Guests able to subscribe to topics using active topics

All errors or issues on the website/forums should be reported here and will be investigated. Support questions about how to use/access features not documented in the forum FAQ and discussion about the site forums are also welcome here, but please read this thread before posting such items.
Locked
User avatar
Kieran
RouterTech Team
RouterTech Team
Posts: 2671
Joined: Fri Jan 20, 2006 11:30 am
Location: London
Contact:

Guests able to subscribe to topics using active topics

Post by Kieran » Sun May 14, 2006 1:55 pm

The active topics page doesn't appear to have checks on it to make sure a user is logged in before allowing the subscription to threads and the display of the watch/unwatch column. While this isn't a security problem (the redundant guest ID is simply being added to the watched topics table in the db which then does nothing wrt mailing out when a thread is replied to) it should still be fixed though ;) *looks at neo because it's his mod*
Kieran
"Indeed!"
Invaluable links: Forum Rules | Networking Guides | FAQ | Site Search | Forum Search <-- Use it or feel my wrath!
No support via PM, please ask your questions in the forum!
User avatar
Shotokan101
RouterTech Team
RouterTech Team
Posts: 4776
Joined: Thu Jan 26, 2006 3:17 pm
Location: Glasgow, Scotland

Post by Shotokan101 » Sun May 14, 2006 2:37 pm

Does it show "ALL" topics to guest then - including the Private ones ? :shock:
Jim

.....I'm Sorry But I Can't Do That Dave.....
User avatar
Neo
RouterTech Team
RouterTech Team
Posts: 3583
Joined: Thu Jan 26, 2006 1:09 pm
Contact:

Post by Neo » Sun May 14, 2006 2:48 pm

Shotokan101 wrote:Does it show "ALL" topics to guest then - including the Private ones ? :shock:
Nope, it just means that when a user watches/unwatches a topic there is no check to see if a user is logged in. What topics are displayed etc are still tied to the user, as Kieran says, there is no security issue.

Thanks for the heads up Kieran (although it might have been better to mention it before, when you checked it :lol:) I will add a little check to see if a user is logged in ;)
RouterTech Team
Image
No support via PM, please ask your questions on the forum!
User avatar
Kieran
RouterTech Team
RouterTech Team
Posts: 2671
Joined: Fri Jan 20, 2006 11:30 am
Location: London
Contact:

Post by Kieran » Sun May 14, 2006 4:25 pm

Neo wrote:
Shotokan101 wrote:Does it show "ALL" topics to guest then - including the Private ones ? :shock:
Nope, it just means that when a user watches/unwatches a topic there is no check to see if a user is logged in. What topics are displayed etc are still tied to the user, as Kieran says, there is no security issue.
Neo is right, it is not a permissions issue wrt viewing or subscribing to private/registered user only forums, simply a case of guests being able to pointlessly subscribe to public forums.
Neo wrote:Thanks for the heads up Kieran (although it might have been better to mention it before, when you checked it :lol:) I will add a little check to see if a user is logged in ;)
Thanks for looking into it; sorry I didn't mention it before, but you see when I said I checked it, I check important things like perms and phpBB guidelines. I had a lot of work on and so couldn't check it to the nth degree ;)
Kieran
"Indeed!"
Invaluable links: Forum Rules | Networking Guides | FAQ | Site Search | Forum Search <-- Use it or feel my wrath!
No support via PM, please ask your questions in the forum!
User avatar
Neo
RouterTech Team
RouterTech Team
Posts: 3583
Joined: Thu Jan 26, 2006 1:09 pm
Contact:

Post by Neo » Sun May 14, 2006 4:33 pm

Kieran wrote:Thanks for looking into it; sorry I didn't mention it before, but you see when I said I checked it, I check important things like perms and phpBB guidelines. I had a lot of work on and so couldn't check it to the nth degree ;)
Yeah, I know you've got other commitments, no need to explain ;)

It should be OK now - it asks you to log in and then if you log in it redirects you to the 'active topics' page - Is that good enough? :)
RouterTech Team
Image
No support via PM, please ask your questions on the forum!
User avatar
Kieran
RouterTech Team
RouterTech Team
Posts: 2671
Joined: Fri Jan 20, 2006 11:30 am
Location: London
Contact:

Post by Kieran » Sun May 14, 2006 5:43 pm

Ideally the whole column should be made to hide when logged out and the rogue guest entries removed from the database.... BUT that takes some doing with switches and needs db access, so I have flagged this thread and will sort the rest at somepoint. Its fine for now :)
Kieran
"Indeed!"
Invaluable links: Forum Rules | Networking Guides | FAQ | Site Search | Forum Search <-- Use it or feel my wrath!
No support via PM, please ask your questions in the forum!
User avatar
Neo
RouterTech Team
RouterTech Team
Posts: 3583
Joined: Thu Jan 26, 2006 1:09 pm
Contact:

Post by Neo » Sun May 14, 2006 5:48 pm

I can hide the 'watch' column if a user is logged out, but I'll let you clean up the db ;)

I presume it's OK to simply 'not use' the watch column part of the template when the page is viewed by a guest?
RouterTech Team
Image
No support via PM, please ask your questions on the forum!
User avatar
Kieran
RouterTech Team
RouterTech Team
Posts: 2671
Joined: Fri Jan 20, 2006 11:30 am
Location: London
Contact:

Post by Kieran » Sun May 14, 2006 5:55 pm

I will do it later
Kieran
"Indeed!"
Invaluable links: Forum Rules | Networking Guides | FAQ | Site Search | Forum Search <-- Use it or feel my wrath!
No support via PM, please ask your questions in the forum!
User avatar
Neo
RouterTech Team
RouterTech Team
Posts: 3583
Joined: Thu Jan 26, 2006 1:09 pm
Contact:

Post by Neo » Sun May 14, 2006 11:27 pm

Kieran wrote:Ideally the whole column should be made to hide when logged out...
Done ;)
RouterTech Team
Image
No support via PM, please ask your questions on the forum!
User avatar
Kieran
RouterTech Team
RouterTech Team
Posts: 2671
Joined: Fri Jan 20, 2006 11:30 am
Location: London
Contact:

Post by Kieran » Mon May 15, 2006 9:11 am

Thats great Neo - just the job :)

Closing thread as issue resolved.
Kieran
"Indeed!"
Invaluable links: Forum Rules | Networking Guides | FAQ | Site Search | Forum Search <-- Use it or feel my wrath!
No support via PM, please ask your questions in the forum!
Locked