| Author |
 Topic  |
|
PPSSWeb
Junior Member
312 Posts |
 Posted - 17 May 2007 : 09:14:57
|
| Now that I understand the problem better, I can reproduce it too. Unfortunately the code addition suggested above by Jezmeister did not fix it. I do however get a EOF error if I try posting with a username that does not exist in the database.< |
 |
|
|
PPSSWeb
Junior Member
312 Posts |
Posted - 17 May 2007 : 10:42:34
|
Ok, so the code posted above does work! At least I think it does. Just not where it was said to add it. Instead add it to the same location in Post.asp.
If the user is not logged in, the new code returns MemberID = -1. But nothing in the usergroups mod is set to check for this, so you need to add that bit too.
A little further down the page in Post.asp find:
and replace it with:
Someone please check this and see if the two parts combined fix the problem. Thanks< |
Edited by - PPSSWeb on 17 May 2007 10:43:05 |
|
|
|
Jezmeister
Senior Member
United Kingdom
1141 Posts |
Posted - 17 May 2007 : 11:12:50
|
| That would solve the issue, I was avoiding doing that as it removes the option to post one off while not logged in which may well not be desirable.< |
|
|
|
PPSSWeb
Junior Member
312 Posts |
Posted - 17 May 2007 : 13:53:21
|
I agree there has to be a better way, but this is all I could think of at the time.
I guess you could add generic member to the database. Then add a line to modify the MemberID if the DB query returns -1.
Something like:
Then you could restrict that account however you like via the UserGroups Admin functions. Does that make it any better, or just more confusing?
Scratch that, the above idea doesn't work. Of course, it seems that the addition Jezmeister mentioned above doesn't seem to add anything. The MemberID seems to return -1 with or without this code for guests for me.< |
Edited by - PPSSWeb on 17 May 2007 14:46:04 |
|
|
|
PPSSWeb
Junior Member
312 Posts |
Posted - 17 May 2007 : 14:53:12
|
| Is there a way to add a default user to the Members database with an ID of -1 and Mlev of 0 that could be used in the Usergroups to specify permissions for users that are not logged in?< |
|
|
|
Jezmeister
Senior Member
United Kingdom
1141 Posts |
Posted - 17 May 2007 : 15:08:39
|
there is a better way about this ;) it's the use of lots of queries in post_info.asp based on strDBNTUserName to detect usergroup... it's just relatively a lot of work. Etymon has also suggested the use of Huws old posting restrictions mod alongside the usergroups mod to do it... i have a copy just don't have time to do anything at the moment.
the reason there will be no quick way to fix post_info is because the entirity of the usergroups mod on the end of the user is based on cookies, when you post with that method the cookie isn't there and thus the usergroups mod is useless as it is.< |
|
|
|
CalloftheHauntedMaster
Junior Member
289 Posts |
Posted - 17 May 2007 : 15:12:51
|
PPSSWeb, the fix you provided works, and it also prohibits all non-logged in posting, as Jezmeister said.
However, that might not be such a bad thing either.< |
This account was hacked into by Image, a very honest guy as you all can see! Stealing people's passwords is his pasttime. Beware of this, before you register at his forums! |
|
|
|
AnonJr
Moderator
United States
5768 Posts |
Posted - 17 May 2007 : 15:33:34
|
Actually, if you're going through all the work of installing the UserGroup MOD to refine permissions, it wouldn't be a bad idea at all to prohibit users from posting if they are not logged in. Esp. if you tie anything else into the UserGroup permissions.
I've found that being able to post without logging in creates some other interesting issues better discussed at another time in another thread.  < |
|
|
|
CalloftheHauntedMaster
Junior Member
289 Posts |
Posted - 17 May 2007 : 15:39:29
|
| Works for me. I can finally use the temp forum ban feature without all these bypasses. < |
This account was hacked into by Image, a very honest guy as you all can see! Stealing people's passwords is his pasttime. Beware of this, before you register at his forums! |
|
|
|
PPSSWeb
Junior Member
312 Posts |
Posted - 17 May 2007 : 16:01:31
|
quote:
Originally posted by Jezmeister
there is a better way about this ;) it's the use of lots of queries in post_info.asp based on strDBNTUserName to detect usergroup... it's just relatively a lot of work. Etymon has also suggested the use of Huws old posting restrictions mod alongside the usergroups mod to do it... i have a copy just don't have time to do anything at the moment.
the reason there will be no quick way to fix post_info is because the entirity of the usergroups mod on the end of the user is based on cookies, when you post with that method the cookie isn't there and thus the usergroups mod is useless as it is.
Yeah, I was trying to work around this by trying to have the guest user assume another identity temporarily, but that just wasn't working out. It did however bend my brain a little trying to work it out.
quote:
Originally posted by AnonJr
Actually, if you're going through all the work of installing the UserGroup MOD to refine permissions, it wouldn't be a bad idea at all to prohibit users from posting if they are not logged in. Esp. if you tie anything else into the UserGroup permissions.
My thoughts exactly. If you are going to go through all the effor, might as well lock it all down. 
quote:
Originally posted by CalloftheHauntedMaster
Works for me.
Glad I could help then.  < |
|
|
|
secretsquirrel
New Member
Australia
81 Posts |
Posted - 19 June 2007 : 12:40:55
|
Glad my topic gave you something to think over
My forum is restricted to members only so its ok here but it would be funny if it was done so anyone trying to get around the ban and making a post get a warning that the attempt has been detected, email sent to admin and ban extended by a further week lol  < |
Anyone who says a square peg does not fit into a circular hole has never seen a crazy bítch with a hammer |
|
|
|
Topic |
|
Sin Bin Mod
