Camen Design Forum

NoNonsenseForum

append delete Jonhoo

Been reading your NoNonsenseForum code, and two things you might want to consider:
1) per-user random salts
2) You have a potential race condition in your code with regards to posting replies in a thread. A new post can have been posted (and written to the XML file) between the time the server reads the current XML and when it writes the updated XML, thus loosing the post written in between.

And just out of curiosity: Why do you limit the lengths of usernames, passwords when they're being hashed? And why limit the length of posts at all?

Also, you might want to put the mods in an array after first fetch, and on later use in the same execution just read from the array to avoid reading the file many times. This is not an issue now, but could be in the future if you, for instance, would want to highlight moderator posts or do something else that required you to call isMod multiple times.

Otherwise a great initiative - we need forum software that remember the motivation behind forums in the first place!

-- Jon

Reply RSS

Replies

append delete #1. Kroc

1. The hash and salt have been fixed now (see the downtime thread), the code hasn’t been pushed to github yet

2. This doesn’t pose a problem at this stage yet, with traffic being low, but should a new thread get replies very rapidly (like less than 100 milliseconds apart) it could become a problem. If you have any suggestions they’re welcome. Perhaps I could write replies to a queue and have a separate process dispatch the queue so that no two writes occur at the same time

3. The names are limited because of the theme. Many of the other lengths are limited for no particular reason, I didn’t give that enough thought when writing the code. 20 letters for a password seems enough. Posts are limited to avoid somebody dumping 100MB of text in one go

4. In most cases, mods.txt is only ever touched once per request, therefore doing anything with it once its loaded gains nothing. file_get_contents is cached by PHP so you can hit the file all day long and the disk won’t be touched.

I don’t want to highlight mod posts. They should not be given an air of superiority, I just want a good job done.

~~~
There won’t ever be signatures or user pages, crowd-spam and the like. People’s “rank” should be known simply from their participation and generosity—their actual deeds, rather than a label. In essence the forums should let humans be humans.
~~~

Thanks very much for penning your thoughts, it’s all valid stuff and I will make some changes along the lines you have suggested. If you have anything else you’d like to ask or suggest don’t feel discourteous.

append delete #2. Jonhoo

1. Ah, great!

2. A queue would be good. Alternatively, you could lock the file exclusively before doing anything, thus preventing the problem altogether. This will be less efficient, but is also a lot easier to write. Perhaps you could use that approach until you come up with a queue system to avoid any potential problems?

3. I'm just thinking that if the limit on usernames and passwords are arbitrarily chosen, they might as well be taken away.. Or at least set to something like 256 characters. I know people with passwords longer than 20 chars, which is easy to reach if you have a strong password and use password prefixing (passwordadvisor.com/…
With regards to post lengths, I see where you're coming from, and 32k characters should probably be enough.. But perhaps at least make it a configuration option like the number of posts per page?

4. I didn't know file_get_contents was cached by PHP? Doesn't say anything about it in the documentation?
The single example I gave was just to illustrate the point that there are use cases for multiple calls to isMod, and thus caching it might not be a bad idea.. Though I suppose considering you want to keep this forum extremely basic in functionality, it is not likely to get much larger, and thus it might not be needed in the foreseeable future..

That said, making moderators "visible" is not necessarily a bad idea, as it makes it easier for normal users to spot who they might contact if they want to raise a question/concern.

Apart from that, as you mention in the To-Do, edit/append would be a good addition (especially for things like spelling errors). At the moment the post formatting function is simple enough that it can be reversed, so edit should also be possible as it is.

-- Jon

append delete #3. Jonhoo

One more thing that might be harder to fix... It would be great if the URL "finder" that wraps URLs in <a> elements could detect if a URL is put in parentheses, and then not count the closing parenthesis as a part of the URL (as happened to the link in my post above).

append delete #4. Jonhoo

And (I keep noticing things after I post...), for some reason Google Chrome doesn't seem to offer to save username/password on this forum... Don't know if it is related to this issue: code.google.com/…
It might be that you need to put autocomplete="on" on the <form> tag as well?

Another problem I've noticed twice now is that Chrome doesn't allow me to paste a link into the post message field. I have to write the post in notepad, and then paste the entire post for it to work.. Maybe related to autocomplete="off"?

-- Jon

append delete #5. Kroc

2. Doing a lock is a great idea. That shall certainly suffice for now. Thank you for the suggestion

4. It's not a priority right now

---

* You can view the mod list at any time at forum.camendesign.com/… Why should I have to write code for this? :P When I mean simple, I really mean simple

* The URL finder was supposed to exclude the bracket, that's a bug there. I shall have to test with your example URL

* Thank you for noticing the autocomplete problem, I will put a fix to this

* The Chrome / paste bug is a chrome problem. Details of what triggers it is shown in the GitHub bug: github.com/… If you would like to see it fixed, please file the bug with Chrome / WebKit or suggest alternative CSS/HTML

---

I'm mostly busy today, but you've given me a string of things to do now, which is good.

#6. Kroc

This post was deleted by its owner

#7. Kroc

This post was deleted by its owner

#8. Kroc

This post was deleted by its owner

append delete #9. Kroc

Just pushed a fix for the URL thing (e.g. passwordadvisor.com/…)

Reply

(Leave this as-is, it’s a trap!)

There is no need to “register”, just enter the same name + password of your choice every time.

Pro tip: Use markup to add links, quotes and more.

Your friendly neighbourhood moderators: Kroc, Impressed, Martijn