Camen Design Forum

Delete

(Leave this as-is, it’s a trap!)

To delete this post you must be either the original author or a designated moderator.
The content of the post will be removed but the name and date will remain.

  • The post will be removed completely from the thread, rather than blanked
  • Only posts on the last page of the thread can be removed completely (so as to not break permalinks)

RE[7]: Let's rewrite NoNonsense

Kroc

@TCB

It's like doing a password reset every time you log in. Not sure I like it.

I wonder if we could create an "identity slug". You sign in via e-mail / form and you are given a unique hash URL; e.g. `?id=2fd4e1c67a2d28fced849ee1bb76e7391b93eb12`. You can bookmark that URL to be able to log in at any time. The same URL could be used to disable the account, should someone else get hold of it, and a new access URL can be e-mailed out so that a hacker cannot permanently control or disable someone else's account.

Something I'd like to see is backward compatibility

I will, to what extent I can, provide backwards compatibility -- or rather sideways compatibility. The new system will store threads in a sub-folder without mixing them with the system files (NNF only did this to support non-htaccess servers in the simplest manner). A mod_rewrite rule could forward the requests to the sub-folder to keep previous permalinks.

The new system will begin with the existing hashing method and then do some additional hashing on top so that old user files can be imported without having to know the passwords.

One thing I don't understand in that scenario is the appropriate method for meshing together login access to the restricted area with NNF's username and password.

Unfortunately Apache / HTPasswd are awfully limited. We could get NNF to create the .htpasswd files, but then we have limited options for salting. Enabling/disabling HTPasswd on demand is also difficult. I'm looking into it.

Mailchimp and probably others provide free and easy to use RSS-to-Email capability.

I would never require users to have to register with another party. My software principle is "copy, paste, run". The product should function without any external configuration or setup. (e.g. SQL database server)

" I post something to a blog and the next morning at 5am ..."

Shared hosts don't provide access to CRON. We will have to send subscription e-mails out when a post is made. I worry about over-spamming a user with a busy thread, so I need to perfect a method of flood control, whilst still working without CRON.

A plugin interface could be useful for extending the platform's capabilities.

This is the intention. For blog/admin posts, full HTML will be allowed so people can embed what they want. The new system's markup will auto expand YouTube / picture URLs into embeds; nothing over complicated.

---

P.S. This post took three days to write. My son has been keeping us up at night for weeks now. Sooo worn out.

Your friendly neighbourhood moderators: Kroc, Impressed, Martijn