| Author |
 Topic  |
|
|
kristien
New Member
78 Posts |
 Posted - 21 October 2003 : 08:35:55
|
Hi
I want it to be possible for guests to post topics and reply to topics but not to login as 'guest'.
So i thought to do the following in post_info.asp :
(bold is what i added)
if MethodType = "Topic" then
guestpas = 0
if strDBNTUserName = "guest" then
guestpas = 1
'## Forum_SQL
strSql = "SELECT MEMBER_ID, M_LEVEL, M_EMAIL, M_LASTPOSTDATE, " & strDBNTSQLName
if strAuthType = "db" then
strSql = strSql & ", M_PASSWORD "
end if
strSql = strSql & " FROM " & strMemberTablePrefix & "MEMBERS "
strSql = strSql & " WHERE " & strDBNTSQLName & " = '" & ChkString(strDBNTUserName, "SQLString") & "'"
strSql = strSql & " AND " & strMemberTablePrefix & "MEMBERS.M_STATUS = " & 1
QuoteOk = ChkQuoteOk(strDBNTUserName)
else
guestpas = 0
'## Forum_SQL
strSql = "SELECT MEMBER_ID, M_LEVEL, M_EMAIL, M_LASTPOSTDATE, " & strDBNTSQLName
if strAuthType = "db" then
strSql = strSql & ", M_PASSWORD "
end if
strSql = strSql & " FROM " & strMemberTablePrefix & "MEMBERS "
strSql = strSql & " WHERE " & strDBNTSQLName & " = '" & ChkString(strDBNTUserName, "SQLString") & "'"
strSql = strSql & " AND " & strMemberTablePrefix & "MEMBERS.M_STATUS = " & 1
if strAuthType = "db" then
strSql = strSql & " AND M_PASSWORD = '" & ChkString(strPassword, "SQLString") &"'"
QuoteOk = (ChkQuoteOk(strDBNTUserName) and ChkQuoteOk(strPassword))
else
QuoteOk = ChkQuoteOk(strDBNTUserName)
end if
end if
set rs = my_Conn.Execute (strSql)
if (rs.BOF or rs.EOF or not(QuoteOk) or not (ChkQuoteOk(strPassword))) and guestpas = 0 then '## Invalid Password
Go_Result "Invalid UserName or Password!!", 0
Response.End
else
.....
end if
The user "guest" has a pasword that nobody except me knows, so they can't login.
It works fine, but i don't know that it is safe ...
Any help ? |
Edited by - kristien on 22 October 2003 04:19:47 |
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 21 October 2003 : 11:20:14
|
| not safe. anonymous posting is nothing but trouble IMHO. |
 |
 |
|
|
kristien
New Member
78 Posts |
Posted - 22 October 2003 : 03:40:26
|
| But can you tell me why it isn't safe ? |
|
|
|
The Impact
Junior Member
Australia
398 Posts |
Posted - 22 October 2003 : 04:08:38
|
| I'm still a programmer in learning ... but I don't see a big problem as long as you log their IP address and maybe require an email address. |
|
|
|
Roland
Advanced Member
Netherlands
9335 Posts |
Posted - 22 October 2003 : 05:22:48
|
I believe the reason Dayve says it's not safe is because you have nothing to hold onto but the poster's IP address if they mess with your forums, for example by posted something inappropriate or illegal. If you require them to register, you'll at least know they had a valid email address when they registered and it'll give you some extra information to go by should you need to hold them responsible for anything.
Though I agree to some extent, I believe that with proper moderation of posts made by "guests", or anonymous users, you can prevent a lot of potentially bad things from happening. |
|
|
|
kristien
New Member
78 Posts |
Posted - 22 October 2003 : 08:18:38
|
Ok, those things i know and i accept them.
As long as they can't get control to admin sections i have no trouble with guest accounts.
Thanks guys ! |
Edited by - kristien on 23 October 2003 02:50:30 |
|
|
| |
Topic |
|
Topic Locked
