Check out Symmetric Chess, our featured variant for March, 2024.


[ Help | Earliest Comments | Latest Comments ]
[ List All Subjects of Discussion | Create New Subject of Discussion ]
[ List Latest Comments Only For Pages | Games | Rated Pages | Rated Games | Subjects of Discussion ]

Comments/Ratings for a Single Item

LatestLater Reverse Order EarlierEarliest
Index page of The Chess Variant Pages. Our main index page.[All Comments] [Add Comment or Rating]
🕸Fergus Duniho wrote on Sat, Apr 7, 2012 10:37 PM UTC:
Yes, I've answered a question about that too. The problem is that URLs in the database have been changed. I forwarded my answer to David Howe in the hopes that he has a backup of the database that could be used to restore the values, but he hasn't responded. I am waiting to find out if David can do something about it before I try a more iffy solution, which would involve comparing database entries to filenames and seeing what the best fit is.

Joe Joyce wrote on Sat, Apr 7, 2012 10:27 PM UTC:
It's been noticed only some of the preset links work. The rest link to the Game Courier Games page. Yet links on specific game pages for those presets will go to that preset. I've had inquiries.

Fergus Duniho wrote on Wed, Apr 4, 2012 02:08 PM UTC:

I've added the ability to display comments posted with an OpenID, but I haven't yet added the ability to post with an OpenID. The ability to display them had to be done first. Otherwise, it would be hard to test when I added the ability to post them.

I have now forged this message to appear as though it is coming from one of my OpenIDs. I'm using a generic OpenID icon right now, but I may include site-specific icons for OpenIDs from the major providers listed on the Login page.


🕸Fergus Duniho wrote on Sat, Mar 31, 2012 12:08 AM UTC:
I've now just modified usermodifycomment.php.

🕸Fergus Duniho wrote on Sat, Mar 31, 2012 12:00 AM UTC:

I just uploaded the updated userid.php for Game Courier, and it is working well. I made moves in my games with this account, which uses the new password format, and I made a move in a game against myself with a userid using the old format.

Things are mainly working now. There is one mystery bug I haven't figured out. At the end of the OpenID registration process, I provide a signin form. No matter whether the action is specified as cvplogin.php or with a full URL, clicking the submit button goes to signup.php, the page the form was on.


Gus Duniho wrote on Fri, Mar 30, 2012 11:41 PM UTC:
As another test, this is posted with an account that still uses the old style of password.

fergusd wrote on Fri, Mar 30, 2012 11:39 PM UTC:
I just recreated this account using email registration. The password is stored as a salted hash, and it is case sensitive. As long as I was allowing new passwords to be case sensitive, I decided to replace the unsalted hash the passwords have been stored as with salted hashes. The benefit of salted hashes is that when two users have the same password, the salted hashes of their passwords will still look different. So you won't be able to tell they are the same by looking at them. I am currently in the process of uploading and testing scripts that use the new password format. For backwards compatibility with the old passwords, the case insensitive unsalted passwords are still recognized. But if you change your password, even to the same one, it will be stored in the new manner. So far, I have done cvplogin.php, signup.php, registeruser.php, displayperson.php, and if this works, addcomment.php.

F Duniho wrote on Fri, Mar 30, 2012 12:33 PM UTC:
Here's another test. For this test, I will use an extra account I created for testing purposes that currently has a case-sensitive password.

🕸Fergus Duniho wrote on Fri, Mar 30, 2012 12:31 PM UTC:
Here's another test. For this test, I will enter my password differently.

🕸Fergus Duniho wrote on Fri, Mar 30, 2012 12:30 PM UTC:
We have been using case-insensitive passwords here, but the login and password changing code I recently wrote did not take this into account. Since case-sensitive passwords are more secure, and it is easy enough to change your password if you forget it, I have decided to go with case-sensitive passwords. However, the database is full of case-insensitive passwords. So, I have built in backwards compatibility for case-insensitive passwords while allowing for new passwords to be case-sensitive. I have also modified the password checking code for posting comments. This comment will be a test that it works.

🕸Fergus Duniho wrote on Thu, Mar 29, 2012 08:20 PM UTC:
To make your email address even more secure, I have added bot and browser detection to the script that draws the email CAPTCHA. If it detects a bot or doesn't recognize the browser, it will display a different message than your email address. Firefox, Internet Explorer, Opera, Chrome, and Safari should all be recognized.

🕸Fergus Duniho wrote on Thu, Mar 29, 2012 06:01 PM UTC:
I have made a few slight modifications to indexingfuncs.php and to globalindex.css that will prevent most comments from being made too wide when some other comment is too wide. I changed the SPAN that surrounds the comment to a DIV, and in the style sheet I added a max-width attribute of 800px. The reason for switching to DIV is that max-width does not work with SPAN. The main problem now is with comments that are surrounded by PRE tags and have since lost their original linefeeds. I edited one to have suitable linefeeds but decided to stop there.

🕸Fergus Duniho wrote on Thu, Mar 29, 2012 01:12 PM UTC:

Okay, it should work now. I was using a variable without defining it first. I deleted my OpenID from the database and used the fixed code to put it back. When it works correctly, you will see this message on the Login page near your OpenID: 'This OpenID is linked to your CVP account, such that signing in with it will automatically sign you into your CVP account.' Before showing this message, it checks the database to make sure the OpenID you are signed in with is connected to your account.


Nicholas Wolff wrote on Thu, Mar 29, 2012 03:21 AM UTC:
Hey Fergus!

Maybe I'm doing it wrong, but I don't think so.  I am using an OpenID
using my Facebook account.  It says to link a CV account using it, I have
to then log in with my CV account after getting the OpenID up and running. 
I go that far.  The trouble is that I don't think the CV account is fully
linking up with the OpenID.  When I try to make a move, it says that I
need to be logged in.  It says my name up in the top right so I know I'm
logged in.  Can you please assist?  Thank you for your help!

Best,
Nick

🕸Fergus Duniho wrote on Tue, Mar 27, 2012 01:13 PM UTC:

Moving while signed in seems to be working well in Game Courier. This morning, I moved the setcookie expression from pass_okay to the header code for play.php. It checks the value of the userid in the session and sets the cvpuser cookie to it if it has a value.


🕸Fergus Duniho wrote on Tue, Mar 27, 2012 01:05 AM UTC:

I have now added code to Game Courier for recognizing players who are signed in. So far, it is available for accepting invitations and for moving. My tests so far indicate that it is working properly. I have moved in one game using the new method, and I will test it more as my turn comes around in other games I'm playing. If you're not signed in already, it will ask for your password as usual, then sign you in if it is correct. This is so it doesn't behave too differently from before.

A note to David. I rewrote the pass_okay function in play/pbm/userid.php. Before it checks whether the password is correct, it checks whether the user is already signed in. If the user is not already signed in, and the password is correct, it signs the user in.


🕸Fergus Duniho wrote on Mon, Mar 26, 2012 04:48 PM UTC:

I am having trouble uploading files both by ftp and with the file manager. This has been going on for a few days and is rather frustrating. The result is that there are sometimes delays between spotting a bug and replacing it with working code. Although the problem seems to be on my end, I haven't isolated the cause.


🕸Fergus Duniho wrote on Fri, Mar 23, 2012 10:48 PM UTC:

The email CAPTCHA should be bot-proof now. Maybe it was already bot-proof, but the latest changes I've made should require AI on a par with human intelligence to solve, or at least something far more sophisticated than I expect to be searching our websites for email addresses. It now uses a variety of randomly generated colors within a range that is dark enough for a white background. After everything gets written, the colors get scattered, such that neighboring pixels rarely have the same color, but not so much that humans will even take much notice of the differences. Finally, it is rendered as a JPG, which is a lossy format. The bottom line is that your email addresses are now safe from bots on this site. If you still want to keep your email address private, all you will gain is privacy from other humans. Privacy from bots is taken care of.


🕸Fergus Duniho wrote on Fri, Mar 23, 2012 11:58 AM UTC:

I have replaced the reCAPTCHA mailhide code on displayperson.php with my own custom CAPTCHA code that displays the email address as a CAPTCHA along with piece images from randomly selected Chess fonts. To get an email mailto link, just solve the CAPTCHA, whose solution happens to be the email address. Click on my name to the left of this message for an example.


🕸Fergus Duniho wrote on Fri, Mar 23, 2012 03:59 AM UTC:
The reCAPTCHA for hiding the email is now linked to a PHP drawn image of the email address, which draws the letters in different fonts, colors, and sizes at different angles and heights. This is designed to be readable to a human but not to a bot. The code for drawing the email address gets it from the database. So it doesn't appear in the URL.

Ben Reiniger wrote on Fri, Mar 23, 2012 03:31 AM UTC:
Yes, the login wasn't working from the Play page; I just wondered whether something was wacky with my id/password, that's why I tested the message here. Now I can get logged in from the Play page, thanks.

F Duniho wrote on Thu, Mar 22, 2012 11:06 PM UTC:
There was a problem with logging in due to a change I made to php.ini. I had removed C from variables_order, so that the userid cookie wouldn't create problems in scripts that get a userid form value. It appears that C needs to remain in the EGPCS for sessions to work. So I put it back in. I'll probably just rename the cookie.

🕸Fergus Duniho wrote on Thu, Mar 22, 2012 10:19 PM UTC:
Logging in still isn't used for posting messages. That's still done by entering your userid and password.

Ben Reiniger wrote on Thu, Mar 22, 2012 09:47 PM UTC:
I can't seem to get myself logged in now. Let me see if this message goes through... Yes, that worked. Hmm.

🕸Fergus Duniho wrote on Thu, Mar 22, 2012 06:02 PM UTC:

I've been modifying the pages for viewing and editing user information. Instead of displaying your email address, a reCAPTCHA Mailhide is used. This protects your address from robots and spiders while allowing humans to see it. We used to store two email address for users. One was a private email you provided when you signed up, and the other was one you could edit. If you didn't want you email address to show up on your information page, you could delete your public email address, as many people have done. I have now consolidated the two email fields into one. Where the public email field was blank, the private email field got copied to it, and a new field for keeping your address private was set. Otherwise, the public email address was presumed to be more up-to-date and kept as your address.

These changes can be seen in the editmember.php page. The email field has been moved down and disabled. You cannot use that form to change your address. Instead, there is a separate script for changing your email address that sends a confirmation email to the new address and changes it after you confirm the change. There is a new checkbox for keeping your address from appearing on your information page. Since your address always shows up on editmember.php, that page is now accessible only when you are signed in to the account it is for. So you can't peek at the editmember pages of other users. Since your address is now more secure than it used to be, you may want to uncheck the option for keeping it off your information page. As it is now, no one can see it without answering a CAPTCHA.

Additionally, the form for changing your password has been removed from editmember.php, and it has been replaced with a link to a script for changing your password. Besides letting you change your password when you are signed in, it will let you change your password when you have forgotten it.


25 comments displayed

LatestLater Reverse Order EarlierEarliest

Permalink to the exact comments currently displayed.