode. Present the basic options that you spoke of, than an advanced mode allowing a ranks to be put in. I have funky but consistent IP ranges and I would need the fine control of the old system. Thoughts? The Dynamic Profile Administratorâ„¢"Never Knows Best" Note: if you can see this my layout broke. ALL THE CREDITS WILL BE REVEALED!! 'Victory Noriko' by @thatsheepagain. 'Chibi Dance Noriko' by @Haru__Kitsu. 'Deity's Night Out (Featuring Gabbie)' by @thatsheepagain Noriko Emotes by @Haru__Kitsu. Side Bar Noriko by @thatsheepagain 'Noriko's Nature Walk' by @projectTiGER_ Emotive Noriko by @thatsheepagain. "Space Candy Noriko" by BerryVerrine. "Super Sharp Noriko" by Xionfes. A gift illustration from the wonderful EverKinzPony! "Magical Girl Noriko" by @cute_hospital! "Patient Chibi Noriko" by @Ruii_ki! 'Dapper '60s Noriko' by @thatsheepagain. 'Shiny Chibi Noriko' by @inioli. 'Flower Veil Noriko' by @Sushiee_. 'Noriko in Realism' by @_Sarybuu. 'Noriko's Midnight Adventure' by @projectTiGER_ 'Yukata Noriko' by @yunyunmaru_ 'Birthday Wishes Noriko' by @thatsheepagain |
Scrydan |
| ||
Normal User
Scryforce - A place that still exists. Neat. Level: 86 Posts: 539/2020 EXP: 6096550 Next: 45557 Since: 07-18-12 From: USA Last post: 982 days Last view: 964 days |
I think maybe for the users who fear being hacked, you could have it where you set a range expected and if it doesn't meet it that it alerts you if you set it up to through a valid email.
This being optional of course.
What do you mean by ranks? Ranges or something? If so, yes. That may work nicely. It would take a bit of work but quite possible. Setting up expected ranging could be like: 69.243.%.%,1.2.3.4,244.%.%.% They would be separated by commas and then we would use IP checking function (I have a good one) that would look for those matches when looking for your session. What I could do IS allow an option where you could allow outside ranges but be notified if someone does have that session and tries to do things. You can also IP block ranges you never may be on but that idea is probably poor for obvious reasons. Maybe if email was enforced, new ranges could get an email to enable but that idea is annoying. Just throwing lots of ideas out there. |
Emuz |
| ||
Site Administrator
11 Hit Combo: Mother's Rosario Level: 109 Posts: 1148/3393 EXP: 13563460 Next: 396185 Since: 12-30-11 From: Akron, Ohio; USA Last post: 114 days Last view: 3 days |
I meant ranges, but I typed ranks and didn't catch it..
I would recommend sticking with '*' for the wildcard since it's already so on the board, and it's more commonly used vs. the SQL '%'. But yes you got the basic idea. The e-mail idea is good. Also it allows us to implement a system of confirming with e-mail, and maybe support down the line the 'bad weather day' system of staff approval. (also post reporting and all the other good things that can happen with it) The Dynamic Profile Administratorâ„¢"Never Knows Best" Note: if you can see this my layout broke. ALL THE CREDITS WILL BE REVEALED!! 'Victory Noriko' by @thatsheepagain. 'Chibi Dance Noriko' by @Haru__Kitsu. 'Deity's Night Out (Featuring Gabbie)' by @thatsheepagain Noriko Emotes by @Haru__Kitsu. Side Bar Noriko by @thatsheepagain 'Noriko's Nature Walk' by @projectTiGER_ Emotive Noriko by @thatsheepagain. "Space Candy Noriko" by BerryVerrine. "Super Sharp Noriko" by Xionfes. A gift illustration from the wonderful EverKinzPony! "Magical Girl Noriko" by @cute_hospital! "Patient Chibi Noriko" by @Ruii_ki! 'Dapper '60s Noriko' by @thatsheepagain. 'Shiny Chibi Noriko' by @inioli. 'Flower Veil Noriko' by @Sushiee_. 'Noriko in Realism' by @_Sarybuu. 'Noriko's Midnight Adventure' by @projectTiGER_ 'Yukata Noriko' by @yunyunmaru_ 'Birthday Wishes Noriko' by @thatsheepagain |
Scrydan |
| ||
Normal User
Scryforce - A place that still exists. Neat. Level: 86 Posts: 560/2020 EXP: 6096550 Next: 45557 Since: 07-18-12 From: USA Last post: 982 days Last view: 964 days |
I'll be implementing a new system of logining in fairly soon. It will be done by the end of the week with the installer. I will need many of you to test it so we can be sure everything is generating perfectly.
My hope is to make the system as flexible and secure as possible. Might have it where the owner can customize how we wants things setup as in not only randomized salts and such but maybe he can choose what characters he wants to to randomize from. Options are always nice. |
Main - AcmlmBoard Developer Zone - User Login |
Acmlmboard v2.5.6 (06/11/2024) © 2005-2024 Acmlm, Emuz, et al. |
MySQL - queries: 117, rows: 551/584, time: 3.479 seconds. |