Posts 9
|
Marte |
Post: 001 10.12.2007 - 19:01 |
| just checking | |
|
hugo |
Post: 004 08.01.2008 - 08:02 |
| hi. I used the author name "hugo" although someone else used that name prior to me. Will I be able to delete that post too using this name? Let me see | |
|
hugo |
Post: 005 08.01.2008 - 08:04 |
| Well, I can delete someone else's post just by using his name. This is undesirable. How to solve this problem? | |
|
testauthor |
Post: 006 09.01.2008 - 18:13 |
|
does it need a subject | |
checking!!
| |
|
Hans  Stop the melt! |
Post: 011 18.01.2008 - 03:33 |
| This is a problem..
when I enter any of the author names, I am able to use it, and am able to delete my post as well as the post of the one whose name I used. Any solution to this? | |
|
sam |
Post: 012 18.01.2008 - 03:36 |
| sorry, the above post which says author= Hans was actually written by me. I can delete any one's post here just by using his name once. Some one please sort this problem out. Thanks | |
|
Hans Stop the melt! |
Post: 014 04.02.2008 - 09:51 |
| Yes, author names could be spoofed.
The reason for this is that one can set the author name with the author input field. The alternative is to use the authuser authentication system and require everyone to log on, and tie the Author variable with the login AuthId variable. Then not use an author text input field (use as hidden instead). Guest visitors will need to login as well as 'Guest' or such with a guest password (this could be openly displayed). The conditional for the foxdelete link needs also be changed to check for AuthId rather than Author. | |
|
Hans Stop the melt! |
Post: 015 04.02.2008 - 11:24 |
| PS: The conditional which rules the display of the delete links is in FoxTemplates.DisplayTemplates.
One easy change is to display the delete links only for logged in admin or for logged in user with authid:
| |
|
Hans Stop the melt! |
Post: 031 05.02.2008 - 18:42 |
|
aaaaaaaaaa | |
| |