phpslash-devel Mailing List for phpSlash (Page 17)
Brought to you by:
joestewart,
nhruby
Menu
▾
▴
phpslash-devel — For developers of phpslash to communicate.
This list is closed, nobody may subscribe to it.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(45) |
Dec
(50) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(29) |
Feb
(49) |
Mar
(38) |
Apr
(22) |
May
(39) |
Jun
(21) |
Jul
(6) |
Aug
(9) |
Sep
(6) |
Oct
(26) |
Nov
(42) |
Dec
(19) |
| 2003 |
Jan
(15) |
Feb
(71) |
Mar
(40) |
Apr
(41) |
May
(28) |
Jun
(5) |
Jul
(25) |
Aug
|
Sep
(2) |
Oct
(50) |
Nov
(89) |
Dec
(19) |
| 2004 |
Jan
(21) |
Feb
(9) |
Mar
(5) |
Apr
(6) |
May
(7) |
Jun
|
Jul
(4) |
Aug
|
Sep
(14) |
Oct
(24) |
Nov
(3) |
Dec
|
| 2005 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
|
Jun
(3) |
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2006 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Joe S. <joe...@us...> - 2003-02-25 15:36:01
|
Please take a look at the changes to the lost password code and comment on any problems you see. I didn't like a couple of things about the way the lost password stuff worked, so I changed it to be only used a single time. A brief explanation: Choosing to have the confirmation emailed generates a couple of actions: 1. An array is saved to the user's db entry that contains a unique challenge word. 2. An array is emailed to the user that contains the same unique challenge word. When the profile page is loaded with this confirm variable, an author class method - confirmAuthor - attempts to verify the data. If it matches, the string is removed from the db to disallow any further use, and cookie vars are created to pass the preauth. No useful data is returned to the calling script and it is only good for a single use now. The psl_author 'perms' field is used to store the data. 0.7 doesn't use this field but 0.65 did. As long as the upgrade script has been run this should be OK. thanks, Joe |
|
From: Joe S. <joe...@us...> - 2003-02-25 15:19:16
|
On Sun, Feb 23, 2003 at 02:51:47PM -0800, Ajay Sharma wrote: > > Hey, > <snip /> > > Also, I was playing around with the user account stuff. So I registered > me a new account. I could log in a stuff but I couldn't change any of > my user settings. The only way I could change stuff (like the url, > quote, etc...) was to logout, login as an admin, then change it throught > the author interface. > Evidently the authorprofileSave permission needed to be added to the user group. Joe > later, > ajay > > -------------------------------------------------------------------- > Satyajot (Ajay) Sharma > ss...@od... > -------------------------------------------------------------------- > |
|
From: Peter C. <pe...@kr...> - 2003-02-24 18:08:06
|
Thanks Matt. So (in summary), it should be enough to change $_PSL['locale']['LC_TIME']? (I've already set up *_CA.LC_TIME.php files). Anyway, I'll have a play around and give you feedback on how I get on. Cheers Peter PS I like your apology for the hegemony in the code :-) At 12:15 24/02/03 -0500, you wrote: >On Mon, 24 Feb 2003, Peter Cruickshank wrote: > >> Hi > >Hi! > >> A couple of questions about time-formatting and locales: >> >> 1. Can someone explain how to switch time-formats? (My example is >> between en_CA and fr_CA when the language changes) > >Look for this part of the INI file: > >[locale] >;; Use this locale for formatting date and time strings >LC_TIME = "en_US" ;; <--- change to whatever you want > >This is a only a server-wide option and not a user option, although >making it one would be a neat bell or whistle. > >For each locale you want to use there needs to be a file >$_PSL['localedir'] . '/' . $locale . '.LC_TIME.php3'. Nobody's gotten >around to Canadian locales. If you want to do it, start by copying >en_GB.LC_TIME.php3 to en_CA.LC_TIME.php3 and refining. Same with fr_FR to >fr_CA. > >> 2. Is this already done by setLang()? > >This is just beyond reach. Right now no assocations exist between >$_PSL['lang'] and $_PSL['locale']['LC_TIME']. One trouble is that there >aren't region-specific language strings yet. There's no fr_CA.php3 file >for pslGetText for example. > >If you want to have them switch simultaneously, you'll have to hack >setLang yourself, by resetting $_PSL['locale']['LC_TIME'] at the same time >as $_PSL['lang']). > >If we had a pslSetLocale function that would accept the LC_ALL option, >that might could help. But that should probably wait until after release. > >--Matt ----------------------------- Peter Cruickshank Tel: +44 7092 086 881 email: pe...@kr... |
|
From: Peter C. <li...@kr...> - 2003-02-24 15:57:15
|
Hi A couple of questions about time-formatting and locales: 1. Can someone explain how to switch time-formats? (My example is between en_CA and fr_CA when the language changes) 2. Is this already done by setLang()? If it's not, should I do change $_PSL['locale']['LC_TIME']; and do a locale(LC_TIME,$_PSL['locale']['LC_TIME'])? Thanks Peter ----------------------------- Peter Cruickshank Tel: +44 7092 086 881 email: pe...@kr... |
|
From: Joe S. <joe...@us...> - 2003-02-24 15:06:06
|
On Sat, Feb 22, 2003 at 03:43:50PM +0000, Peter Cruickshank wrote: > Hi > > Thought it would be worth posting some notes/queries from my experience with using the new users & groups (which I really like, now I'm beginning to get my head round the approach). > Yeah it was hard to explain so I implemented the code to get more input and testing. > - As far as I can see, groups can only contain permissions and groups that only contain permissions. ie They are not fully recursive > Probably true. The perm class "have_perm" function should be recursive I believe. The implementation in phpslash to gather the permissions and groups from sql into an array is not. It was kind of a bear to have freedom and flexibility and still reduce the possibility of circular references. Which I believe you can still have if you try. The perm class also allows for permissions outside of the groups too. In other words the user can have a set of permissions assigned instead of groups. The interface in phpSlash would be pretty cluttered though if you had a choice of permssions as well as groups. It could be done but is not as clean of interface. > - Why is user 'nobody' given uid of '20'? In several places, the code expects a uid of 'nobody' > That needs to be cleaned up and has been on my mind too. Some places have a lookup like: $aid = Author::getId($uid); where uid is "nobody". What happens is that phplib's "nobody" uid gets identified and changed to phpslash's 'nobody' user. Which has been hardcoded and should be queried instead. This is done to allow or remove permissions to anonymous users such as the ability to comment without logging in or choose the name used to post comments. > - Groups 20 (nobody) and 21 (user) are hardcoded. Maybe they should be replaced by constants (eg PSL_AUTHOR_NOBODY, PSL_AUTHOR_USER) or settings in config.ini.php? > Or make the constants 'nobody' and 'user'. > - is there a note anywhere on what the groups are for? As far as I can work out, the key ones are > - root (obviously) > - user (required by user-only blocks etc) - or should PublicUserAccount be used? PublicUserAccount contains 'user' and 'nobody' which is confusing. > - nobody > The module-specific groups seem pretty self-explanatory. > Only the short description in the Author and Groups documentation so far. nobody is the as yet logged out user. You can assign or take away a few permissions from the 'nobody' group. PublicUserAccount was a test and I guess could be deleted or used when registering instead of the two above. user is checked for login status. Any logged in user probably should have this group/permission. > - This group seems to be empty or not used: siteeditor > Looks to be true. > I dont think there's any show-stoppers here though. > good deal. thanks, Joe > Peter > > |
|
From: Joe S. <joe...@us...> - 2003-02-24 14:44:19
|
On Sun, Feb 23, 2003 at 02:51:47PM -0800, Ajay Sharma wrote: > > Hey, > > I'm starting to play around with the phpslash 0.7 series and I'm > noticing that when I log into the site there's a list of all the > submissiosn... nice! Problem is that the 'next' button doesn't work on > the submission block. The '$first' variable isn't being set in > Block_render_submission.class::submissions so I threw in a: > > $first = $_GET['next']; > > at the top of the method and it now works fine. This is kind of a hack > way to do it, I wasn't sure if the GET variables were supposed to be > pulled in via the $block_info var or what. A lot of code in this method > is just copied from Submission.class::listSubmission? Is that a good > idea? I think it we should be trying to reuse the code from the > Submission class in the block instead of having it set in two different > places... > I'm not surprised at this. Yes, it was a hack and should have used the method from the submission class. > Also, I was playing around with the user account stuff. So I registered > me a new account. I could log in a stuff but I couldn't change any of > my user settings. The only way I could change stuff (like the url, > quote, etc...) was to logout, login as an admin, then change it throught > the author interface. > I can tell you how this happened to me too. I was testing the skins that Peter submitted. The authorProfile.tpl in that skin does this and I've forgotten why. Using the authorProfile.tpl from the basic skin does not have this problem. I've got a work in progress of these skins up on phpslash.org. I'll post what I was able to get done to the patch manager so maybe they can get cleaned up some more. I like the "home" one quite a bit. Joe > later, > ajay > > -------------------------------------------------------------------- > Satyajot (Ajay) Sharma > ss...@od... > -------------------------------------------------------------------- > |
|
From: Ajay S. <ss...@od...> - 2003-02-23 22:51:47
|
Hey, I'm starting to play around with the phpslash 0.7 series and I'm noticing that when I log into the site there's a list of all the submissiosn... nice! Problem is that the 'next' button doesn't work on the submission block. The '$first' variable isn't being set in Block_render_submission.class::submissions so I threw in a: $first = $_GET['next']; at the top of the method and it now works fine. This is kind of a hack way to do it, I wasn't sure if the GET variables were supposed to be pulled in via the $block_info var or what. A lot of code in this method is just copied from Submission.class::listSubmission? Is that a good idea? I think it we should be trying to reuse the code from the Submission class in the block instead of having it set in two different places... Also, I was playing around with the user account stuff. So I registered me a new account. I could log in a stuff but I couldn't change any of my user settings. The only way I could change stuff (like the url, quote, etc...) was to logout, login as an admin, then change it throught the author interface. later, ajay -------------------------------------------------------------------- Satyajot (Ajay) Sharma ss...@od... -------------------------------------------------------------------- |
|
From: Gabriele F. <gab...@un...> - 2003-02-23 11:11:47
|
I started developing phpslash applications from some months, but I've some troubles with the cache: after addind sections and topics (setted in= =20 "view all" modality), I can see then in the correct position inside the m= enu=20 only after a lot of minutes. I need to put it out while developing applications to see immediatly the results of my work and to obtain this I setted the variables $JPCACHE_ON =3D 0; $JPCACHE_TIME =3D 0; in the config.php file but without good results ... Could anybody help me ? Thank you in advance Gabriele |
|
From: Peter C. <li...@kr...> - 2003-02-22 15:28:58
|
Hi Thought it would be worth posting some notes/queries from my experience with using the new users & groups (which I really like, now I'm beginning to get my head round the approach). - As far as I can see, groups can only contain permissions and groups that only contain permissions. ie They are not fully recursive - Why is user 'nobody' given uid of '20'? In several places, the code expects a uid of 'nobody' - Groups 20 (nobody) and 21 (user) are hardcoded. Maybe they should be replaced by constants (eg PSL_AUTHOR_NOBODY, PSL_AUTHOR_USER) or settings in config.ini.php? - is there a note anywhere on what the groups are for? As far as I can work out, the key ones are - root (obviously) - user (required by user-only blocks etc) - or should PublicUserAccount be used? PublicUserAccount contains 'user' and 'nobody' which is confusing. - nobody The module-specific groups seem pretty self-explanatory. - This group seems to be empty or not used: siteeditor I dont think there's any show-stoppers here though. Peter |
|
From: Matthew L. <lei...@ma...> - 2003-02-20 21:21:22
|
Hi, I fixed one bug and added the files and configuration that Nathan needed to get timezones running on Macs. I vote one more RC. --Matt On Thu, 20 Feb 2003, Joe Stewart wrote: > Hey folks, > > This is the reason I'm wanting to get 0.7 released. 0.65 was released > with the url block vulnerability. The fix was only committed to the > stable cvs for the 0.62 release. > > It wasn't a real big deal for most sites as the block admin probably already > had file access too. > > Anyway do you guys have much to commit? If so, go ahead. > > The changes I've done since RC3 release: > > - registration login - Minor change to use the session variable > "challenge" instead of generating a new challenge. > - comment name is kept in the session > - comment IP should work with register_globals off > - Norwegian translation > - removed the hack to use loginblocks. It doesn't seem to be > needed anymore and was other login problems. This seems to have a side > effect that you can't log back in immediately after logging out. > This has pissed me off in the past and I would like to fix soon. > > Do these things warrant another RC? or go ahead and release? > > Depending on the fix for the last one I'm thinking release. > > thanks, > > Joe > > On Tue, Feb 04, 2003 at 06:09:34PM -0000, tobozo wrote: > > Hey Joe, > > > > remember this ? > > http://lwn.net/2001/0517/a/phpslash.php3 > > > > guess what .. the same hole is back on phpslash ;-)) > > > > I didn't look at the code, just tried to enter "config.php3" as > > a url in the URL Block field (blockAdmin.php3) and the whole > > file got displayed as text, this can lead to a hack of phpslash > > and give file access blah blah blah ... > > > > same problem, same solution : use parse_url() > > > > I suppose this would apply to Block_render_rss too, as long > > as the target file was rss compliant ;-)) > > > > if you're okay I'm going to submit another security bulletin > > on this, this is just a matter of copying the first one > > anyway ;-) (after a month of course) > > > > be well > > > > tobozo > > > > > > Date: 04 February 2003 11:46:13 -0000 > > > > sAvAte inc. > > Serial Savate System > > > > <[( advisory )]>---------------------------------------<[( > > xxxxxxxxxxx4.adv.en > > > > > > Program: PHPSLASH > > Homepage: http://www.phpslash.org > > Author Contacted: 04/feb/2003 > > Answer: ????????? (JoeStewart) > > Patch : Being prepared > > Version tested: 0.7.x > > Found by : tobozo > > > > > > - Problem description: > > ~~~~~~~~~~~~~~~~~~~~ > > > > Url and rss block types can access the filesystem when a path is > > specified by the administrator. > > > > The method used in Block_render_url.class does not check > > if the $url variable contains a valid url scheme. > > > > No parsing is really done to check integrity of the url > > scheme, neither the content of the url and file name. > > > > Same thing happens with Block_render_rss.class, but effect is > > less critical as the local target file has to be rss compatible > > to meet any security issue. > > > > > > - Impact: > > ~~~~~~~ > > > > If a path to a file is specified (ex : /etc/passwd), the > > file will be read and its content stored in the cache > > exactly as if it was a remote file on a given url. > > > > > > - Exploit: > > ~~~~~~~~ > > > > Login as admin with GOD permissions > > Access the BLOCKS admin section > > (blockAdmin.php3) and > > create a new block with the following information : > > > > Title : notTrusted > > Type : url > > Site Location : whatever > > Source URL : config.php3 > > Expire Length : 0 > > Owned by section : home > > Data : (empty) > > Order number : whatever > > > > It will display the content of the config.php3 as text in > > the block of the main page. > > > > It might become an issue if blockAdmin.php3 gives > > add/edit/remove permission to some users that are > > not supposed to access the filesystem. > > > > > > Fix : > > ~~~~~ > > > > Replace the function parse() in the Block_render_url.class > > and use parse_url() and a regex before sending $url to > > the file() function. > > > > > > function parse($block_info) { > > > > $url = $block_info["source_url"]; > > $errors = $block_info["block_options"]["errors"]; > > > > /* check for url structure before opening it (you don't want > > /etc/passwd to be validated here -- tobozo -- */ > > $urlParts = parse_url($url); > > > > if( (empty($urlParts)) or (!$urlParts) ) { > > $this->output = "Block_render_url.class:: Parse error reading [$url]"; > > logwrite("URL Block ".$block_info['title']."(".$block_info['id'].")", > > $this->output); > > return; > > } > > > > $scheme = $urlParts[scheme]; > > $HostName = $urlParts[host]; > > > > if(empty($scheme)) { > > $this->output = "Block_render_url.class:: Missing protocol declaration > > [$url]"; > > logwrite("URL Block ".$block_info['title']."(".$block_info['id'].")", > > $this->output); > > return; > > } > > > > if(empty($HostName)){ > > $this->output = "Block_render_url.class:: No hostname in [$url]"; > > logwrite("URL Block ".$block_info['title']."(".$block_info['id'].")", > > $this->output); > > return; > > } > > > > if (!eregi("^(ht|f)tp",$scheme)) { > > $this->output = "Block_render_url.class:: No http:// or ftp:// in > > [$url]"; > > logwrite("URL Block ".$block_info['title']."(".$block_info['id'].")", > > $this->output); > > return; > > } > > > > > > /* have to silence 'implode' and 'file' because you don't want > > the errors showing up on the main page */ > > $ary = @file($url); > > $size = count($ary); > > > > $string = @implode("",$ary); > > > > if (strlen($string) < 1) { > > $this->output = "Block_render_url.class: $url contained no data."; > > logwrite("URL Block > > ".$block_info['title']."(".$block_info['id'].")", $this->output); > > > > switch ($errors) { > > > > case "on": > > // display the error message ( already in this->output). > > break; > > case "off": > > // don't display the error text > > $this->output = $block_info["cache_data"]; > > break; > > case "debug": > > default: > > // only display the error text if debug mode is on > > if(!$this->psl['debug']) { > > $this->output = $block_info["cache_data"]; > > } > > break; > > } > > > > return false; > > } > > $this->output = $string; > > return true; > > } > > > > > > > > > > - Workaround : > > ~~~~~~~~~~~~ > > > > 1) check for all possible protocols > > 2) check for url content (host) > > > > > > - Code: > > ~~~~~ > > Tested on http://phpsecure.info/phpsecure (successfully) > > > > - Contact us: > > ~~~~~~~~~~~ > > http://phpsecure.info > > > > to...@us... > > > > - Greetings: > > ~~~~~~~ > > > > The phpSlash Team, Frogm@n > > > > [EOF] > > > > > -- ---------------------------------------------------------------- Matthew Leingang http://www.math.rutgers.edu/ Rutgers University lei...@ma... Department of Mathematics "This signature needs no quote." |
|
From: Joe S. <joe...@us...> - 2003-02-20 20:58:48
|
On Thu, Feb 20, 2003 at 05:26:52PM +0000, Peter Cruickshank wrote: > Something for a tidy-up: > > There's a stack of references to psl['lang'] in Block.class but I cant see where psl['lang'] is set - what's meant to be the difference between psl['lang'] and psl['language']? > good catch. It should be the current language. The CHANGES for Dec. 4 sez that "functions.inc - setLang sets the current lang." However functions.inc wasn't checked in that day. I'm trying to dig up that functions.inc now. Joe > P > > |
|
From: Peter C. <li...@kr...> - 2003-02-20 20:13:59
|
Something for a tidy-up: There's a stack of references to psl['lang'] in Block.class but I cant see where psl['lang'] is set - what's meant to be the difference between psl['lang'] and psl['language']? P |
|
From: Joe S. <joe...@us...> - 2003-02-20 18:17:05
|
On Wed, Feb 19, 2003 at 09:48:28PM +0000, Peter Cruickshank wrote: > Hi > > I'm coding up some extras for Back-End's user admin, and thought I'd point out the obvious: if you assign a user 'author' rights, they can then assign themselves or anyone else 'root' rights. Probably not an issue for a typical phpSlash site, but worth bearing in mind for larger/paranoid sites... > Yes, "author" rights are probably better termed "UserAdmin" or something. Because they were tied into the scripts I didn't change them away from the older values. But you should be able to rename the groups with no ill effects. The only place "author" group rights are referenced are in the NavBar. This can be changed in a couple of ways. One would be to add a "authorNavBar" permission or something similar. Another would be to change it to "authorList". One that I don't like as much would be to use the new group name. I think "comment" is still used instead of the underlying permissions but most of the group names aren't used except for the NavBar. > (maybe I'm bored?) > maybe. It's still a good discussion. FWIW - It's been discussed here before too - http://sourceforge.net/mailarchive/message.php?msg_id=6526 Joe > Peter > |
|
From: Matthew L. <lei...@ma...> - 2003-02-20 13:34:40
|
Hi Nathan, Thanks for tracking down this incompatibility. On Sun, 16 Feb 2003, nathan r. hruby wrote: > On Sun, 16 Feb 2003, nathan r. hruby wrote: > > > > > It is unixlike, cept it doesn;t have a zone.tab file whihc is why things > > are breaks. this might be a lacking in POSIX compatibility... > > > > Evidently zone.tab and iso3166.tab are not shipped on MacOSX (client, > server of in the DevTools) so I grabbed a copy from my linux box. I can > file a bug with Apple about this but perhaps it's jsut be easier to add > the two files to /contrib. Would anyone object to me doing that? That's OK with me. We can put a directive in $_TZ (and fill it in from $_PSL) to give another location of those two files. > Other than that It now seems to be working, though I'd like to change the > text on teh 'Drill Down' button and the explaination text, it's not > confusing but it could be clearer. I don't mind changing it, but I'm also not sure what the future of tz_select.php is (It's not currently linked in the navbar or anything). That stuff should probably be migrated into the user profile page. In checking this out, I did find a bug in psl_getLocalInfo that resulted in a silly sentence, "The current time is:" (then nothing). There's an easy fix which I'll commit. --Matt > Thanks! > > -n > -- ---------------------------------------------------------------- Matthew Leingang http://www.math.rutgers.edu/ Rutgers University lei...@ma... Department of Mathematics "This signature needs no quote." |
|
From: Peter C. <pe...@kr...> - 2003-02-19 21:34:03
|
Hi I'm coding up some extras for Back-End's user admin, and thought I'd point out the obvious: if you assign a user 'author' rights, they can then assign themselves or anyone else 'root' rights. Probably not an issue for a typical phpSlash site, but worth bearing in mind for larger/paranoid sites... (maybe I'm bored?) Peter |
|
From: Joe S. <joe...@us...> - 2003-02-17 22:12:42
|
On Sat, Feb 15, 2003 at 06:15:20PM +0000, Peter Cruickshank wrote:
> Hi
>
> Just wondering if anyone else has encountered this problem (on RC2 and RC3, maybe also earlier versions)
>
> Often (but not always), when I successfully log in, login.php shows a blank login form, even though I am logged in (as indicated by the change in NavBar items). This seems to particularly happen with MSIE rather than Mozilla, and on second logins, or if I get the password wrong the first time.
>
> I would be good to get feedback before I investigate further... auth is painful to debug.
>
Try commenting out these lines of login.php3:
/*
if(isset($HTTP_POST_VARS['username'])) { // this would be present if a login is in progress
$auth->auth["uid"]= "form"; // this is what auth seems to want
$auth->start();
}
*/
They are only needed to kludge a way for the loginblock form to work with
the current phplib auth. We should be able to set another variable to
check instead of username if it works for you too.
thanks,
Joe
> Thanks
>
> Peter
>
>
|
|
From: Peter C. <li...@kr...> - 2003-02-16 20:01:56
|
At 11:40 16/02/03 -0600, Joe Stewart wrote: >On Sat, Feb 15, 2003 at 06:42:50PM +0000, Peter Cruickshank wrote: <snip> >> >> Often (but not always), when I successfully log in, login.php shows a blank login form, even though I am logged in (as indicated by the change in NavBar items). This seems to particularly happen with MSIE rather than Mozilla, and on second logins, or if I get the password wrong the first time. >> >> >> >> I would be good to get feedback before I investigate further... auth is painful to debug. >> >> >> > >> >I've seen the login form displayed after a successful login ( The navbar >> >changes). I haven't tracked down exactly when this happens. I have not >> >seen it with the new auth that Giancarlo has submitted. >> >> >> I'm running this auth4.inc (from phplib-stable I think): >> $Id: auth4.inc,v 1.1 2002/10/04 14:13:27 joestewart Exp $ >> >> If this isnt the one, where do I get it? >> > >red herring - the install on phpslash.org does it pretty much every login >and uses the auth that I was referring to. > >You are using the correct auth4.inc. That's one thing ruled out at least. >Giancarlo wrote a different auth that works with both session classes. I >created a tarball release here: > > http://phplib.sourceforge.net/snapshots/ > >The .dev. one. But like I said, it seems to do it too. > >When I've looked at this, I can't repeat it. Only some installs seem to >have the problem. > >Is this with a domain name? or localhost, 127.0.0.1? As it happens, I've only used phpslash 0.7 on proper *.com domains... I'm wondering if the problem is *partly* down to setting up users incorrectly - is it a bad idea to assign PublicUserAccount to a user that is meant to be able to do stuff on the site? Certainly removing that from a user seemed to reduce the problem. But this problem happens to god too. I just logged into new instances of MSIE6 twice - once it worked, once I got the form + the logged-in NavBar, but now I cant repeat it.... I'll keep you posted if I can work out what's going on. Peter |
|
From: nathan r. h. <na...@ds...> - 2003-02-16 18:26:31
|
On Sun, 16 Feb 2003, nathan r. hruby wrote: > > It is unixlike, cept it doesn;t have a zone.tab file whihc is why things > are breaks. this might be a lacking in POSIX compatibility... > Evidently zone.tab and iso3166.tab are not shipped on MacOSX (client, server of in the DevTools) so I grabbed a copy from my linux box. I can file a bug with Apple about this but perhaps it's jsut be easier to add the two files to /contrib. Would anyone object to me doing that? Other than that It now seems to be working, though I'd like to change the text on teh 'Drill Down' button and the explaination text, it's not confusing but it could be clearer. Thanks! -n -- ------ nathan hruby na...@ds... ------ |
|
From: nathan r. h. <na...@ds...> - 2003-02-16 17:55:11
|
On Sun, 16 Feb 2003, Joe Stewart wrote: > Hey, > > Long time. > I know :( > On Sat, Feb 15, 2003 at 02:45:13PM -0800, nathan r. hruby wrote: > > > > Can someone point me to an explaination of the new timezone stuff? It > > (at least, the default) no workie on MacOSX. > > > > Hmm... > > I guess you need to set a timezone string until you figure out if MacOSX > is unixlike or what. > It is unixlike, cept it doesn;t have a zone.tab file whihc is why things are breaks. this might be a lacking in POSIX compatibility... > 424 ;; Finally, if all you are able to do is specify a string, do it like this: > 425 ; name = "GMT+0BST,M4.1.0/1,M10.5.0/2"; > > This is noted in the quick install docs ( Troubleshooting) for windows > only so far. > -=-=-=-=- > Windows installations probably have to apply the Timezone Option name. > These strings are documented online at > http://www.gnu.org/manual/glibc-2.2.3/html_node/libc_431.html. Example for > Eastern Daylight Time: > > name = "EST+5EDT,M4.1.0/2,M10.5.0/2"; > -=-=-=-=- > http://www.phpslash.org/article.php3?story_id=32&topic_id=39§ion_id=8#ss2.2 > Cool.. I take a poke. -n -- ------ nathan hruby na...@ds... ------ |
|
From: Joe S. <joe...@us...> - 2003-02-16 16:27:13
|
Hey, Long time. On Sat, Feb 15, 2003 at 02:45:13PM -0800, nathan r. hruby wrote: > > Can someone point me to an explaination of the new timezone stuff? It > (at least, the default) no workie on MacOSX. > Hmm... I guess you need to set a timezone string until you figure out if MacOSX is unixlike or what. 424 ;; Finally, if all you are able to do is specify a string, do it like this: 425 ; name = "GMT+0BST,M4.1.0/1,M10.5.0/2"; This is noted in the quick install docs ( Troubleshooting) for windows only so far. -=-=-=-=- Windows installations probably have to apply the Timezone Option name. These strings are documented online at http://www.gnu.org/manual/glibc-2.2.3/html_node/libc_431.html. Example for Eastern Daylight Time: name = "EST+5EDT,M4.1.0/2,M10.5.0/2"; -=-=-=-=- http://www.phpslash.org/article.php3?story_id=32&topic_id=39§ion_id=8#ss2.2 Joe > -n > -- > ------ > nathan hruby > na...@ds... > ------ > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Phpslash-devel mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phpslash-devel > |
|
From: nathan r. h. <na...@ds...> - 2003-02-15 23:24:08
|
Can someone point me to an explaination of the new timezone stuff? It (at least, the default) no workie on MacOSX. -n -- ------ nathan hruby na...@ds... ------ |
|
From: nathan r. h. <na...@ds...> - 2003-02-15 21:30:04
|
On Sat, 15 Feb 2003, Peter Cruickshank wrote: > > Hi to you too Nathan > > ...long time :-) > Too Long :) > > At 10:46 15/02/03 -0800, nathan r. hruby wrote: > >On Sat, 15 Feb 2003, Peter Cruickshank wrote: > > > >Sometimes. I chalk it up to timeout issues of the session or auth. For a > >while there was also a bug where you'd logout and when logging in directly > >again the op=logout would get carried with the form submit, so you'd get > >logged in, the navbar would render as part of the header, and then logged > >out again. Twas cute indeed. I think this died in 0.65 but there no > >reason it couldn't crop up again. > > No, I'm definitely logged in enough to navigate the site and edit > stories. It's almost as if the 'user' perm isnt set, while all the > others are there OK. I think I've also seen the user profile screen > tell me that I am 'anonymous'... > Hurm. Never seen that one. It may be that something on specfic pages is not up-to-date? > >I'd look at auth/session timeouts, the > >time stuff (if it affects auth) and the logic of login and logour before > >looking at the guts of auth. > > I have $lifetime set to 0 for both sess and auth so I wouldnt expect > timeouts, unless I'm misunderstanding what's going on (which wouldnt > be a first). > > Thanks for the ideas though. Keep them coming! > Dunno.. It's been a while since I poked at auth, and the new stuff is, err.. new :) I toook a small stab at trying to recreate on my laptop but haven't sone it. If you turn on debug does this happen? Does this happen when you're browsing a test site on localhost or production sites? -n -- ------ nathan hruby na...@ds... ------ |
|
From: Peter C. <li...@kr...> - 2003-02-15 19:58:24
|
Hi to you too Nathan ...long time :-) At 10:46 15/02/03 -0800, nathan r. hruby wrote: >On Sat, 15 Feb 2003, Peter Cruickshank wrote: > >> Hi >> >> Just wondering if anyone else has encountered this problem (on RC2 and RC3, maybe also earlier versions) >> >> Often (but not always), when I successfully log in, login.php shows a >> blank login form, even though I am logged in (as indicated by the >> change in NavBar items). This seems to particularly happen with MSIE >> rather than Mozilla, and on second logins, or if I get the password >> wrong the first time. >> >> I would be good to get feedback before I investigate further... auth >> is painful to debug. > >Sometimes. I chalk it up to timeout issues of the session or auth. For a >while there was also a bug where you'd logout and when logging in directly >again the op=logout would get carried with the form submit, so you'd get >logged in, the navbar would render as part of the header, and then logged >out again. Twas cute indeed. I think this died in 0.65 but there no >reason it couldn't crop up again. No, I'm definitely logged in enough to navigate the site and edit stories. It's almost as if the 'user' perm isnt set, while all the others are there OK. I think I've also seen the user profile screen tell me that I am 'anonymous'... >I'd look at auth/session timeouts, the >time stuff (if it affects auth) and the logic of login and logour before >looking at the guts of auth. I have $lifetime set to 0 for both sess and auth so I wouldnt expect timeouts, unless I'm misunderstanding what's going on (which wouldnt be a first). Thanks for the ideas though. Keep them coming! Peter |
|
From: nathan r. h. <na...@ds...> - 2003-02-15 19:25:38
|
On Sat, 15 Feb 2003, Peter Cruickshank wrote: > Hi > > Just wondering if anyone else has encountered this problem (on RC2 and RC3, maybe also earlier versions) > > Often (but not always), when I successfully log in, login.php shows a > blank login form, even though I am logged in (as indicated by the > change in NavBar items). This seems to particularly happen with MSIE > rather than Mozilla, and on second logins, or if I get the password > wrong the first time. > > I would be good to get feedback before I investigate further... auth > is painful to debug. Sometimes. I chalk it up to timeout issues of the session or auth. For a while there was also a bug where you'd logout and when logging in directly again the op=logout would get carried with the form submit, so you'd get logged in, the navbar would render as part of the header, and then logged out again. Twas cute indeed. I think this died in 0.65 but there no reason it couldn't crop up again. I'd look at auth/session timeouts, the time stuff (if it affects auth) and the logic of login and logour before looking at the guts of auth. Oh.. hi! :) -n -- ------ nathan hruby na...@ds... ------ |
|
From: Peter C. <li...@kr...> - 2003-02-15 18:00:37
|
Hi Just wondering if anyone else has encountered this problem (on RC2 and RC3, maybe also earlier versions) Often (but not always), when I successfully log in, login.php shows a blank login form, even though I am logged in (as indicated by the change in NavBar items). This seems to particularly happen with MSIE rather than Mozilla, and on second logins, or if I get the password wrong the first time. I would be good to get feedback before I investigate further... auth is painful to debug. Thanks Peter |
2 messages has been excluded from this view by a project administrator.
