Comments/Ratings for a Single Item
Ben Reiniger wrote on Thu, Mar 22, 2012 09:47 PM UTC:Ben Reiniger wrote on Fri, Mar 23, 2012 03:31 AM UTC:I have replaced the reCAPTCHA mailhide code on displayperson.php with my own custom CAPTCHA code that displays the email address as a CAPTCHA along with piece images from randomly selected Chess fonts. To get an email mailto link, just solve the CAPTCHA, whose solution happens to be the email address. Click on my name to the left of this message for an example.
The email CAPTCHA should be bot-proof now. Maybe it was already bot-proof, but the latest changes I've made should require AI on a par with human intelligence to solve, or at least something far more sophisticated than I expect to be searching our websites for email addresses. It now uses a variety of randomly generated colors within a range that is dark enough for a white background. After everything gets written, the colors get scattered, such that neighboring pixels rarely have the same color, but not so much that humans will even take much notice of the differences. Finally, it is rendered as a JPG, which is a lossy format. The bottom line is that your email addresses are now safe from bots on this site. If you still want to keep your email address private, all you will gain is privacy from other humans. Privacy from bots is taken care of.
I am having trouble uploading files both by ftp and with the file manager. This has been going on for a few days and is rather frustrating. The result is that there are sometimes delays between spotting a bug and replacing it with working code. Although the problem seems to be on my end, I haven't isolated the cause.
I have now added code to Game Courier for recognizing players who are signed in. So far, it is available for accepting invitations and for moving. My tests so far indicate that it is working properly. I have moved in one game using the new method, and I will test it more as my turn comes around in other games I'm playing. If you're not signed in already, it will ask for your password as usual, then sign you in if it is correct. This is so it doesn't behave too differently from before.
A note to David. I rewrote the pass_okay function in play/pbm/userid.php. Before it checks whether the password is correct, it checks whether the user is already signed in. If the user is not already signed in, and the password is correct, it signs the user in.
Moving while signed in seems to be working well in Game Courier. This morning, I moved the setcookie expression from pass_okay to the header code for play.php. It checks the value of the userid in the session and sets the cvpuser cookie to it if it has a value.
Hey Fergus! Maybe I'm doing it wrong, but I don't think so. I am using an OpenID using my Facebook account. It says to link a CV account using it, I have to then log in with my CV account after getting the OpenID up and running. I go that far. The trouble is that I don't think the CV account is fully linking up with the OpenID. When I try to make a move, it says that I need to be logged in. It says my name up in the top right so I know I'm logged in. Can you please assist? Thank you for your help! Best, Nick
Okay, it should work now. I was using a variable without defining it first. I deleted my OpenID from the database and used the fixed code to put it back. When it works correctly, you will see this message on the Login page near your OpenID: 'This OpenID is linked to your CVP account, such that signing in with it will automatically sign you into your CVP account.' Before showing this message, it checks the database to make sure the OpenID you are signed in with is connected to your account.
fergusd wrote on Fri, Mar 30, 2012 11:39 PM UTC:I just uploaded the updated userid.php for Game Courier, and it is working well. I made moves in my games with this account, which uses the new password format, and I made a move in a game against myself with a userid using the old format.
Things are mainly working now. There is one mystery bug I haven't figured out. At the end of the OpenID registration process, I provide a signin form. No matter whether the action is specified as cvplogin.php or with a full URL, clicking the submit button goes to signup.php, the page the form was on.
Fergus Duniho wrote on Wed, Apr 4, 2012 02:08 PM UTC:I've added the ability to display comments posted with an OpenID, but I haven't yet added the ability to post with an OpenID. The ability to display them had to be done first. Otherwise, it would be hard to test when I added the ability to post them.
I have now forged this message to appear as though it is coming from one of my OpenIDs. I'm using a generic OpenID icon right now, but I may include site-specific icons for OpenIDs from the major providers listed on the Login page.
Joe Joyce wrote on Sat, Apr 7, 2012 10:27 PM UTC:Yes, I've answered a question about that too. The problem is that URLs in the database have been changed. I forwarded my answer to David Howe in the hopes that he has a backup of the database that could be used to restore the values, but he hasn't responded. I am waiting to find out if David can do something about it before I try a more iffy solution, which would involve comparing database entries to filenames and seeing what the best fit is.
25 comments displayed
Permalink to the exact comments currently displayed.
I've been modifying the pages for viewing and editing user information. Instead of displaying your email address, a reCAPTCHA Mailhide is used. This protects your address from robots and spiders while allowing humans to see it. We used to store two email address for users. One was a private email you provided when you signed up, and the other was one you could edit. If you didn't want you email address to show up on your information page, you could delete your public email address, as many people have done. I have now consolidated the two email fields into one. Where the public email field was blank, the private email field got copied to it, and a new field for keeping your address private was set. Otherwise, the public email address was presumed to be more up-to-date and kept as your address.
These changes can be seen in the editmember.php page. The email field has been moved down and disabled. You cannot use that form to change your address. Instead, there is a separate script for changing your email address that sends a confirmation email to the new address and changes it after you confirm the change. There is a new checkbox for keeping your address from appearing on your information page. Since your address always shows up on editmember.php, that page is now accessible only when you are signed in to the account it is for. So you can't peek at the editmember pages of other users. Since your address is now more secure than it used to be, you may want to uncheck the option for keeping it off your information page. As it is now, no one can see it without answering a CAPTCHA.
Additionally, the form for changing your password has been removed from editmember.php, and it has been replaced with a link to a script for changing your password. Besides letting you change your password when you are signed in, it will let you change your password when you have forgotten it.