Jump to content

Click Here!

New registration procedure, and other coding news


DemonGoddess

Recommended Posts

Registration and login-

Starting approximately mid December of this year, how a user registers and signs in to the archive will be changing. This will be done by using your email address to sign in to the archive. The email address field will be set to unique, and the new registrations will be sent a validation email to finish registering. For changing email addresses, current users will also be sent a validation email. As these kinds of emails are generated by a php script, please do be sure to check spam/junk folders for them.

Passwords will be encrypted, so one will have to use the utility to retrieve/reset a password from the archive. Staff will no longer be able to retrieve password information for users once this is done.

Allowed Characters in login AND pen names-

  • a-z
  • A-Z
  • 0-9
  • '
  • - (dash or minus sign)
  • _ (underscore)

Using anything other than these characters will make it so the name is not usable. So, if you are right now, please change your pen name before December, to get rid of the illegal characters.

Duplicate registrations-

As registration will be governed by email address, what's going to happen, is if you have multiple accounts, you won't be able to login until I merge those accounts. So please, if you know you have more than one, contact me at technicalsupport@adult-fanfiction.org with links to all profiles. This way, you do not lose your data. It's merged in to the account you wish to keep.

Search engine upgrade-

As you all know, we upgraded the core for search some time ago. However, with the age of the script, and the fact that the bulk of it is still php3, we cannot implement it in the current script. It crashes everything.

Script overhaul-

I'll go in to details for this probably next month. We expect to launch sometime in January, after we test it out and make sure we won't be crashing anything.

There are many new features which I'm quite sure will make everyone happy.

Link to comment
Share on other sites

  • 5 weeks later...

It's helpful if the forum and archive are registered for, with the same email, as that's one of the ways we verify whether or not a user is in the archive in the first place. Plus addressing is fine, as those aren't disposable. Disposable are things like addresses from mailinator.com, or other services like that. Those are not intended to be checked. Those are used as a catchall for where you don't wish to receive email.

Link to comment
Share on other sites

I would be quite surprised if somthing as big and as widely used as PHP has no way to handle adequatly the presence of commonly used characters like the plus sign in inputs...

Would you mind looking (further) into the possibility of tweaking the code to accept and work with email addresses with a + sign please? (ideally accepting all the appropriate recommendations from the pertinent RFCs)

In the end, with the data properly escaped to avoid any potential security hole, the easiest route probably would be to impose no restriction whatsoever, and simply confirm validity of the email address by sending a secret code and/or one time link to the address and requesting the person to input the code/open the link; as long as the person can receive emails sent to the address they specified there is no need to worry about any address standards.

Link to comment
Share on other sites

As vast as php may be the '+' sign even when escaped for storing in a database dose not guarantee it will not mess with output and the user table joins with other tables for information output and an e-mail address with a plus sign stored in the database when outputted can break code, be it php or in java. besides the only time the archive will e-mail you is to activate your account or to reset your password, other then that the bulk of e-mail from AFF is from the forums.

Link to comment
Share on other sites

As vast as php may be the '+' sign even when escaped for storing in a database dose not guarantee it will not mess with output and the user table joins with other tables for information output and an e-mail address with a plus sign stored in the database when outputted can break code, be it php or in java....

Is it it really common practice to not protect against malformed data? If even a simple plus sign can be so dangerous i find it a bit surprising the servers don't get compromised more often...

Isn't there the risk a cosmic ray will flip some bit when the database is getting written and crash the whole site next time that field is read?

If strings can be so powerful, they probably should be treated like plastic explosives, never have the material and the detonator together until it's time to use it, keep everything escaped and only unescape in the final steps for the intended use (if the exact actual content is needed, if you for example wanna compare a stored value with what the user just inputted for example you could compare the escaped, safe, versions instead)

...besides the only time the archive will e-mail you is to activate your account or to reset your password, other then that the bulk of e-mail from AFF is from the forums.

But with the planned changes they prefer we use the same address on the forum and the archive...

Link to comment
Share on other sites

Combative? I didn't realized i spoke in a combative manner, sorry. I'm just trying to understand what is the obstacle so i can try to think of a way around it.

Perhaps i exaggerated a bit with the analogies and hypothetical scenarios; i'm just trying to take what i've been told to the extremes to see if the explanation for the extreme cases match what i extrapolate from what i understood of what i'm being told; though i guess i'm also simultaneously trying to point out issues with the current situation and possible solutions i see, in case my understanding of the situation is accurate.

Link to comment
Share on other sites

  • 4 months later...
Guest sivan

I have a problem to login. my user name is: sivan325 and i want to update my fics.

I sent an email, but didn't get any password, help?

I don't want to create another account while i still have one.

Link to comment
Share on other sites

  • 1 month later...
Guest Satai Delenn

I went to login, and I was brought to the update section. I entered a first name, last name, and it already had my user name, so I entered my birthdate (which you all have setup backward, btw), and then clicked "update." It said my user name was invalid, and to please enter a valid username. My user name has a space in it. I took out the space, and suddenly it's valid? I'm not happy about this. On top of everything else, I can't seem to access my story, and I wanted to update it to add a chapter.

This new system is EXTREMELY FRUSTRATING! HOW can I find my story, and add new chapters???? And WHY can I not use my original user name?!

Link to comment
Share on other sites

Guest SataiDelenn

My patience with this new system is fading RAPIDLY. I had issues with the login, it won't let me use my original user name (because it had a space), I just tried to post a problem here, and my post isn't showing up. My nerves are fraying!

First issue: The system won't let me use my original user name because it had a space. WHY?

Second issue: I cannot find any place to access my story so that I can add chapters.

Third issue: Why is it being so difficult in letting me post these problems here?!

Link to comment
Share on other sites

To answer your last post (deleted with the extras and mine). Here's the thing - I directed you to the tech support forum. If you require technical support, that is where you need to post. Posts elsewhere will be ignored/deleted.

As to the announcements, those have been made in the news posts all along. The news posts are easily accessible both in the archive and the forum. I suggest you read the last few, so as to see what has happened, and how to address what you want to do.

Link to comment
Share on other sites

×
×
  • Create New...