Is there any way to login to this forum using a password I select other than my registration serial number :'( ?
I cannot seem to memorize this number and have to look it up every time :( . Sometimes this is from my phone since I am at a customer site and cannot copy and paste from Outlook. Maybe I could carry a USB drive and use that or I could post it on my personal web page with a link or I could put it on Facebook or I could . . . NUTS :o !
It would be really nice to use my own password 8) .
Sorry Peter - serial number it is for now. Everything on this site is automated so when a FF order is processed the customer is automatically set up in this forum software. If only this forum software was involved then I would say yes it would be no problem to have user configurable passwords....but, the user data is shared between two other applications as well that the user can not access. Hard to describe in a post but suffice to say that it would be a nightmare for me trying to keep all three application's data in sync if users could change their own data.
I probably understand most of your issues and here is a suggestion for your "spare" time.
Maybe instead of linking by password, you could link by user name and require the user name to be the users registered email address which should have a 1:1 with your registration number database.
This would allow the user to define their own passwords.
Why are you working on a Holiday? Not enough "Spare" time :) ?
Quote
Why are you working on a Holiday?
I don't think it's holiday in Canada.
No - not a holiday in Canada. However, I just finished two weeks of personal holidays... was able to get a week of very nice warm weather down south around Grand Cayman and Cozumel. I could certainly get used to living that life. :)
I forgot all about the Newfoundland thing.
Paul, don't get too used to that life unless you can work remotely. We need you!
I've gotten in the habit of keeping my FF Reg txt file on the desktop and opening it and just copy/pasting the value. XP and XP 64bit work nice and I can double click the key and it highlights it and I can copy/paste quick. Vista/Win7 changed Notepad's click to make it include spaces so it isn't as quick, and without the file I can't remember it, so only login on certain machines. Not the safest solution for multi-user environments, but works for me.
Sounds like you took one of those cruises with Royal Carribean or so, Paul. That can be very relaxing...
Royal Carribean.... you are exactly right. 5 nights. I ate so much that I thought that I would explode. I had an additional week at home afterwards...that's a good things because I needed it in order to lose the 5 pounds gained!
Yeah - I know what you mean. I like their cruises too. I am right now thinking about taking the one to Cozumel in October. Did a short 4 nights one to the Bahamas last year as finale of an East Coast trip (I-95 from top to bottom).
I've been hesitant to connect when using public wifi as it appears HTTPS isn't an option. This doesn't come up frequently, but I'd like to be able to.
Paul, is HTTPS or anything secure available to protect my serial number when signing in? If not, would you mind connections over public wifi? If you'd prefer not, that's really not a problem--just wanted to check first though.
Thanks!
-John
Hi John,
i do not have SSL installed on the planetsquires site. I have accepted the risk that there is a remote possibility that a serial number may get sniffed. Granted, given the number FF users and the amount of times one would access the forums via an unsecured public terminal, I doubt that it is of any major concern. Also, the software that I use that controls access to the smf forum has IP tracking so if too many different IP's try to access the forum/download pages then it will disable that user's account and notify me by email to investigate.
I just found I can take the link from the emailed forum notice and it logs me in directly. No fuss - no muss.
This link is now a shortcut in my browser.
Link in my email was http://www.planetsquires.com/test/member_login.htm Which no longer works. I think this may have been an early system and even the final link sent later gave the same results, so I just go right to http://www.planetsquires.com/protect/forum/index.php . You may be seeing it caching your login. On mine even when I click Logout it still has me signed in until I close all browser windows. Unless your link has GET parameters with ? built in to the link it is caching the login. That it remembers me even when logging out would indicate that the session cookies aren't being cleared, so it would remember you if logged in once.
Hmm, playing further with this, it looks like the PHP for this BB isn't very secure and doesn't process only POST commands like it should (must be old PHP code that doesn't distinguish between them). So, you can create a GET URL that logs you in like:
http://www.planetsquires.com/members/plugins/protect/new_rewrite/login.php?amember_login=Firstname%20Lastname&amember_pass=xxxx-xxxx-xxxx-xxxx&v=-1&url=/protect/forum/index.php
Don't use this in public, otherwise anyone can login as you...hence why not secure. (Get URLs can be saved in History and Favorites)
All i have to click to get in the forums is:
http://www.planetsquires.com/protect/forum/
I dont know why you guys cant. :)
I really really like the way paul implemented the forums, I love not seeing in google what i post in this forums.
I have tried logging out, closing my browser and rebooting. The link in the Topic reply still gets me directly to the reply as if I had logged in. It must have something to do with cookies since I just tried it on another computer and it does not work.
There are 5 planetsquires cookies present and none appear to have the serial number overtly. I am using FireFox.
I am using Ie8.
I imagine if you select to remember the Serial Number that the cookie for it isn't cleared. There are 5 cookies- A Session ID with the default PHPSESSID name, a SMF cookie with some type of encoded data (When URLDecoded it looks like the content of the files that session variables are stored in...seems redundant to store it on the server and a copy in a cookie), amember_nr which is some type of MD5 hash...possibly a type of session ID, amember_ru that is your user name, and amember_rp that is a MD5 Hash of your Serial number with dashes. Seems a lot of session IDs are created, but username and password/serial are still stored as a cookie and not in the session variables.
If I link directly to the front end of the forum, I MUST type in my username and password (serial number).
If I link to a sub page, I get in for free!
What's wrong with this picture? (this is an SMF issue and has nothing to do with Paul dude at planetsquires)
As long as I don't close my browser I can go anywhere. My cookies are all set to expire when FireFox closes. When I open a new browser there are no Planetsquires cookies. One weird thing though when Logout is clicked all 5 cookies remain and a 6th PHPSESSID is created. The original is a Domain .planetsquires.com cookie and the new is a Host www.plantesquires.com cookie. Both have different Session ID values, so there is some obvious cleanup missing on logout with Session Variables and Cookies since they all remain and a 2nd session is opened. I'm guessing Paul's Host Temp folder is full of session files if there is no Cleanup Script running.
When I logout a user in my company's site I use this code at the beginning of my page:
error_reporting(0);
ini_set('display_errors',0);
session_name("GiveItaNameSoNotCalledPHPSESSID");
if (isset($_POST['Action']) && ($_POST['Action'] == 'Logoff'))
{ // Logoff
session_start(); // Open session so you can close it
$_SESSION = array(); // Clear Session Variables. Also Clears the Session File so 0byte files can be deleted from TEMP folder
if (isset($_COOKIE[session_name()])) setcookie(session_name(), '', time()-42000, '/'); // Expire Session ID Cookie
session_destroy(); // End Session
}
session_start(); // Start Session, either new or existing if not logged out
I use Safari and I have no problem at all.
My name and Serial number are filled in already so I just need to click sign in.