phpslash-devel Mailing List for phpSlash (Page 33)
Brought to you by:
joestewart,
nhruby
You can subscribe to this list here.
2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(45) |
Dec
(50) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2002 |
Jan
(29) |
Feb
(49) |
Mar
(38) |
Apr
(22) |
May
(39) |
Jun
(21) |
Jul
(6) |
Aug
(9) |
Sep
(6) |
Oct
(26) |
Nov
(42) |
Dec
(19) |
2003 |
Jan
(15) |
Feb
(71) |
Mar
(40) |
Apr
(41) |
May
(28) |
Jun
(5) |
Jul
(25) |
Aug
|
Sep
(2) |
Oct
(50) |
Nov
(89) |
Dec
(19) |
2004 |
Jan
(21) |
Feb
(9) |
Mar
(5) |
Apr
(6) |
May
(7) |
Jun
|
Jul
(4) |
Aug
|
Sep
(14) |
Oct
(24) |
Nov
(3) |
Dec
|
2005 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
|
Jun
(3) |
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2006 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Joe S. <jo...@be...> - 2001-12-17 18:28:05
|
On Sat, Dec 15, 2001 at 09:42:16PM +0100, Lars Heuer wrote: > Hi, > > And one point also: If I delete a author the storys the author > submitted are gone. Not deleted, but not shown, because the author_id > doesn't exists anymore. > Okay this is corrected in cvs. An author is not deleted if there are stories assigned to the user_id. This would be required for other db's that have referential integrity like PostreSQL. Just the same type check as in section delete. No fancy error messages, just the story titles and id's. Joe |
From: Lars H. <he...@qu...> - 2001-12-17 18:25:51
|
Hi Joe, > Would it be clearer to rename "author" perm to authoradmin or useradmin? I prefer useradmin. Regards, Lars |
From: Joe S. <jo...@be...> - 2001-12-17 18:01:08
|
Would it be clearer to rename "author" perm to authoradmin or useradmin? I've got a much more detailed plan for later but would rather wait. On Mon, Dec 17, 2001 at 06:15:00PM +0100, Lars Heuer wrote: > Hi Ajay, > > > can play around with the stories and authors. Now if you also have > > "root" access then you can do the more destructive stuff like delete > > stories, delete authors, etc... > > Yes, but I thought, the root (like a UNIX-root) should not be deleted > by an author, because it's the root, the god of the system. > > I've given the user "foo" just author-rights and he was able to delete > the root. That was surprising. > > Thanks, > Lars > > |
From: Lars H. <he...@qu...> - 2001-12-17 17:15:02
|
Hi Ajay, > can play around with the stories and authors. Now if you also have > "root" access then you can do the more destructive stuff like delete > stories, delete authors, etc... Yes, but I thought, the root (like a UNIX-root) should not be deleted by an author, because it's the root, the god of the system. I've given the user "foo" just author-rights and he was able to delete the root. That was surprising. Thanks, Lars |
From: Joe S. <jo...@be...> - 2001-12-17 17:07:12
|
Not yet. Pretty much right now if you have block perms you can do all things with blocks, etc. An exception is the topics. Because the seclev for topics was so low a user with topic permissions can add topics but not delete. It requires root perms to delete. This makes sense in workflow logic also. A user that can post stories should be able to add needed topics. But otherwise not try to delete existing topics. A user that can add blocks would probably also need the ability to delete blocks. There are a few places that root can do extra things. One is publishing stories as another user. Another is scheduling story date. After 0.65 release and we start planning milestones I want to open up discussion of the perms system to generate a spec for development. It needs more scalability, groups (acl's), and extension to function level perms. But this release is a big step in that direction. Joe On Mon, Dec 17, 2001 at 09:46:00AM -0800, Ajay Sharma wrote: > > my understanding of the perms is you're able to do anything if you have > the ability. Like if you're given "story" and "author" perms then you > can play around with the stories and authors. Now if you also have > "root" access then you can do the more destructive stuff like delete > stories, delete authors, etc... > > later, > ajay > |
From: Ajay S. <ss...@od...> - 2001-12-17 16:44:42
|
my understanding of the perms is you're able to do anything if you have the ability. Like if you're given "story" and "author" perms then you can play around with the stories and authors. Now if you also have "root" access then you can do the more destructive stuff like delete stories, delete authors, etc... later, ajay On Sun, 16 Dec 2001, Lars Heuer wrote: > Hi Joe, > > > This would be a bug. There should be a check for this. We check for such > > things when deleting topics and sections. > > Yes, I reviewed the deleteAuthor() function and the comment says, > there should be a check, but there isn't. > > Permission-system: Yes, maybe I got confused by the word "author". > > Thanks, > Lars > > > _______________________________________________ > Phpslash-devel mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phpslash-devel > -- -------------------------------------------------------------------- Satyajot (Ajay) Sharma ss...@od... -------------------------------------------------------------------- |
From: Lars H. <he...@qu...> - 2001-12-16 21:14:58
|
Hi Joe, > This would be a bug. There should be a check for this. We check for such > things when deleting topics and sections. Yes, I reviewed the deleteAuthor() function and the comment says, there should be a check, but there isn't. Permission-system: Yes, maybe I got confused by the word "author". Thanks, Lars |
From: Joe S. <jo...@be...> - 2001-12-16 21:09:01
|
On Sat, Dec 15, 2001 at 09:42:16PM +0100, Lars Heuer wrote: > And one point also: If I delete a author the storys the author > submitted are gone. Not deleted, but not shown, because the author_id > doesn't exists anymore. > This would be a bug. There should be a check for this. We check for such things when deleting topics and sections. Part of the confusion may be the term "author" for the permission. This is permission to manage the user accounts. Normal authors don't need this permission. To publish stories they need the "story" permission. Much as the root user on a *nix system. Don't give this ability to everyone. > So: If your Chris Loveless deletes you, all storys you submitted are > not shown. If you're the owner of the site that may be a lot! > > Maybe this might be a solution: > 1. Extend the user levels for a god account, which isn't shown by the > Author:listAuthors()? > > 2. Create a useraccount anonymous / nobody which owns the storys of a > deleted author? > > ... maybe not to delete the author physically, just set a a flag. If > the god doesn't says, the deletion is okay, the author will not be > deleted. > > Regards, > Lars > |
From: Matt \TrollBoy\ W. <tro...@sh...> - 2001-12-16 04:29:13
|
and for something completely different, a new skin for shoggoth.net.. for all of those that don't understand the full evil of the Cthulhu Cult: http://www.shoggoth.net/shogmsn/ Matt "TrollBoy" Wiseman Webmaster: Shoggoth.net Site Designer: phpslash.org The oldest and strongest emotion of mankind is fear, and the oldest and strongest kind of fear is fear of the unknown. -H.P. Lovecraft --------------------------------------------------------- Please do not resell my e-mail address to anyone or send me unsolicited e-mail --------------------------------------------------------- |
From: Lars H. <he...@qu...> - 2001-12-15 20:37:55
|
Hi, > He does have a good point actually.. what if Chris Loveless got pissed at me > and decided to delete my account? And one point also: If I delete a author the storys the author submitted are gone. Not deleted, but not shown, because the author_id doesn't exists anymore. So: If your Chris Loveless deletes you, all storys you submitted are not shown. If you're the owner of the site that may be a lot! Maybe this might be a solution: 1. Extend the user levels for a god account, which isn't shown by the Author:listAuthors()? 2. Create a useraccount anonymous / nobody which owns the storys of a deleted author? ... maybe not to delete the author physically, just set a a flag. If the god doesn't says, the deletion is okay, the author will not be deleted. Regards, Lars |
From: Matt \TrollBoy\ W. <tro...@sh...> - 2001-12-15 18:44:20
|
He does have a good point actually.. what if Chris Loveless got pissed at me and decided to delete my account? Matt "TrollBoy" Wiseman Webmaster: Shoggoth.net Site Designer: phpslash.org The oldest and strongest emotion of mankind is fear, and the oldest and strongest kind of fear is fear of the unknown. -H.P. Lovecraft --------------------------------------------------------- Please do not resell my e-mail address to anyone or send me unsolicited e-mail --------------------------------------------------------- ----- Original Message ----- From: "Lars Heuer" <he...@qu...> To: "Joe Stewart" <jo...@be...> Cc: <php...@li...> Sent: Saturday, December 15, 2001 1:26 PM Subject: Re: [Phpslash-devel] Sec. hole in authorAdmin 0.65 > Hi Joe, > > > I don't understand. Only the "root" account type users should have > > "author" privileges. > > Ups, maybe I don't understand the account system completely? I just > wonder, why a author are able to kill the owner of the site. > > Regards, > Lars > > > _______________________________________________ > Phpslash-devel mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phpslash-devel > |
From: Lars H. <he...@qu...> - 2001-12-15 18:22:49
|
Hi Joe, > I don't understand. Only the "root" account type users should have > "author" privileges. Ups, maybe I don't understand the account system completely? I just wonder, why a author are able to kill the owner of the site. Regards, Lars |
From: Joe S. <jo...@be...> - 2001-12-15 18:16:40
|
The "author" rights allow a user to administer authors/users. So this seems to be the correct operation. I don't understand. Only the "root" account type users should have "author" privileges. On Sat, Dec 15, 2001 at 07:10:41PM +0100, Lars Heuer wrote: > Hi, > > A user with "author" rights is able to delete the phpSlash "god". > > Just create an user with author rights, log out, login with the new > user and then kill the god by clicking on "Delete" in admin/authorAdmin.php3 > > Regards, > Lars > |
From: Lars H. <he...@qu...> - 2001-12-15 18:06:58
|
Hi, A user with "author" rights is able to delete the phpSlash "god". Just create an user with author rights, log out, login with the new user and then kill the god by clicking on "Delete" in admin/authorAdmin.php3 Regards, Lars |
From: Lars H. <he...@qu...> - 2001-12-15 17:06:57
|
Hi, Yesterday I converted the de.php3 file to correct HTML, but now I think this was stupid. I think it's easier to write a language file with native language specific letters and let pslgetText spit out correct HTML. What do you think of changing pslgetText in this way: -- if( $pslstrings[$string]) { $string = nl2br(htmlentities($pslstrings[$string])); } -- We've only to replace the <br>'s in the language files with '\n' Regards, Lars |
From: Joe S. <jo...@be...> - 2001-12-15 15:44:51
|
Matt, Can you change the link at: http://www.phpslash.org/contact.php to php...@li...? Or send them to: https://lists.sourceforge.net/lists/listinfo/phpslash-users or http://sourceforge.net/mail/?group_id=10566 Joe On Sat, Dec 15, 2001 at 12:28:28AM -0500, Simon Guindon wrote: > subscribe |
From: Joe S. <jo...@be...> - 2001-12-14 19:28:08
|
I can't explain it very well, but the phplib docs might. The Challenge-Response login form is pretty much straight from the phplib distribution. Here's a comment from their original script ( crcloginform.ihtml) - "Changed the way of submitting the challenge:response with a 2nd login form. This fixes the problems some browsers have with overwriting the content of a password type input tag. <an...@ro...>" I believe NS4 won't clear the password field. So even if you have javascript, without this second form the password was sent clear text because the browser ignored the command to clear the field. Clear as mud, huh? On Fri, Dec 14, 2001 at 08:08:26PM +0100, Lars Heuer wrote: > Hi, > > I found something strange in loginformCR.tpl: > > Line 46: > -- > <form name="logintrue" action="{PHP_SELF}" method=post> > <input type="hidden" name="username" value=""> > <input type="hidden" name="challenge" value="{CHALLENGE}"> > <input type="hidden" name="response" value=""> > </form> > -- > > Why do we have the form "login" and "logintrue"? > > > Regards, > Lars > > |
From: Lars H. <he...@qu...> - 2001-12-14 19:05:38
|
Hi, I found something strange in loginformCR.tpl: Line 46: -- <form name="logintrue" action="{PHP_SELF}" method=post> <input type="hidden" name="username" value=""> <input type="hidden" name="challenge" value="{CHALLENGE}"> <input type="hidden" name="response" value=""> </form> -- Why do we have the form "login" and "logintrue"? Regards, Lars |
From: Lars H. <he...@qu...> - 2001-12-14 17:33:17
|
Hi, > -- > Could not chdir to home directory /home/users/l/lh/lheuer: No such \ > file or directory > protocol error: directory '/cvsroot' not within root '/cvsroot/phpslash' > -- > Any solutions? Yes, Lars, RTFM! ;-) I forgot to create a home dir with ssh -l mylogin cvs.phpslash.sf.net Now everything is working fine. :-) Best regards, Lars |
From: Joe S. <jo...@be...> - 2001-12-14 17:32:44
|
I know I have ssh'ed to cvs.sourceforge.net as the note in the reports says you should do. But this was recently to setup the phpslash-commit list, well after I committed things to the cvs server. As you know, your commits aren't sending to the list either. My first suggestion is to ssh cvs.sourceforge.net. It will log you out after immediately after logging in. I believe this creates your home directory. Joe On Fri, Dec 14, 2001 at 05:36:58PM +0100, Lars Heuer wrote: > Hi, > > I've a problem with my CVS, the same as here: > https://sourceforge.net/tracker/index.php?func=detail&aid=493330&group_id=1&atid=200001 > > I always get an error like this: > -- > Could not chdir to home directory /home/users/l/lh/lheuer: No such \ > file or directory > protocol error: directory '/cvsroot' not within root '/cvsroot/phpslash' > -- > > Any solutions? > > Thanks, > Lars > |
From: Joe S. <jo...@be...> - 2001-12-14 17:27:28
|
With the phplib perms this is handled nicely. The "staff" person on phpslash.org is this way. Authors that you want to publish, but don't let them do it themselves have perms like "nobody and user" ( not story). If you have sufficient privileges you can publish as any other author. Currently the author select box doesn't strip out authors without privileges. If they have a story published in their name they show up in the search select. When we start getting into the user account attributes more we'll need more granularity. Like is a story author but doesn't have story creating and editing permission. Joe On Fri, Dec 14, 2001 at 10:28:46AM -0500, Matt TrollBoy Wiseman wrote: > That's one thing I hadd to do on shoggoth.net.. Currently, we have alot of > people contrib'ing stories that I do not want to give admin rights to.. so > what I did is I made them all authors with a seclev of 9.. Problem was that > that made them not show up on the authors list on search.php. I had to > modify the SQL to select all authors as opposed to to just the ones with > higher seclevs... > > perhaps a boolean record in the user's table to set story=true for story > contributers thus allowing them on an authors list? > > Matt "TrollBoy" Wiseman > Webmaster: Shoggoth.net > Site Designer: phpslash.org > The oldest and strongest emotion of mankind is fear, > and the oldest and strongest kind of fear is fear of the unknown. > -H.P. Lovecraft > --------------------------------------------------------- > Please do not resell my e-mail address > to anyone or send me unsolicited e-mail > --------------------------------------------------------- > |
From: Lars H. <he...@qu...> - 2001-12-14 16:34:23
|
Hi, I've a problem with my CVS, the same as here: https://sourceforge.net/tracker/index.php?func=detail&aid=493330&group_id=1&atid=200001 I always get an error like this: -- Could not chdir to home directory /home/users/l/lh/lheuer: No such \ file or directory protocol error: directory '/cvsroot' not within root '/cvsroot/phpslash' -- Any solutions? Thanks, Lars |
From: Matt \TrollBoy\ W. <tro...@sh...> - 2001-12-14 15:28:17
|
That's one thing I hadd to do on shoggoth.net.. Currently, we have alot of people contrib'ing stories that I do not want to give admin rights to.. so what I did is I made them all authors with a seclev of 9.. Problem was that that made them not show up on the authors list on search.php. I had to modify the SQL to select all authors as opposed to to just the ones with higher seclevs... perhaps a boolean record in the user's table to set story=true for story contributers thus allowing them on an authors list? Matt "TrollBoy" Wiseman Webmaster: Shoggoth.net Site Designer: phpslash.org The oldest and strongest emotion of mankind is fear, and the oldest and strongest kind of fear is fear of the unknown. -H.P. Lovecraft --------------------------------------------------------- Please do not resell my e-mail address to anyone or send me unsolicited e-mail --------------------------------------------------------- ----- Original Message ----- From: "Ajay Sharma" <ss...@od...> To: "Lars Heuer" <he...@qu...> Cc: "PHPSlash Developers List" <php...@li...> Sent: Friday, December 14, 2001 1:15 AM Subject: Re: [Phpslash-devel] Story: listStory() design question > > returning an array is good. but can you add a "perms" parameter in > there so we can just grab the authors with "story" perms or "root" > perms. In 7.0 *everyone* will essentially be authors with different > perms so it will be very bad to return all the authors/users on a > popular site. > > later, > ajay > > On Thu, 13 Dec 2001, Lars Heuer wrote: > > > Hi Ajay, > > > > > that we need to do with author's should be in the author class. Also, I > > > didn't put them in templates because I figured that there wasn't a TON > > > of customizations you can do with a simple select box (and we already > > > > :-) > > > > > If you wanna convert them into templates, that's cool. But I still > > > suggest that they remain methods of their own class and not get lumped > > > in with the Story class. > > > > Yes, I thought about that point, maybe my first solution is better: > > > > -- > > Author.class: > > function getAllAuthors() { > > $q = "SELECT author_id, author_name > > FROM psl_author > > ORDER BY author_name"; > > $this->db->query($q); > > $author_array[] = array("id"=>"", > > "name"=>"All" > > ); > > while ($this->db->next_record()) { > > $author_array[] = array( > > "id" => $this->db->f("author_id"), > > "name" => $this->db->f("author_name") > > ); > > } > > return $author_array; > > } > > > > > > Story.class: > > > > $author_array = $author->getAllAuthors(); > > $this->template->set_block("liststory", "each_author", "authors"); > > > > while (list(, $cur_Author) = each($author_array)) { > > [...] > > )); > > if ($cur_Topic[id] == $topic_id) { > > $this->template->set_var(array( > > "SELECTED" => "selected=\"selected\"" > > )); > > } > > $this->template->parse("topics", "each_topic", "true"); > > } > > > > --- > > > > Any suggestions? > > > > Thanks, > > Lars > > > > > > _______________________________________________ > > Phpslash-devel mailing list > > Php...@li... > > https://lists.sourceforge.net/lists/listinfo/phpslash-devel > > > > -- > -------------------------------------------------------------------- > Satyajot (Ajay) Sharma > ss...@od... > -------------------------------------------------------------------- > > > _______________________________________________ > Phpslash-devel mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phpslash-devel > |
From: Ajay S. <ss...@od...> - 2001-12-14 07:42:11
|
returning an array is good. but can you add a "perms" parameter in there so we can just grab the authors with "story" perms or "root" perms. In 7.0 *everyone* will essentially be authors with different perms so it will be very bad to return all the authors/users on a popular site. later, ajay On Thu, 13 Dec 2001, Lars Heuer wrote: > Hi Ajay, > > > that we need to do with author's should be in the author class. Also, I > > didn't put them in templates because I figured that there wasn't a TON > > of customizations you can do with a simple select box (and we already > > :-) > > > If you wanna convert them into templates, that's cool. But I still > > suggest that they remain methods of their own class and not get lumped > > in with the Story class. > > Yes, I thought about that point, maybe my first solution is better: > > -- > Author.class: > function getAllAuthors() { > $q = "SELECT author_id, author_name > FROM psl_author > ORDER BY author_name"; > $this->db->query($q); > $author_array[] = array("id"=>"", > "name"=>"All" > ); > while ($this->db->next_record()) { > $author_array[] = array( > "id" => $this->db->f("author_id"), > "name" => $this->db->f("author_name") > ); > } > return $author_array; > } > > > Story.class: > > $author_array = $author->getAllAuthors(); > $this->template->set_block("liststory", "each_author", "authors"); > > while (list(, $cur_Author) = each($author_array)) { > [...] > )); > if ($cur_Topic[id] == $topic_id) { > $this->template->set_var(array( > "SELECTED" => "selected=\"selected\"" > )); > } > $this->template->parse("topics", "each_topic", "true"); > } > > --- > > Any suggestions? > > Thanks, > Lars > > > _______________________________________________ > Phpslash-devel mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phpslash-devel > -- -------------------------------------------------------------------- Satyajot (Ajay) Sharma ss...@od... -------------------------------------------------------------------- |
From: Joe S. <jo...@be...> - 2001-12-13 19:27:57
|
That's what I was afraid of. We've got other places that do this too. Specifically search.php3/searchPage.tpl. On Thu, Dec 13, 2001 at 08:24:38PM +0100, Lars Heuer wrote: > Hi Joe, > > > Isn't this enough: > > "SELECTED" => "selected" > > instead of: > > "SELECTED" => "selected=\"selected\"" > > I did this because of future XHTML compatibility. > > It won't brake HTML 3 / 4 templates. > > Regards, > Lars |