not associating dumps with login

[dionysian]

I just tried to submit a dump. I logged in first and left the email field blank, but it told me that i needed to have an email. So I tried to just type in my forum name, but that didn't work either... That posted it, but it didn't associate it with my forum id, just with <dionysian>.

http://angband.oook.cz/ladder-show.php?id=7255

Not sure what the problem is here.

[pav]

Sometimes this happen for some people, don't know why. You don't refuse cookies or something?

Make sure it says
Your identity
dyonisian <Log out>

before posting a dump.

[Daven_26d1]

I have noticed problems here also, I just enter my nick into the email field (hence all my dumps get '<' '>' around my nick. I've noticed it from IE & Firefox in XP as well as Firefox on Linux.

I don't refuse cookies (or login wouldn't work at all presumably) but I use whitelisting for JavaScript, and oook isn't on my whitelist, because it doesn't need to be.

Although oook is phpBB based, there are a couple of minor things on the site that definitely require JavaScript to work (check boxes in Private Messages for one) so maybe that's the problem?

[pav]

Quote:

Originally Posted by Daven_26d1

I don't refuse cookies (or login wouldn't work at all presumably) but I use whitelisting for JavaScript, and oook isn't on my whitelist, because it doesn't need to be.

Why on Earth would anyone want to disable JavaScript? Do you also disable tags for bold and italic text?

Quote:

Originally Posted by Daven_26d1

Although oook is phpBB based,

There is no phpBB nearby here; the site is homegrown, and the forums bit is powered by vBulletin.

Quote:

Originally Posted by Daven_26d1

there are a couple of minor things on the site that definitely require JavaScript to work (check boxes in Private Messages for one) so maybe that's the problem?

Well the easiest test is to enable JavaScript and test it. Why don't you do that?

[Daven_26d1]

Quote:

Originally Posted by pav

Why on Earth would anyone want to disable JavaScript?

Allowing client-side scripts globally is inherently insecure, albeit that running linux makes a lot of the problems moot. Its not that I don't trust oook, its just that I only bother to allow scripts where I would lose functionality otherwise.

Quote:

There is no phpBB nearby here; the site is homegrown, and the forums bit is powered by vBulletin.

I've obviously gotten my forums mixed up, apologies.

Quote:

Well the easiest test is to enable JavaScript and test it. Why don't you do that?

Usually I'm happy to use a workaround rather than enable scripting, where I don't really lose any functionality. I guess now though, I'll have to test. Back in a mo for an edit...

EDIT - actually, I think I may have tried this before, when I first submitted a dump, elsewise the Deja Vu is bad today. Selecting "or login to forum" takes me to the forums, were I log in via the top pane as usual. Then nothing happens - going back to the ladder or whatever just starts the whole process over.

Is the "Your identity..." bit supposed to appear instead of the "your email or login..." bit? I'll see if I can figure this out later. Anyway, JavaScript doesn't appear to be the culprit.

EDIT2 - Well, fiddling around with every browser setting imaginable gives me no joy, and some work with tamperdata & http live headers flags up nothing I can use. I do see some GET requests that send random numbers to cron.php that I don't understand the purpose of; they don't appear to affect the state of my cookies, so presumably this is a serverside login thing.

A right proper headscratcher, this one.

[zaimoni]

Quote:

Originally Posted by pav

Why on Earth would anyone want to disable JavaScript? Do you also disable tags for bold and italic text?

This is required in IE to prevent autoinfection by malware. Antivirus software is not a substitute.

For other webbrowsers, this is a matter of personal or corporate caution level. Proper site and web application design assumes that everything must be usable even if JavaScript is disabled, unless you explicitly document otherwise.

Reputable sites are not an exception. My current AV software is noticing a malware injector on Yahoo! Finance (which *is* a reputable site); the prior one did not.

[Daven_26d1]

Quote:

Originally Posted by zaimoni

This is required in IE to prevent autoinfection by malware. Antivirus software is not a substitute.

All too true - and its very surprising how many users are either unaware of this issue or simply don't care. This isn't too say that only IE can be affected; its just that the greatest majority of browser-based exploits and malware target IE and Windows - partly due to an expected larger target yield, and partly because many malware authors think that all windows users (and IE users in particular) are lamers who deserve to get a trashed system.

[pav]

Just accept all auto-updates that Windows pull down, and you will be safe. You need to find the balance between functionality and security.

As for the login issue - you're on your own. Your setup is probably non-standard enough that I can't provide any assistance here. Make sure your browser is sending bbuserid and bbsessionhash cookies to the server when requesting ladder-submit.php page. Both these cookies should be set when you log into forum.

[Daven_26d1]

Quote:

Originally Posted by pav

Just accept all auto-updates that Windows pull down, and you will be safe.

I can't agree with you there; "security is a process, not a product" - patches only protect you from problems that have already been discovered, very often because they were used to infect machines in the wild. Disabling a service stops any and all abuses of said service, (known or unknown) dead in their tracks.

Quote:

You need to find the balance between functionality and security.

Here I agree completely; spending as much time locking down your browser than using it certainly isn't for everyone, but some of us find that stuff fun. Besides which, I find that JavaScript on the whole adds very little to my browsing experience - and if I do decide a site should have script privs, its exactly one right-click and one left-click away from getting them, temporarily or permanently as I choose.

Quote:

As for the login issue... Make sure your browser is sending bbuserid and bbsessionhash cookies to the server when requesting ladder-submit.php

Yeah, those cookies were sent/set in all cases. I'm not too concerned about the problem, I just have a pet hate of things I can't figure out. If anyone finds a setting or something that can fix (or break) this, do share...

[pav]

Quote:

Originally Posted by Daven_26d1

Yeah, those cookies were sent/set in all cases.

Can you drop me a Private Message with the value of these cookies?