?>


GTX0 Reconstruction Notes
Posted: Posted October 16th
Edited October 16th by Xhin
View Source Report Thread Views

The point of this post is to lay out ideas that are somewhat complicated so they're easier to build.

It may also be useful to you guys, so you can see what the site looks and feels like before it's built, and give feedback accordingly.

There are 1 Replies

Non-account posting

  • The posting user database will be hashed and salted. It's hilariously unsecure right now and there have been leaks proving this. The mod tools that do password comparisons/lengths will still work though; I found a way around this.

  • Posting users can be either password-protected or "claimed" by a single account.

  • If you're not logged in, you can guest post under any username. You'll get some kind of small prompt telling you this as well as a login/register link if you'd rather go that route.

  • When you unfocus from a username, if it's password-protected, a password box will appear that tells you that much.

  • If it's instead claimed, the password box will tell you to put in your account password to use the name. This will also log you in.

  • You can't password-protect new names -- if you want to claim them only for yourself, you'll need an account. This is definitely a step away from classic GT but it simplifies the UI heavily (which is genuinely confusing for new users) without being too drastic and disabling guest posting entirely or messing with returning users.

  • Guest posting as a name that isn't claimed or password-protected can be turned off at will by admins. When the site is under attack, this makes username bans more useful without, again, impacting returning users and those that just prefer the old way of doing things.

    From an account perspective

  • When you register, your account name turns into a posting name and also your "primary user id". This is how it works currently.

  • You can use your email address in addition to your username to login.

  • There's also an option where you can *only* use your email address to login -- a security feature basically. Might be mandatory for admins under some circumstances.

  • Current altnames get migrated to the new system -- in order to use them outside of a login you only have to remember your account password. The old passwords are still in there (so this can be reverted), but they don't work -- so old security leaks can't come back to haunt us.

    Claiming new altnames with an account

  • After your primary username, altnames are sorted alphabetically in the list.

  • Instead of "-- New Username --", you have a "New" button next to the username area when posting. This opens up the normal username box, with a password box if necessary. The difference is, you can't post as a username that's account-claimed if that account isn't yours.

  • Posting with a username will automatically claim it as an altname, and if it was password-protected, will automatically move it over to the new system.

  • Posting with a username that doesn't have a password protecting it will claim it under your account without giving it a password.

  • Next to the "New" button is a "Manage" button. This will let you unclaim altnames you've claimed (with some confirmation so you don't screw up) or swap your alternate posting name.

  • Unclaiming an altname doesn't automatically unclaim it -- it takes a week before this goes through and it can be easily reverted by those with that admin permission, in case there's a breach or a mistake.

  • This is all javascript and happens in the same area where you're making a post or reply, so a user CP panel is no longer required for any of this.

    Editing Changes

  • If you're editing a post made by an account-claimed username, you need the account password to edit it. This will also log you in.

  • If it's password-claimed, you need that password.

  • If it doesn't have a password associated with it, your ip address needs to match.

    Misc

  • This new system nukes the "post a different name in a different forum automatically" feature. I don't think this is a big deal right now since there are a lot less forums. Whenever we need it again though it'll be easy to reinstall (having "Manage" on the newpost/newreply itself would make it easier to use).

  • This system simplifies a lot from a UI perspective, but heavily simplifies the database and code, which is more the point.

  • Posted October 16th by Xhin
    View Source Quote Report
    Xhin
     
    Reply to: GTX0 Reconstruction Notes
    Enter your message here

    Rules | Report Issue | Request Feature | Roadmap Facebook Page | Discord Group
    GTX0 © 2009-2020 Xhin GameTalk © 1999-2008 lives on
    You are not forgotten, Kevin, Liane, Norma, Jason, and Garrett