| Author |
 Topic  |
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
|
|
NiteOwl
Junior Member
Canada
403 Posts |
 Posted - 27 June 2005 : 11:20:17
|
Something interesting:
When using the RSS code, all security to a site is circumvented...? Even if you do not have an account you are able to pull messages up and read, at least that is what I think I see?
< |
-=NiteOwl=-
|
 |
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
Posted - 27 June 2005 : 13:53:45
|
Well, the RSS feed pulls only topics from non-private forums. But, I guess you've defined 'require registration', and have nót defined whether or not the forums where private or not.
This RSS.asp page does not support public forums which require a visitor to log in.
I'm not sure if that's possible at all by the way, but that's something else.
The RSS feed should be public afaik, and if you require registration to your forums, there's nothing public (everything is private)....< |
portfolio - linkshrinker - oxle - twitter |
|
|
|
NiteOwl
Junior Member
Canada
403 Posts |
Posted - 27 June 2005 : 17:25:42
|
I have two sites:
Marine Forum Totally OPEN
Union Forum Totally PRIVATE
however in your message above you were able to see into the UNION forum without any registration. Pplease don't get me wrong, I very much like this code and want to use it for both my forums, however it seems to be flawed concerning access to areas that should require name and password.
BTW, I notice that of the 3 readers we have discussed, two of them allow username and passwords in the setup, yet the sharp-reader does not.
Anyway, at the moment (unless I have missed something) I don't think this RSS code is ready for prime-time on a MySQL database, which is too bad as it has a lot of really good potential, and I want to thank all those that keep this stuff going! I will keep the RSS feed to myself and not open it to my membership until I hvae a bit more security built in.
< |
-=NiteOwl=-
|
Edited by - NiteOwl on 27 June 2005 22:51:59 |
|
|
|
-gary
Development Team Member
406 Posts |
|
|
gelliott
Junior Member
USA
268 Posts |
Posted - 29 June 2005 : 12:18:17
|
For those that asked about security, I have utilized this in my forum which is all private forums. In order to only serve up the topics to which the user has access, my RSS Config page offers each user a custom RSS link, which looks something like
rss.asp?memberid=1&key=a387wo3n
where the key is an excerpt from the middle of their encrypted password as stored in their member record. When rss.asp runs, if it finds a match between the user number and the middle excerpt of the key, then it uses a customized chkForumAccess function to return a array of allowed forums. Thus, instead of using F.F_PRIVATEFORUMS = 0 I build a string that results in something like F.FORUM_ID IN (3,6,13,19,24). Thus, each user gets a custom display of forums to which they have access.< |
* The optimist says the cup is half full. The pessimist says it's half empty. But the engineer knows the truth - the cup's design is incorrectly sized.  |
|
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
Posted - 29 June 2005 : 14:16:32
|
Nice one! Would you mind sharing pieces of that code, so we could work it into a complete mod?  < |
portfolio - linkshrinker - oxle - twitter |
|
|
|
gelliott
Junior Member
USA
268 Posts |
Posted - 29 June 2005 : 23:47:31
|
| I'd be happy to - I'll need to remove the custom stuff - let me try to get to it over the weekend...< |
* The optimist says the cup is half full. The pessimist says it's half empty. But the engineer knows the truth - the cup's design is incorrectly sized. |
|
|
|
NiteOwl
Junior Member
Canada
403 Posts |
Posted - 30 June 2005 : 02:06:10
|
Excellent, I too am looking forward to this! thanks!
< |
-=NiteOwl=-
|
|
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
Posted - 30 June 2005 : 03:46:58
|
quote:
Originally posted by gelliott
I'd be happy to - I'll need to remove the custom stuff - let me try to get to it over the weekend...
Take your time, but do hurry! hehe< |
portfolio - linkshrinker - oxle - twitter |
|
|
|
gelliott
Junior Member
USA
268 Posts |
Posted - 30 June 2005 : 15:34:26
|
OK fellow Snitzers... had a few extra minutes sooner that I thought...
http://www.snitzbitz.com/mods/details.asp?Version=All&mid=209
I have uploaded a zip to SnitzBitz which will give you the code I used. I wrote it several months back, so I'm a little unsure of what I changed in the rss.asp file, but it shouldn't be much. You should be able to use your own rss.asp file with a few minor changes, but I included mine just in case. Read the readme.txt file for more details.
This set also includes a small FAQ/help screen (since I have to have someplace to distribute the customized urls anyway), and the appropriate images. Let me know what you think. As you look through my function includes, I think you'll find a fairly simple approach...
[edited for clarifications]< |
* The optimist says the cup is half full. The pessimist says it's half empty. But the engineer knows the truth - the cup's design is incorrectly sized. |
Edited by - gelliott on 30 June 2005 15:36:37 |
|
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
Posted - 01 July 2005 : 08:56:29
|
Nice one Gelliot!!! I've updated my original mod to be fully RSS2 valid (except for the relative URL's).
I'll do the same to your mod, if that's ok with you.< |
portfolio - linkshrinker - oxle - twitter |
|
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
Posted - 01 July 2005 : 09:06:44
|
Gelliot; Here's your RSS file, modded to version 2.0.
Could you give it a try? I haven't tested it yet.
 Attachment: gelliot_rssv2.zip 3672 bytes< |
portfolio - linkshrinker - oxle - twitter |
Edited by - MarcelG on 02 July 2005 08:23:48 |
|
|
|
NiteOwl
Junior Member
Canada
403 Posts |
Posted - 01 July 2005 : 18:22:36
|
Hi Marcel - This link is not working at the moment.
< |
-=NiteOwl=-
|
|
|
|
NiteOwl
Junior Member
Canada
403 Posts |
Posted - 02 July 2005 : 01:59:46
|
Gelliot - Could you give me an example on how to utilise this feature:
'#### strSql = strSql & " AND F.F_PRIVATEFORUMS = 0" #### replace this with custom list of allowed forums
< |
-=NiteOwl=-
|
|
|
|
Topic |
|
RSS Feed (by forum & by cat)
