phpfreechat PRompt box..

[re*s.t.a.r.s.*2]

Does anyone knows, what the name value the prompt box has, so you can get the input the user put as nick name, what I want to do is test the nickname against the moderators nicks so they can't use the moderador's name... please... thank you guys..

[jimmo]

Hey there... if you're referring to the pop up prompt to choose a nick, I believe this is defined in data/public/js/pfcprompt.js. Specifically, the input field has an element id of "pfc_promptbox_field". See line 48 of the current version.

You should be able to do something like...

chosen_nick = document.getElementById('pfc_promptbox.field').value

...and you'd need to craft an onSubmit or onClick function to examine it. However, this is all client-side user interface stuff. Unless your client-side scripts know what the moderator nicks are etc., you're going to have to do the checking against these reserved nicks etc. on the server side. Probably easier done at connect time via the server side connect command handler.

Hope this helps...

Cheers
J.

[re*s.t.a.r.s.*2]

I was thinking if I can just test it using $_POST[] supperglobal and redirect the user that put a moderator nickname, that JS I got no idea and beside I am new in PHP.

[jimmo]

Oh ok, that's no problem - you can check the nick in src/commands/connect.class.php. You'll see in there that the nickname is the first parameter, see:

line 19: $nick = $params[0];

This would work because the client side pfcclient.js script calls askNick, which is what calls the function in pfcprompt.js to ask for the user's choice of nickname. Once that returns we end up in askNickResponse (pfcclient.js, line 162) which then creates a "/connect" command (line 169). So for a new connection, you're guaranteed to be coming through connect.class.php. The disadvantage is that you'll need to re-merge your changes if this php file is changed in an upgrade to a future version.

Good luck!

Cheers
J.

[re*s.t.a.r.s.*2]

Thanks I appreciate profoundly your help in this matter,
Now I tried the following

Code: Select all

if($nick == moderator ){
   header('location:where I want to go');
   }

It works but it also forbid access to the registered nick which in this case is "moderator" so I think the only way to forbid someone tipping the moderator nick name is if the test is done to form "value " using the $_POST[''] SUPPERGLOBAL, Although I cant do it because I dont know the value name that the form has... Maybe I am totally wrong can you tell what should I do... Thanks again fellow...

[jimmo]

Hmm...yes I see, you need some way to differentiate the "real" moderator from some guest who chooses the same name. Do you have some other forum or similar on your site that defines who the moderators are? It should be possible to integrate its account management/login with the chat, so that logged in users automatically assume their user name as their chat nickname (including moderators) and everyone else gets prompted to choose a nick.

Without putting users through some form of authentication process, there's probably no reliable way to ensure the person connecting with a moderator nick is really one of your moderators.

[re*s.t.a.r.s.*2]

I use Wordpress, since I dont want to give author or other powers to the moderator of the chat, I wrote a little check like

Code: Select all

$user_name = "Wordpress database nickname";
if ($user_name =="moderator"){
$params['isadmin'] = TRUE;
}else{
$params['isadmin'] = FALSE;
}

That takes care of the admin granting, but now I have disabled the ramdon nickname if not registered, and placed the PROMPt where the user can use the nick they like, doing so open the issue for anyone to pose as moderator or use the nick the moderator use, and since forms uses the $_POST[] array , I thought it would good Idea to test the value the user types in the PROMPT form of the chat and disallow the access if they typed the moderator nick.. but looks to me that prompt pfc use is not as a regular from that uses POST array, Am I rigth?

can you tell me if the Prompt for use POST or GET, or is a different beast? thanks for your help.. regards..

[re*s.t.a.r.s.*2]

Ok, I found out that the prompt make /nick newnick comand to the chat... how unfortunate.... anyy help...

[jimmo]

[...] I thought it would good Idea to test the value the user types in the PROMPT form of the chat and disallow the access if they typed the moderator nick..

Ok, but if you do that, then how does your moderator access the chat? If all users, including your moderator, access chat the same way, then I don't see how the prompt form can tell if the person choosing the moderator nick is really the moderator or some other random user. I can't see any way to escape some form of authentication.

If you don't want to integrate with wordpress authentication, then there are other alternatives but these all involve changing the code.

For example, you could update the /nick command to take an optional password parameter, define a list of "reserved" nicks in the global config (probably easiest to use the "admin" nick name/password list) and then only allow people to choose those nicks if they specify the corresponding password. Then the moderator could join as any other random name and then do "/nick moderatornick password" to become the moderator.

Does that make sense?

(Actually, thinking about it, this seems like a reasonable feature request - i.e. to have the ability to restrict a users ability to select defined admin nicknames unless accompanied by the corresponding password. I'm on the road at the moment, I'll have to think about how this could be implemented and when I get time, I'll see if I can post a feature-request/contribution on this)

[re*s.t.a.r.s.*2]

no, moderators identify outside the chat, and the chat gets their user_name value, then if not registered gets the prompt, now I found a way other than what your are saying, since the $nick get the user nick either from registered variable from database or from /nick command by ajax call, then What I did was the following:

Code: Select all

    require_once('../blog/wp-config.php');//start admin protection
    $current_user = wp_get_current_user();
    $user_name = addslashes($current_user->display_name);
    $nick = $params[0];//original with the chat
   if($nick == moderator){
   if (empty($user_name)){
    return false;
   }
   }//end protection code

Now we get the nick and the nick == to moderator then we check if the $user_name is empty with empty() function, now we get an empty then this user is a random user trying to pose as moderator, return false (kills I think the access to the forward /join), now you would think that any registered user can pose as moderator because I am testing if(empty($username), how about if is not? well dont matter cuz $PARAMS['nick'] gets the $user_name variable which is not empty and wont show the Prompt...
and then like this... hope make sense... looking forward to heard from you friend...

PS, my chat is connected to wordpress but also have the prompt enable so anyone not register can chat as well...

[jimmo]

What if I register as a normal user on your wordpress and then connect to your chat with the moderator nick?

$nick == moderator is true but $user_name is set (as I'm a registered user) so it doesn't return false.

Now I can connect to chat with moderator nick...but I'm not your moderator.

If your moderator has a normal (non-admin) wordpress user name, then you could "hard-code" a check for that specific wordpress user name.

For example, lets say the person you have as chat moderator is a normal, non-admin wp user called "myfriendjoe" but in chat, the moderator nickname is "mychatmod". You could do something like this...

if ($nick == "mychatmod") {
if ($user_name != "myfriendjoe") {
return (false);
}
}

This would mean that only that one wp user name could use the moderator nick. Of course, it means explicitly mentioning the authorized user specifically in the code but this is server-side code, so assuming the http directory permissions are set appropriately, it should be safe enough.

Cheers!
J.

[re*s.t.a.r.s.*2]

well

What if I register as a normal user on your wordpress and then connect to your chat with the moderator nick?

$nick == moderator is true but $user_name is set (as I'm a registered user) so it doesn't return false.

Now I can connect to chat with moderator nick...but I'm not your moderator.

You cant because there a previous test that checks if $user_name is empty and if you are registered this wouldnt be empty , will hold your nick and the test do so, so it gives this nickname to the chat, now if empty, then you haven logged in or registered and then will show you the PFC prompt,.
So basically if you are registered user and want to pose as "moderator" you will not get it at all because it will use your nickname as first choose, and the test that grands admin powers check that $user_name is equal to "moderator"...... and you have a different nickname...
for the other test you make I think it would also work, because it test the same as my above check...
No if I just can get to show a pop up to show the like when the chat shows that the user name is available would make it perfect thanks for helping learn looking forward to heard from you again fellow...

[jimmo]

You cant because there a previous test that checks if $user_name is empty and if you are registered this wouldnt be empty , will hold your nick and the test do so, so it gives this nickname to the chat, now if empty, then you haven logged in or registered and then will show you the PFC prompt,.

Apologies, my friend, I didn't know you had earlier code that only creates the prompt box for an empty $user_name. So yes, you are right - if the user can only choose a nick when *not* logged into WP, then that will work!