WiGLE.net

Wireless Geographic Logging Engine
https://wigle.net/phpbb/

Please make it hard to accidently post files anonymously

https://wigle.net/phpbb/viewtopic.php?t=146

Page 1 of 1

Please make it hard to accidently post files anonymously

Posted: Tue Jul 01, 2003 2:16 am
by scarhill
Twice today I have accidently uploaded files as 'anonymous'. While I should have noticed the identity on the post page, in both cases I had logged in recently--in one case I posted one file, clicked on the 'Post File' link at the top of the page. The post page it took me to showed my identity as 'anonymous' even though I had been logged in for the first file.

I assume most people don't want to post files anoymously, so an "are you sure" when they're about to might be indicated. Also, lengthening the login timeout might help to.

I wonder if the needing to login between two successive file posts is a bug?

Thanks!

Jim

Made more apparent

Posted: Tue Jul 01, 2003 3:10 am
by bobzilla
The post file page now has more of a dangerous look to it if you're not logged in. The problem you are seeing is that perl's cgi layer won't accept files while authenticated, which is Real Wierd, so we kinda cheat when uploading. If you use 'back' or a link to leave the post-file-upload screen it'll go back to your logged in state, otherwise it leaves it. I should pry redo the whole auth scheme at some point. maybe soon, i can think of a few easy ways to fix it.

Thanks for the feedback!

That's an improvment

Posted: Tue Jul 01, 2003 12:16 pm
by scarhill
The change will make it harder for me to screw up. Thanks!

One other thing--I used to use the Back button when I had multiple files to post, but since you added the header links to the response page, I used the Post link there, which takes me to the post page as anonymous. Maybe you should remove that link from the response page until you get the authentication issue straightened out.

Thanks for the quick response and the great site!

Jim

Header processing

Posted: Tue Jul 01, 2003 1:17 pm
by bobzilla
Whoops, forgot to post process the header, those links should be fixed now. Thanks again for the feedback. :)

Reworked auth

Posted: Thu Jul 03, 2003 7:25 am
by bobzilla
I've redone how we handle auth on the WiGLE (non-phpbb) side of things, I'm now not relying on url partitioning for anything, seems a lot cleaner. Please post if anyone runs into issues.

Eventually I want both regular WiGLE and this phpbb forum to read each other's cookies so you only have to auth once. A project for another night tho.

Posted: Sat Aug 30, 2003 10:49 pm
by Guest
Yeah, early on I accidentally uploaded 1500 AP's under "anonymous"... didn't realize I wasn't still logged in.

Ah well, I'm number 18 and moving up!
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/