Angband.oook.cz
Angband.oook.cz
AboutDownloadVariantsLadderForumCompetitionSpoilersComicScreenshotsFunniesLinks

Go Back   Angband Forums > The real world > Oook!

Reply
 
Thread Tools Display Modes
Old December 1, 2007, 13:32   #1
dionysian
Apprentice
 
dionysian's Avatar
 
Join Date: Apr 2007
Location: Washington, DC Metropolitan Area
Age: 31
Posts: 55
dionysian is on a distinguished road
not associating dumps with login

I just tried to submit a dump. I logged in first and left the email field blank, but it told me that i needed to have an email. So I tried to just type in my forum name, but that didn't work either... That posted it, but it didn't associate it with my forum id, just with <dionysian>.

http://angband.oook.cz/ladder-show.php?id=7255

Not sure what the problem is here.
__________________
Oh, Mr. Speaker, I had underestimated the tenderness of the feelings of the members opposite.
--Barney Frank
dionysian is offline   Reply With Quote
Old December 1, 2007, 13:55   #2
pav
Administrator
 
pav's Avatar
 
Join Date: Apr 2007
Location: Prague, Czech republic
Age: 34
Posts: 753
pav is on a distinguished road
Send a message via ICQ to pav
Sometimes this happen for some people, don't know why. You don't refuse cookies or something?

Make sure it says
Your identity
dyonisian <Log out>

before posting a dump.
__________________
See the elves and everything! http://angband.oook.cz
pav is offline   Reply With Quote
Old December 1, 2007, 16:33   #3
Daven_26d1
Adept
 
Daven_26d1's Avatar
 
Join Date: Jun 2007
Location: North of England.
Posts: 211
Daven_26d1 is on a distinguished road
I have noticed problems here also, I just enter my nick into the email field (hence all my dumps get '<' '>' around my nick. I've noticed it from IE & Firefox in XP as well as Firefox on Linux.

I don't refuse cookies (or login wouldn't work at all presumably) but I use whitelisting for JavaScript, and oook isn't on my whitelist, because it doesn't need to be.

Although oook is phpBB based, there are a couple of minor things on the site that definitely require JavaScript to work (check boxes in Private Messages for one) so maybe that's the problem?
__________________
You sold a Broken Sword (1d2) (-2,-4) {average} (j) for 1 gold.
The shopkeeper howls in agony!
You say "Dude, the clue is in the name...".
Daven_26d1 is offline   Reply With Quote
Old December 1, 2007, 22:20   #4
pav
Administrator
 
pav's Avatar
 
Join Date: Apr 2007
Location: Prague, Czech republic
Age: 34
Posts: 753
pav is on a distinguished road
Send a message via ICQ to pav
Quote:
Originally Posted by Daven_26d1 View Post
I don't refuse cookies (or login wouldn't work at all presumably) but I use whitelisting for JavaScript, and oook isn't on my whitelist, because it doesn't need to be.
Why on Earth would anyone want to disable JavaScript? Do you also disable tags for bold and italic text?
Quote:
Originally Posted by Daven_26d1 View Post
Although oook is phpBB based,
There is no phpBB nearby here; the site is homegrown, and the forums bit is powered by vBulletin.
Quote:
Originally Posted by Daven_26d1 View Post
there are a couple of minor things on the site that definitely require JavaScript to work (check boxes in Private Messages for one) so maybe that's the problem?
Well the easiest test is to enable JavaScript and test it. Why don't you do that?
__________________
See the elves and everything! http://angband.oook.cz
pav is offline   Reply With Quote
Old December 2, 2007, 11:05   #5
Daven_26d1
Adept
 
Daven_26d1's Avatar
 
Join Date: Jun 2007
Location: North of England.
Posts: 211
Daven_26d1 is on a distinguished road
Quote:
Originally Posted by pav View Post
Why on Earth would anyone want to disable JavaScript?
Allowing client-side scripts globally is inherently insecure, albeit that running linux makes a lot of the problems moot. Its not that I don't trust oook, its just that I only bother to allow scripts where I would lose functionality otherwise.

Quote:
There is no phpBB nearby here; the site is homegrown, and the forums bit is powered by vBulletin.
I've obviously gotten my forums mixed up, apologies.

Quote:
Well the easiest test is to enable JavaScript and test it. Why don't you do that?
Usually I'm happy to use a workaround rather than enable scripting, where I don't really lose any functionality. I guess now though, I'll have to test. Back in a mo for an edit...

EDIT - actually, I think I may have tried this before, when I first submitted a dump, elsewise the Deja Vu is bad today. Selecting "or login to forum" takes me to the forums, were I log in via the top pane as usual. Then nothing happens - going back to the ladder or whatever just starts the whole process over.

Is the "Your identity..." bit supposed to appear instead of the "your email or login..." bit? I'll see if I can figure this out later. Anyway, JavaScript doesn't appear to be the culprit.

EDIT2 - Well, fiddling around with every browser setting imaginable gives me no joy, and some work with tamperdata & http live headers flags up nothing I can use. I do see some GET requests that send random numbers to cron.php that I don't understand the purpose of; they don't appear to affect the state of my cookies, so presumably this is a serverside login thing.

A right proper headscratcher, this one.
__________________
You sold a Broken Sword (1d2) (-2,-4) {average} (j) for 1 gold.
The shopkeeper howls in agony!
You say "Dude, the clue is in the name...".

Last edited by Daven_26d1; December 2, 2007 at 12:54.
Daven_26d1 is offline   Reply With Quote
Old December 2, 2007, 16:29   #6
zaimoni
Knight
 
zaimoni's Avatar
 
Join Date: Apr 2007
Posts: 590
zaimoni is on a distinguished road
Quote:
Originally Posted by pav View Post
Why on Earth would anyone want to disable JavaScript? Do you also disable tags for bold and italic text?
This is required in IE to prevent autoinfection by malware. Antivirus software is not a substitute.

For other webbrowsers, this is a matter of personal or corporate caution level. Proper site and web application design assumes that everything must be usable even if JavaScript is disabled, unless you explicitly document otherwise.

Reputable sites are not an exception. My current AV software is noticing a malware injector on Yahoo! Finance (which *is* a reputable site); the prior one did not.
zaimoni is offline   Reply With Quote
Old December 2, 2007, 16:48   #7
Daven_26d1
Adept
 
Daven_26d1's Avatar
 
Join Date: Jun 2007
Location: North of England.
Posts: 211
Daven_26d1 is on a distinguished road
Quote:
Originally Posted by zaimoni View Post
This is required in IE to prevent autoinfection by malware. Antivirus software is not a substitute.
All too true - and its very surprising how many users are either unaware of this issue or simply don't care. This isn't too say that only IE can be affected; its just that the greatest majority of browser-based exploits and malware target IE and Windows - partly due to an expected larger target yield, and partly because many malware authors think that all windows users (and IE users in particular) are lamers who deserve to get a trashed system.
__________________
You sold a Broken Sword (1d2) (-2,-4) {average} (j) for 1 gold.
The shopkeeper howls in agony!
You say "Dude, the clue is in the name...".
Daven_26d1 is offline   Reply With Quote
Old December 2, 2007, 20:45   #8
pav
Administrator
 
pav's Avatar
 
Join Date: Apr 2007
Location: Prague, Czech republic
Age: 34
Posts: 753
pav is on a distinguished road
Send a message via ICQ to pav
Just accept all auto-updates that Windows pull down, and you will be safe. You need to find the balance between functionality and security.

As for the login issue - you're on your own. Your setup is probably non-standard enough that I can't provide any assistance here. Make sure your browser is sending bbuserid and bbsessionhash cookies to the server when requesting ladder-submit.php page. Both these cookies should be set when you log into forum.
__________________
See the elves and everything! http://angband.oook.cz
pav is offline   Reply With Quote
Old December 2, 2007, 21:12   #9
Daven_26d1
Adept
 
Daven_26d1's Avatar
 
Join Date: Jun 2007
Location: North of England.
Posts: 211
Daven_26d1 is on a distinguished road
Quote:
Originally Posted by pav View Post
Just accept all auto-updates that Windows pull down, and you will be safe.
I can't agree with you there; "security is a process, not a product" - patches only protect you from problems that have already been discovered, very often because they were used to infect machines in the wild. Disabling a service stops any and all abuses of said service, (known or unknown) dead in their tracks.

Quote:
You need to find the balance between functionality and security.
Here I agree completely; spending as much time locking down your browser than using it certainly isn't for everyone, but some of us find that stuff fun. Besides which, I find that JavaScript on the whole adds very little to my browsing experience - and if I do decide a site should have script privs, its exactly one right-click and one left-click away from getting them, temporarily or permanently as I choose.

Quote:
As for the login issue... Make sure your browser is sending bbuserid and bbsessionhash cookies to the server when requesting ladder-submit.php
Yeah, those cookies were sent/set in all cases. I'm not too concerned about the problem, I just have a pet hate of things I can't figure out. If anyone finds a setting or something that can fix (or break) this, do share...
__________________
You sold a Broken Sword (1d2) (-2,-4) {average} (j) for 1 gold.
The shopkeeper howls in agony!
You say "Dude, the clue is in the name...".
Daven_26d1 is offline   Reply With Quote
Old December 2, 2007, 21:45   #10
pav
Administrator
 
pav's Avatar
 
Join Date: Apr 2007
Location: Prague, Czech republic
Age: 34
Posts: 753
pav is on a distinguished road
Send a message via ICQ to pav
Quote:
Originally Posted by Daven_26d1 View Post
Yeah, those cookies were sent/set in all cases.
Can you drop me a Private Message with the value of these cookies?
__________________
See the elves and everything! http://angband.oook.cz
pav is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Oangband screen dumps? tigen Oook! 1 September 16, 2007 10:53
Un dumps shown as dead Bandobras Oook! 3 September 11, 2007 22:54
comment in dumps AR_chie Oook! 8 August 3, 2007 15:19


All times are GMT +1. The time now is 16:24.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.