Re: [Simplog-devel] adodb
Brought to you by:
f-bomb
Menu
▾
▴
Re: [Simplog-devel] adodb
|
From: Jason L. B. <ja...@bu...> - 2004-09-22 04:36:56
|
I'd like to make one (hopefully the last for a while) infrastructure
investment in the database schema - to allow us to flexibly add
attributes to various tables in the DB without having to add new columns
to existing tables all of the time.
design email with diagrams to follow shortly.
i'd like to take a pass at the security overhaul, fwiw.
-jason
Jeremy Ashcraft wrote:
> I was just too lazy to go out to the adodb site and grab the latest
> version when I built the current release. :)
> I think the permissions system needs an overhaul, so your ideas are
> good. Plus simplog is wide open for comment spam right now, so
> locking down comments is a good idea.
>
> Here's a quick list of some preliminary ideas for 1.0:
> - be able to enable/disable commenting for individual posts
> - new permissions system
> - sitewide templates/make it easier for users to customize look and feel
> - extended text for posts
> - post via email
> - integrate htmlArea editor into app
> - user auto registration with/without admin approval
> - a couple other things I can't remember right now.....
>
> anything else you guys would like to see?
>
> Jim Hu wrote:
>
>> Jason,
>>
>> Can't say about 4.2, but I also put it on my server, which is still
>> running 4.3. Seems to work with Simplog. The Sourceforge page says it
>> requires php 4.0.5 or later.
>>
>> OK, I figured out the problem. The index file I had modified uses:
>>
>> <?php @include("$baseurl/blog.php?blogid=$blogid"); ?>
>>
>> which I think was based on an older version of index.php. Yours uses
>>
>> <?php include("blog.php"); ?>
>>
>> I believe what is happening is that when the include statement looks
>> for http://hostname/simplog/blog.php?blodid=X, the session info is
>> not being transferred via the http request...in other words, the
>> content is being called by user Apache, not the user logged in. Since
>> Apache is not on the blog_acl, and is not logged in, isUserAuthorized
>> returns false and no content comes back.
>>
>> So, the good news is that I can fix this to work now with
>> isUserAuthorized on all of my blogs. However, there is a design issue
>> regarding the meaning of public, protected, and private that should
>> be resolved before going further - I think that your function changes
>> the meanings...it does so in a way that I sort of agree with, but
>> here's the problem:
>>
>> In the help files, Jeremy defines the three kinds of blogs as follows:
>>
>> A new blog can be Public, Protected or Private, and this provides
>> a method of pre-defining which users can contribute new comments
>> without explicitly defining each. In a public blog, any user with
>> a logon can add entries. In a protected blog, any one of a specfic
>> set of users can add entries, and others are stopped. In a private
>> blog, only one person can add entries. Regardless of whether the
>> blog is public, protected or private, everyone can read the blog.
>>
>>
>> With isUserAuthorized, this has changed so that only authorized users
>> can _read_ protected and private blogs. I think that having blogs
>> that are not accessible to the public is useful, and I took a
>> different approach to get this functionality by adding auth() to the
>> index files for each blog. However, this is trivially defeated by
>> bypassing the index file via http://host/simplog/blog.php?blogid=X,
>> so your solution should be better. The problem is - I think your
>> solution breaks something we've been telling users about how to
>> customize their pages - by using blog.php to pass formatted content
>> to the target website. This means that upgrading to 0.91 may break
>> some existing sites.
>>
>> It seems to me that it would be better to define the kinds of blogs
>> differently than either of the above, based on four kinds of access
>> permissions: view, comment, post, and administer. I'm not sure that
>> the current distinction between protected and private is useful, as
>> one could in principle make protected blogs with only one user. I'd
>> suggest that all kinds of blogs should only allow posts by acl users,
>> and all kinds of blogs should allow administration within a blog by
>> anyone set as an administrator in the blog_acl table (not clear to me
>> that the admin column in blog_acl does anything in current versions).
>> The site administrator would still have global admin privileges. In
>> addition, the three kinds would mean:
>>
>> public = anyone can view or comment
>> protected = anyone can view, only acl users can comment
>> private = only acl users can view or comment.
>>
>> What do people think? I'm wondering if I'm missing some history or
>> standards within the blogging software world.
>>
>> Jim
>>
>> On Sep 21, 2004, at 12:24 AM, Jason L. Buberel wrote:
>>
>> is the new adodb backwards compatible with php 4.3 and 4.2? if so,
>> I would vote we upgrade simplog to use the new version.
>>
>> -jason
>>
>> PS Told you so :)
>>
>> Jim Hu wrote:
>> While playing with installing simplog on another computer (my
>> laptop) to see if the distribution version of Simplog works
>> without my modifications, I discovered that the version of adodb
>> in the distribution is not compatible with php5. There is one
>> available at:
>>
>>
>> http://adodb.sourceforge.net/
>>
>> which seems to work fine. Jason's security system seems to work
>> on my laptop too, so I'll have to hunt down what I did differently
>> in the other installation...looks like one of my changes is
>> incompatible with his. :^(
>>
>> Jim Hu
>>
>>
>>
>> -------------------------------------------------------
>> This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
>> Project Admins to receive an Apple iPod Mini FREE for your
>> judgement on
>> who ports your project to Linux PPC the best. Sponsored by IBM.
>> Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
>> _______________________________________________
>> Simplog-devel mailing list
>>
>> Sim...@li...
>> https://lists.sourceforge.net/lists/listinfo/simplog-devel
>>
>>
>>
>>
>>
>> -- Jason L. Buberel - ja...@bu... - http://www.buberel.org
>> JabberID:ja...@im... - m:+16504831989
>>
>>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
> Project Admins to receive an Apple iPod Mini FREE for your judgement on
> who ports your project to Linux PPC the best. Sponsored by IBM.
> Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
> _______________________________________________
> Simplog-devel mailing list
> Sim...@li...
> https://lists.sourceforge.net/lists/listinfo/simplog-devel
>
> !DSPAM:415100b8273071624118016!
>
--
Jason L. Buberel - ja...@bu... - http://www.buberel.org
JabberID:ja...@im... - m:+16504831989
|
