I've updated to the 1.5.1 version, but one thing I can't figure out is what does the login feature on the homepage actually accomplish for the user?
It doesn't show all brackets entered under that email, doesn't give you any other special stats or whatever and doesn't seem to place a limit on entries.
Can anyone advise?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
When the brackets are submitted and tournament starts, it should show the brackets associated with that emai in that top right nav area on the front page.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm a little confused as well… seems at the very least it should be password protected? What happens when someone submits a bracket without logging in with an email address?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It does seem like it should be password protected, otherwise someone could leave smacktalk that is not really from them, resulting in nastiness in general.
Before smacktalk, all it did was show your current rank on the front page, and also highlight the position of your bracket in the standings page.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
On our site, everyone is pretty friendly with each other. That's why we didn't feel the smack talk needed to be protected. I can see other use cases that would require this, though.
You put in an email address when you submit a bracket. So, the best someone could do would be to submit brackets in your name. Again, this threat wasn't a big deal in our use case.
Someone can also login with your email and see your brackets listed on their home page, but this is not problematic behavior.
The real justification for the inconvenience of another login/pw to keep track of is to allow you to edit your bracket submission before the final deadline. Site registration is a pain in the ass, and we personally could not conclude that it was worth it to us. I have no problem with someone adding it to this (and in fact, I think a poster in the mmm forum said they may already have)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Oh ok, I saw this comment and apparently mis-read it.
"The real justification for the inconvenience of another login/pw to keep track of is to allow you to edit your bracket submission before the final deadline."
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
In the couple years that we have run a bracket, not a single person has submitted a bracket and then expressed the need to me to change it. Not saying logins wouldn't be a good idea, it's just that there isn't a huge requirement for them.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
In testing this application, I entered a bracket and included all the required information. I then logged in with the email I used and I had access to the entire admin section. Is that the way it should be set up? Was it because I was logged in as admin and if so, how do I log out as admin?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thinking that might be the case, I tried it with another email address and got the same results. Protecting the admin directory with .htaccess would throw up a log in screen and since the player does not know the admin's email address he would be denied access would he not?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I agree the current login system is not good.
I have integrated this login system in to the script. http://youhack.me/2010/04/01/building-a-registration-system-with-email-verification-in-php/
Its working out very well. I made the admin ID 1, Removed all instance of validatecookie() on the admin side and replaced it with
ob_start();
session_start();
if(isset($_SESSION['Memberid']) < 1 ){
header("Location: ../login.php");
}
User side removed validatecookie() and replaced it with
ob_start();
session_start();
if(!isset($_SESSION['Username'])){
header("Location: login.php");
}
I added include("header.php"); to all the login system pages.
Changed index to register.php
Its working great...
All users have a session and now I can create a user page to view/edit/print brackets.
The code is a bit messy but I will clean it up and submit it later.
It will be after this years Madness...
Last edit: Jeremy G 2014-03-18
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
With my limited knowledge of php, I was able to follow most of what you wrote and even what is in the link you mention. It is unfortunate that it cannot be integrated into this year's Madness however.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I agree the current login system is not good.
I have integrated this login system in to the script. http://youhack.me/2010/04/01/building-a-registration-system-with-email-verification-in-php/
Its working out very well. I made the admin ID 1, Removed all instance of validatecookie() on the admin side and replaced it with
ob_start();
session_start();
if(isset($_SESSION['Memberid']) < 1 ){
header("Location: login.php");
}
User side removed validatecookie() and replaced it with
ob_start();
session_start();
if(!isset($_SESSION['Username'])){
header("Location: ../login.php");
}
I added include("header.php"); to all the login system pages. Changed index to register.php
Its working great...
All users have a session and now I can create a user page to view/edit/print brackets.
The code is a bit messy but I will clean it up and submit it later.
It will be after this years Madness...
I've updated to the 1.5.1 version, but one thing I can't figure out is what does the login feature on the homepage actually accomplish for the user?
It doesn't show all brackets entered under that email, doesn't give you any other special stats or whatever and doesn't seem to place a limit on entries.
Can anyone advise?
When the brackets are submitted and tournament starts, it should show the brackets associated with that emai in that top right nav area on the front page.
I'm a little confused as well… seems at the very least it should be password protected? What happens when someone submits a bracket without logging in with an email address?
It does seem like it should be password protected, otherwise someone could leave smacktalk that is not really from them, resulting in nastiness in general.
Before smacktalk, all it did was show your current rank on the front page, and also highlight the position of your bracket in the standings page.
On our site, everyone is pretty friendly with each other. That's why we didn't feel the smack talk needed to be protected. I can see other use cases that would require this, though.
You put in an email address when you submit a bracket. So, the best someone could do would be to submit brackets in your name. Again, this threat wasn't a big deal in our use case.
Someone can also login with your email and see your brackets listed on their home page, but this is not problematic behavior.
The real justification for the inconvenience of another login/pw to keep track of is to allow you to edit your bracket submission before the final deadline. Site registration is a pain in the ass, and we personally could not conclude that it was worth it to us. I have no problem with someone adding it to this (and in fact, I think a poster in the mmm forum said they may already have)
Rob, on our site, everyone is pretty nice too, so the smacktalk fakery issue wouldn't occur.
But someone, somewhere, will want it. Someday. :D
Maybe we should ping the guy who said he did it on mmm.
I don't see where I can edit my bracket after logging in…please advise?
You can't. As mentioned above, logging in only allows you to post smack talk and see a summary of your brackets on the home page.
Oh ok, I saw this comment and apparently mis-read it.
"The real justification for the inconvenience of another login/pw to keep track of is to allow you to edit your bracket submission before the final deadline."
In the couple years that we have run a bracket, not a single person has submitted a bracket and then expressed the need to me to change it. Not saying logins wouldn't be a good idea, it's just that there isn't a huge requirement for them.
In testing this application, I entered a bracket and included all the required information. I then logged in with the email I used and I had access to the entire admin section. Is that the way it should be set up? Was it because I was logged in as admin and if so, how do I log out as admin?
i believe your email was the admin email, which is why it showed you admin stuff. You should protected the /admin directory with .htaccess.
Thinking that might be the case, I tried it with another email address and got the same results. Protecting the admin directory with .htaccess would throw up a log in screen and since the player does not know the admin's email address he would be denied access would he not?
I agree the current login system is not good.
I have integrated this login system in to the script.
http://youhack.me/2010/04/01/building-a-registration-system-with-email-verification-in-php/
Its working out very well. I made the admin ID 1, Removed all instance of validatecookie() on the admin side and replaced it with
ob_start();
session_start();
if(isset($_SESSION['Memberid']) < 1 ){
header("Location: ../login.php");
}
User side removed validatecookie() and replaced it with
ob_start();
session_start();
if(!isset($_SESSION['Username'])){
header("Location: login.php");
}
I added include("header.php"); to all the login system pages.
Changed index to register.php
Its working great...
All users have a session and now I can create a user page to view/edit/print brackets.
The code is a bit messy but I will clean it up and submit it later.
It will be after this years Madness...
Last edit: Jeremy G 2014-03-18
With my limited knowledge of php, I was able to follow most of what you wrote and even what is in the link you mention. It is unfortunate that it cannot be integrated into this year's Madness however.
Sweet. I'll check it out when ready and merge