DemonGoddess Posted November 8, 2011 Report Posted November 8, 2011 Registration and login- Starting approximately mid December of this year, how a user registers and signs in to the archive will be changing. This will be done by using your email address to sign in to the archive. The email address field will be set to unique, and the new registrations will be sent a validation email to finish registering. For changing email addresses, current users will also be sent a validation email. As these kinds of emails are generated by a php script, please do be sure to check spam/junk folders for them. Passwords will be encrypted, so one will have to use the utility to retrieve/reset a password from the archive. Staff will no longer be able to retrieve password information for users once this is done. Allowed Characters in login AND pen names- a-z A-Z 0-9 ' - (dash or minus sign) _ (underscore) Using anything other than these characters will make it so the name is not usable. So, if you are right now, please change your pen name before December, to get rid of the illegal characters. Duplicate registrations- As registration will be governed by email address, what's going to happen, is if you have multiple accounts, you won't be able to login until I merge those accounts. So please, if you know you have more than one, contact me at technicalsupport@adult-fanfiction.org with links to all profiles. This way, you do not lose your data. It's merged in to the account you wish to keep. Search engine upgrade- As you all know, we upgraded the core for search some time ago. However, with the age of the script, and the fact that the bulk of it is still php3, we cannot implement it in the current script. It crashes everything. Script overhaul- I'll go in to details for this probably next month. We expect to launch sometime in January, after we test it out and make sure we won't be crashing anything. There are many new features which I'm quite sure will make everyone happy.
Tigro Spottystripes Posted December 7, 2011 Report Posted December 7, 2011 Are the forum and archive accounts gonna need to use the same email address? And is plusaddressing allowed or are such emails considered "disposable"? (things like username+uniquetags@example.com)
DemonGoddess Posted December 7, 2011 Author Report Posted December 7, 2011 It's helpful if the forum and archive are registered for, with the same email, as that's one of the ways we verify whether or not a user is in the archive in the first place. Plus addressing is fine, as those aren't disposable. Disposable are things like addresses from mailinator.com, or other services like that. Those are not intended to be checked. Those are used as a catchall for where you don't wish to receive email.
Tigro Spottystripes Posted December 12, 2011 Report Posted December 12, 2011 Ok, then could you guys please fix the email address validation system in the archive please? It won't let me use an address with a plus signal in the username...
DemonGoddess Posted December 12, 2011 Author Report Posted December 12, 2011 you mean "+" this? That's because php uses that as a function call, so we really can't.
Tigro Spottystripes Posted December 12, 2011 Report Posted December 12, 2011 It's not possible to use escaping for such situations?
DemonGoddess Posted December 12, 2011 Author Report Posted December 12, 2011 Not that I'm aware of, no
Tigro Spottystripes Posted December 13, 2011 Report Posted December 13, 2011 I would be quite surprised if somthing as big and as widely used as PHP has no way to handle adequatly the presence of commonly used characters like the plus sign in inputs... Would you mind looking (further) into the possibility of tweaking the code to accept and work with email addresses with a + sign please? (ideally accepting all the appropriate recommendations from the pertinent RFCs) In the end, with the data properly escaped to avoid any potential security hole, the easiest route probably would be to impose no restriction whatsoever, and simply confirm validity of the email address by sending a secret code and/or one time link to the address and requesting the person to input the code/open the link; as long as the person can receive emails sent to the address they specified there is no need to worry about any address standards.
DemonGoddess Posted December 13, 2011 Author Report Posted December 13, 2011 Again, the problem is that certain characters are actually things used to make function calls, or to nest function calls. You'll find that most applications do not accept certain characters in user names and what not for that reason.
Tigro Spottystripes Posted December 13, 2011 Report Posted December 13, 2011 That is why escaping exists... I find it hard to believe PHP doesn't got escaping... I could be wrong, but just in case, could you guys look into this to see if there is indeed nothing you can do please?
manta2g Posted December 13, 2011 Report Posted December 13, 2011 As vast as php may be the '+' sign even when escaped for storing in a database dose not guarantee it will not mess with output and the user table joins with other tables for information output and an e-mail address with a plus sign stored in the database when outputted can break code, be it php or in java. besides the only time the archive will e-mail you is to activate your account or to reset your password, other then that the bulk of e-mail from AFF is from the forums.
Tigro Spottystripes Posted December 13, 2011 Report Posted December 13, 2011 As vast as php may be the '+' sign even when escaped for storing in a database dose not guarantee it will not mess with output and the user table joins with other tables for information output and an e-mail address with a plus sign stored in the database when outputted can break code, be it php or in java.... Is it it really common practice to not protect against malformed data? If even a simple plus sign can be so dangerous i find it a bit surprising the servers don't get compromised more often... Isn't there the risk a cosmic ray will flip some bit when the database is getting written and crash the whole site next time that field is read? If strings can be so powerful, they probably should be treated like plastic explosives, never have the material and the detonator together until it's time to use it, keep everything escaped and only unescape in the final steps for the intended use (if the exact actual content is needed, if you for example wanna compare a stored value with what the user just inputted for example you could compare the escaped, safe, versions instead) ...besides the only time the archive will e-mail you is to activate your account or to reset your password, other then that the bulk of e-mail from AFF is from the forums. But with the planned changes they prefer we use the same address on the forum and the archive...
DemonGoddess Posted December 13, 2011 Author Report Posted December 13, 2011 Tigro, There is no need to be combative. This thing you're asking for is not going to happen.
Tigro Spottystripes Posted December 13, 2011 Report Posted December 13, 2011 Combative? I didn't realized i spoke in a combative manner, sorry. I'm just trying to understand what is the obstacle so i can try to think of a way around it. Perhaps i exaggerated a bit with the analogies and hypothetical scenarios; i'm just trying to take what i've been told to the extremes to see if the explanation for the extreme cases match what i extrapolate from what i understood of what i'm being told; though i guess i'm also simultaneously trying to point out issues with the current situation and possible solutions i see, in case my understanding of the situation is accurate.
ApolloImperium Posted December 14, 2011 Report Posted December 14, 2011 Tigro - Instead of continuing this here because, yes, it has become slightly combative, I'm gonna send you a PM instead.
Guest sivan Posted May 10, 2012 Report Posted May 10, 2012 I have a problem to login. my user name is: sivan325 and i want to update my fics. I sent an email, but didn't get any password, help? I don't want to create another account while i still have one.
DemonGoddess Posted May 10, 2012 Author Report Posted May 10, 2012 Hi there Sivan, Pls check your email, sending you instructions.
Guest Satai Delenn Posted July 6, 2012 Report Posted July 6, 2012 I went to login, and I was brought to the update section. I entered a first name, last name, and it already had my user name, so I entered my birthdate (which you all have setup backward, btw), and then clicked "update." It said my user name was invalid, and to please enter a valid username. My user name has a space in it. I took out the space, and suddenly it's valid? I'm not happy about this. On top of everything else, I can't seem to access my story, and I wanted to update it to add a chapter. This new system is EXTREMELY FRUSTRATING! HOW can I find my story, and add new chapters???? And WHY can I not use my original user name?!
Guest SataiDelenn Posted July 6, 2012 Report Posted July 6, 2012 My patience with this new system is fading RAPIDLY. I had issues with the login, it won't let me use my original user name (because it had a space), I just tried to post a problem here, and my post isn't showing up. My nerves are fraying! First issue: The system won't let me use my original user name because it had a space. WHY? Second issue: I cannot find any place to access my story so that I can add chapters. Third issue: Why is it being so difficult in letting me post these problems here?!
DemonGoddess Posted July 7, 2012 Author Report Posted July 7, 2012 To answer your last post (deleted with the extras and mine). Here's the thing - I directed you to the tech support forum. If you require technical support, that is where you need to post. Posts elsewhere will be ignored/deleted. As to the announcements, those have been made in the news posts all along. The news posts are easily accessible both in the archive and the forum. I suggest you read the last few, so as to see what has happened, and how to address what you want to do.
Recommended Posts