Notings of Attention™
Acmlmboard 2 Released
Github/GIT | @acmlmboard
Chatting Places
Discord

Affiliates
Super Mario Bros. X | Kuribo64 | NeoRHDN
Views: 11,030,475
Main | FAQ | IRC chat | Memberlist | Active users | Latest posts | Stats | Ranks | Online users | Search
11-21-24 11:47 AM
Guest: Register | Login

0 users currently in AcmlmBoard Developer Zone | 3 bots

Main - AcmlmBoard Developer Zone - User Login
Next newer thread | Next older thread


Scrydan
Posted on 09-04-12 05:27 PM, in Link | ID: 25495
Normal User
Scryforce - A place that still exists. Neat.
Level: 86


Posts: 531/2020
EXP: 6096550
Next: 45557

Since: 07-18-12
From: USA

Last post: 982 days
Last view: 964 days
Okay, I am not sure what did it but I can't seem to login as of today on this laptop on 2.6. Which has me thinking to redo login. It might be fine but I think this should use a session/IP check system my board uses. It uses a session table which will check the logged user's IP against the current IP as well as their system info.

The idea is to make stolen cookies useless as they will need their IP and system info in order to have it be useful. There's also the problem of dynamic IPs so there might be an option to use less secure method of it only checking a certain range. I also want sessions to auto wipe after 7 days so the system won't be cluttered. I have some revamps in mind to better query usage and to make login a bit less complicated. My hope is to have $loguser started as soon as it possibly can.

Thoughts on this topic?

KP
Posted on 09-04-12 08:10 PM, in Link | ID: 25504
Retired Staff
NES Game Aficionado
Level: 73


Posts: 494/1354
EXP: 3418324
Next: 67544

Since: 01-02-12

Last post: 2180 days
Last view: 1688 days
I get on here on my phone and iPad all the time from a 4G network that most likely uses dynamic IP's if I'm not mistaken. If I understand your post correctly then what you propose might make it a pain for me and any other user who posts from a cellular network.



Scrydan
Posted on 09-04-12 08:20 PM, in Link | ID: 25506
Normal User
Scryforce - A place that still exists. Neat.
Level: 86


Posts: 535/2020
EXP: 6096550
Next: 45557

Since: 07-18-12
From: USA

Last post: 982 days
Last view: 964 days
Which is why the range is optional and you can instead just have it check your system but it would indeed be a bit insecure and the cookie would become more valuable to steal but eh. Depends on how exactly we want to go here.

KP
Posted on 09-04-12 09:57 PM, in Link | ID: 25507
Retired Staff
NES Game Aficionado
Level: 73


Posts: 495/1354
EXP: 3418324
Next: 67544

Since: 01-02-12

Last post: 2180 days
Last view: 1688 days
Does the user have to specify if they want a specific range instead? That seems kind of unintuitive due to many users having smartphones/tablets nowadays; to have to change a setting before they can browse the forums is something I've never heard of before.

I'd be okay with it if browsing over cellular data was an uncommon thing.



Scrydan
Posted on 09-04-12 10:01 PM, in Link | ID: 25509
Normal User
Scryforce - A place that still exists. Neat.
Level: 86


Posts: 537/2020
EXP: 6096550
Next: 45557

Since: 07-18-12
From: USA

Last post: 982 days
Last view: 964 days
Full, first half, none. Those would be the options. None would use another method but it would be a bit insecure so you shouldn't really use it.

That's the problem with binding IPs to sessions. While it prevents cookie theives from getting what they want (if they somehow found a hole), it can potentially make dynamic IPs unlikely to use it.

Which is why a session and not a cookie would be used in that case. I just want to make sure it isn't something that will wipe once you exit your browser and come back later.

Emuz
Posted on 09-04-12 11:52 PM, in Link | ID: 25525
Site Administrator

11 Hit Combo:
Mother's Rosario
Level: 109


Posts: 1143/3393
EXP: 13563460
Next: 396185

Since: 12-30-11
From: Akron, Ohio; USA

Last post: 114 days
Last view: 3 days
I actually am quite fond of the find control that BH's system gives. I would like to preserve it in a new sessions system. However I'd marry it to your approach and have both a "Normal" and "Advanced" mode. Present the basic options that you spoke of, than an advanced mode allowing a ranks to be put in. I have funky but consistent IP ranges and I would need the fine control of the old system. Thoughts?

The Dynamic Profile Administratorâ„¢


"Never Knows Best"
Note: if you can see this my layout broke. ALL THE CREDITS WILL BE REVEALED!!
'Victory Noriko' by @thatsheepagain.
'Chibi Dance Noriko' by @Haru__Kitsu.
'Deity's Night Out (Featuring Gabbie)'
by @thatsheepagain
Noriko Emotes by @Haru__Kitsu.
Side Bar Noriko by @thatsheepagain
'Noriko's Nature Walk' by @projectTiGER_
Emotive Noriko by @thatsheepagain.
"Space Candy Noriko" by BerryVerrine.
"Super Sharp Noriko" by Xionfes.
A gift illustration from the wonderful EverKinzPony!
"Magical Girl Noriko" by @cute_hospital!
"Patient Chibi Noriko" by @Ruii_ki!
'Dapper '60s Noriko' by @thatsheepagain.
'Shiny Chibi Noriko' by @inioli.
'Flower Veil Noriko' by @Sushiee_.
'Noriko in Realism' by @_Sarybuu.
'Noriko's Midnight Adventure' by @projectTiGER_
'Yukata Noriko' by @yunyunmaru_
'Birthday Wishes Noriko' by @thatsheepagain

Scrydan
Posted on 09-05-12 12:23 AM, in Link | ID: 25530
Normal User
Scryforce - A place that still exists. Neat.
Level: 86


Posts: 539/2020
EXP: 6096550
Next: 45557

Since: 07-18-12
From: USA

Last post: 982 days
Last view: 964 days
I think maybe for the users who fear being hacked, you could have it where you set a range expected and if it doesn't meet it that it alerts you if you set it up to through a valid email.

This being optional of course.


an advanced mode allowing a ranks to be put in

What do you mean by ranks? Ranges or something? If so, yes. That may work nicely. It would take a bit of work but quite possible.

Setting up expected ranging could be like:
69.243.%.%,1.2.3.4,244.%.%.%

They would be separated by commas and then we would use IP checking function (I have a good one) that would look for those matches when looking for your session. What I could do IS allow an option where you could allow outside ranges but be notified if someone does have that session and tries to do things. You can also IP block ranges you never may be on but that idea is probably poor for obvious reasons.

Maybe if email was enforced, new ranges could get an email to enable but that idea is annoying. Just throwing lots of ideas out there.

Emuz
Posted on 09-05-12 07:08 PM, in Link | ID: 25586
Site Administrator

11 Hit Combo:
Mother's Rosario
Level: 109


Posts: 1148/3393
EXP: 13563460
Next: 396185

Since: 12-30-11
From: Akron, Ohio; USA

Last post: 114 days
Last view: 3 days
I meant ranges, but I typed ranks and didn't catch it..

I would recommend sticking with '*' for the wildcard since it's already so on the board, and it's more commonly used vs. the SQL '%'. But yes you got the basic idea.

The e-mail idea is good. Also it allows us to implement a system of confirming with e-mail, and maybe support down the line the 'bad weather day' system of staff approval. (also post reporting and all the other good things that can happen with it)

The Dynamic Profile Administratorâ„¢


"Never Knows Best"
Note: if you can see this my layout broke. ALL THE CREDITS WILL BE REVEALED!!
'Victory Noriko' by @thatsheepagain.
'Chibi Dance Noriko' by @Haru__Kitsu.
'Deity's Night Out (Featuring Gabbie)'
by @thatsheepagain
Noriko Emotes by @Haru__Kitsu.
Side Bar Noriko by @thatsheepagain
'Noriko's Nature Walk' by @projectTiGER_
Emotive Noriko by @thatsheepagain.
"Space Candy Noriko" by BerryVerrine.
"Super Sharp Noriko" by Xionfes.
A gift illustration from the wonderful EverKinzPony!
"Magical Girl Noriko" by @cute_hospital!
"Patient Chibi Noriko" by @Ruii_ki!
'Dapper '60s Noriko' by @thatsheepagain.
'Shiny Chibi Noriko' by @inioli.
'Flower Veil Noriko' by @Sushiee_.
'Noriko in Realism' by @_Sarybuu.
'Noriko's Midnight Adventure' by @projectTiGER_
'Yukata Noriko' by @yunyunmaru_
'Birthday Wishes Noriko' by @thatsheepagain

Scrydan
Posted on 09-06-12 03:51 PM, in Link | ID: 25647
Normal User
Scryforce - A place that still exists. Neat.
Level: 86


Posts: 560/2020
EXP: 6096550
Next: 45557

Since: 07-18-12
From: USA

Last post: 982 days
Last view: 964 days
I'll be implementing a new system of logining in fairly soon. It will be done by the end of the week with the installer. I will need many of you to test it so we can be sure everything is generating perfectly.

My hope is to make the system as flexible and secure as possible. Might have it where the owner can customize how we wants things setup as in not only randomized salts and such but maybe he can choose what characters he wants to to randomize from. Options are always nice.

Next newer thread | Next older thread
Main - AcmlmBoard Developer Zone - User Login


Acmlmboard v2.5.6 (06/11/2024)
© 2005-2024 Acmlm, Emuz, et al.

Page rendered in 3.522 seconds. (885KB of memory used)
MySQL - queries: 117, rows: 551/584, time: 3.479 seconds.