Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Tue Sep 04, 2007 12:56 am Reply with quote

I would be more inclined to keep delete functions within the admin pages.
Although you *could* put them in the user page wrapped in an is_admin check, that would use some extra resources which are not really essential.
 
View user's profile Send private message Send e-mail
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Tue Sep 04, 2007 6:17 am Reply with quote

Nice line of thought if you dont mind me saying. But you could in fact put a captcha to help prevent bots, I personally think sessions might be a good idea to start with as well.


I would force a wait of about 10 seconds between each post and a maximum of 3 posts per minute.

I think that would put a stopper in almost any spammer.

As for the admin functions, I sudjest a single use of the is_admin function.

For example, I believe you would use a loop in this for any output.

I would do this:

if(is_admin($admin)){
loop for admins;
}else{
loop for users;
}

I think that would eliminate any extra resources that would not normally be used.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Tue Sep 04, 2007 7:34 am Reply with quote

Gremmie,

Given the original way this module was set up, where the module itself was read only, and the admin piece was, well, the admin piece, I would prefer to see all deletions be active only within the admin piece.

It is funny, because when you originally asked me this question earlier this weekend, I had never even activated the module piece because I just thought it was just an admin module. Hence why I was confused by your question. Sorry about that.

gregexp,

I have been running RN 2.10.x with the spam captcha since before it was even released and I agree that an effective captcha will stop most. However, I did have five articles spammed about the same time Gremmie did where the punk actually created a user and literally went through and manually spammed. I could tell from the post times that it was not automated... I think he finally got tired of it after he spammed my front page news articles. This module was sure nice to have at that time.... made getting rid of the spam very quick and painless.

Thanks Guardian and Gremmie for your work on this!

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Guardian2003
PostPosted: Tue Sep 04, 2007 11:47 am Reply with quote

To clarify my earlier post, my opinion to only use a delete function within the admin page to avoid resource wastage is simply because, although only one 'check' might be needed as grepexp mentions, if you have a high traffic site, that 'check' is going to be carried out for every http request. Thus 100 visitors = 100 is_admin checks which do not *need* to be carried out IMHO.
I know it's only miniscule amounts of resources we are talking about but from little acorns...
 
montego
PostPosted: Wed Sep 05, 2007 5:06 am Reply with quote

Well, one could cut out the function call each time by setting a variable or constant up front with the result of ONE is_admin() call... Wink

But, then you still have to wrap the row with an IF statement, but, hey, that is what control structures are for. Laughing (Just having a little fun...)

However, since the module already came with an admin section, it could still go in there. I liked it only because I could focus my reviews and deletions by module and could therefore, get more rows on a page to review and/or delete. BUT, not seeing how the new module is coded (works), I guess I don't know one way or the other which way would be best.
 
Gremmie
Former Moderator in Good Standing


Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Wed Sep 05, 2007 7:50 am Reply with quote

Well I started coding an admin part. But I don't see what the performance hit of an is_admin() check is going to be. Surely at least one call is made to is_admin() on any random page load, and after that, isn't the result cached in a static variable? And you are right, in my module code I would call is_admin() once and cache it myself anyway.

I can't seem to find (yet) the magic phpBB function that will let me delete a forum post. I was hoping to find it in includes somewhere. If not, I'll look in modules/Forums, and if the code isn't too long I'll just duplicate it. Otherwise I'll leave forum post deletions up to the already existing phpBB functions.

_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module 
View user's profile Send private message
Gremmie
PostPosted: Wed Sep 05, 2007 6:16 pm Reply with quote

The magic delete forum post code isn't actually a function, it's just a whole bunch of code in a switch statement in the file modcp.php. Sad

I could either

1) replicate that code (which consists of 4 or 5 SELECTS followed by 7 deletes followed by a sync() forum call!) in the comments module

2) factor the code into a callable free function and place it in includes, then modify modcp.php to call it (of course this will have to be redone upon every BBtoNuke change...ughh)

3) Just leave forum post deletion up to the already existing phpBB facilities

Thoughts? (I'm thinking option 3....)
 
montego
PostPosted: Thu Sep 06, 2007 7:40 am Reply with quote

Gremmie, well, although I agree that Option 3 may be the right choice for now, but if you think about it from a poor admin's perspective if they actually left their forums open for anonymous posting (yeah, I know, maybe they deserve the swift kick in the pants), could you imagine how difficult it will be for them to clean that mess up?

Maybe something for us to just think about down the road, but not now.
 
Gremmie
PostPosted: Thu Sep 06, 2007 4:47 pm Reply with quote

I was wrong about the delete post code. It is actually in posting.php and eventually calls delete_post() which is in includes/functions_post.php. That function is pretty phpBB specific but perhaps I can figure out what it is doing. If I can't call it directly I can possible do the same steps it is doing.
 
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Fri Sep 07, 2007 12:28 pm Reply with quote

Yes back to comments.

Some quick stats on the new is_user and is_admin from my local system.

Going to the index page. Old method: 152 queries, new method: 141 queries.

Going from index page to admin screen: Old method: 131 queries, new method: 108 queries.
 
View user's profile Send private message Visit poster's website
montego
PostPosted: Fri Sep 07, 2007 6:55 pm Reply with quote

yeah, the ones which calls is_admin() in a loop are the "killers". Wink
 
Gremmie
PostPosted: Sat Sep 08, 2007 12:25 pm Reply with quote

The only thing left to do is to delete forum posts. I don't want to give up on this, but wow...

I have given up on the idea of just doing what phpBB does on my own. It is way too complicated, too many corner cases, and too much code to replicate. Most, but not all, of what I need, is in the functions found in includes/functions_post.php. I think I am going to copy some of the surrounding glue code in Forums/posting.php and then call the functions in functions_post.php just like it does, if you follow me.

That means I will have to include functions_post.php. I think I can do this, I just have to define IN_PHPBB first.
 
Gremmie
PostPosted: Sat Sep 08, 2007 1:11 pm Reply with quote

Crap that is turning out to be a pain too as now I have to setup a whole bunch of globals and stuff for the code in functions_post.php to work. I can't just include Forums/nukebb.php as it includes header.php.
 
fkelly
PostPosted: Sat Sep 08, 2007 7:30 pm Reply with quote

Gremmie, a while back I tried to clone the Forums "search for a user" function because I thought it would be great to have in Your Account. After a morning trying to follow all the paths the code took me down I gave the idea up. It is just way too convoluted to be cloned over into Nuke or called from core Nuke. It sounds like you are running into the same thing.
 
Gremmie
PostPosted: Sat Sep 08, 2007 7:34 pm Reply with quote

Yes.... Sad

I thought I posted here but it is gone now. Confused I checked something in for the Comments module, minus the forum deletion, as a beta test for the RN team. When you have a chance, let me know what you think.
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Sun Sep 09, 2007 11:21 am Reply with quote

Gremmie,

I have been testing Comments and sent you my results (just for the record) Smile.

RN Team - Also, I am going to move most of this thread to our Development area because it really is a development issue other than the spam issue Smile
 
View user's profile Send private message
Raven
PostPosted: Sun Sep 09, 2007 2:25 pm Reply with quote

Got them and posted them. All seems well Smile
 
Raven
PostPosted: Sun Sep 09, 2007 11:24 pm Reply with quote

I have moved the posts to the RavenNuke Design Methodology Discussions forum (Developers only)
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©