• Forum
  • Doc
  • Screenshots
  • Download
  • Donate
  • Contributors
  • Contact
  • Follow @phpfreechat
  • DEMO
  • Board index ‹ Version 1.x branch ‹ General Support (v1.x)
  • Change font size
  • FAQ
  • Register
  • Login

phpfreechat PRompt box..

Moderators: OldWolf, re*s.t.a.r.s.*2

Post a reply
13 posts • Page 1 of 1

Postby re*s.t.a.r.s.*2 » Sat Aug 28, 2010 5:34 am

Does anyone knows, what the name value the prompt box has, so you can get the input the user put as nick name, what I want to do is test the nickname against the moderators nicks so they can't use the moderador's name... please... thank you guys..
Last edited by re*s.t.a.r.s.*2 on Sat Aug 28, 2010 5:34 am, edited 1 time in total.
Free Singles Chat Rooms No Registration Required
Text and Chat Singles no need to register or app required
Sala De Bate Papo Online Grátis E Sem Cadastro
re*s.t.a.r.s.*2
Support Team
 
Posts: 612
Joined: Wed Sep 24, 2008 4:04 pm
Location: los angeles CA
  • Website
Top

Postby jimmo » Sat Aug 28, 2010 8:35 am

Hey there... if you're referring to the pop up prompt to choose a nick, I believe this is defined in data/public/js/pfcprompt.js. Specifically, the input field has an element id of "pfc_promptbox_field". See line 48 of the current version.

You should be able to do something like...

chosen_nick = document.getElementById('pfc_promptbox.field').value

...and you'd need to craft an onSubmit or onClick function to examine it. However, this is all client-side user interface stuff. Unless your client-side scripts know what the moderator nicks are etc., you're going to have to do the checking against these reserved nicks etc. on the server side. Probably easier done at connect time via the server side connect command handler.

Hope this helps...

Cheers
J.
jimmo
Member
 
Posts: 23
Joined: Wed Aug 18, 2010 3:51 pm
Top

Postby re*s.t.a.r.s.*2 » Sat Aug 28, 2010 1:17 pm

I was thinking if I can just test it using $_POST[] supperglobal and redirect the user that put a moderator nickname, that JS I got no idea and beside I am new in PHP.
Free Singles Chat Rooms No Registration Required
Text and Chat Singles no need to register or app required
Sala De Bate Papo Online Grátis E Sem Cadastro
re*s.t.a.r.s.*2
Support Team
 
Posts: 612
Joined: Wed Sep 24, 2008 4:04 pm
Location: los angeles CA
  • Website
Top

Postby jimmo » Sat Aug 28, 2010 1:36 pm

Oh ok, that's no problem - you can check the nick in src/commands/connect.class.php. You'll see in there that the nickname is the first parameter, see:

line 19: $nick = $params[0];

This would work because the client side pfcclient.js script calls askNick, which is what calls the function in pfcprompt.js to ask for the user's choice of nickname. Once that returns we end up in askNickResponse (pfcclient.js, line 162) which then creates a "/connect" command (line 169). So for a new connection, you're guaranteed to be coming through connect.class.php. The disadvantage is that you'll need to re-merge your changes if this php file is changed in an upgrade to a future version.

Good luck!

Cheers
J.
jimmo
Member
 
Posts: 23
Joined: Wed Aug 18, 2010 3:51 pm
Top

Postby re*s.t.a.r.s.*2 » Sat Aug 28, 2010 11:06 pm

Thanks I appreciate profoundly your help in this matter,
Now I tried the following
Code: Select all
if($nick == moderator ){
   header('location:where I want to go');
   }

It works but it also forbid access to the registered nick which in this case is "moderator" so I think the only way to forbid someone tipping the moderator nick name is if the test is done to form "value " using the $_POST[''] SUPPERGLOBAL, Although I cant do it because I dont know the value name that the form has... Maybe I am totally wrong can you tell what should I do... Thanks again fellow...
Free Singles Chat Rooms No Registration Required
Text and Chat Singles no need to register or app required
Sala De Bate Papo Online Grátis E Sem Cadastro
re*s.t.a.r.s.*2
Support Team
 
Posts: 612
Joined: Wed Sep 24, 2008 4:04 pm
Location: los angeles CA
  • Website
Top

Postby jimmo » Sun Aug 29, 2010 7:43 pm

Hmm...yes I see, you need some way to differentiate the "real" moderator from some guest who chooses the same name. Do you have some other forum or similar on your site that defines who the moderators are? It should be possible to integrate its account management/login with the chat, so that logged in users automatically assume their user name as their chat nickname (including moderators) and everyone else gets prompted to choose a nick.

Without putting users through some form of authentication process, there's probably no reliable way to ensure the person connecting with a moderator nick is really one of your moderators.
jimmo
Member
 
Posts: 23
Joined: Wed Aug 18, 2010 3:51 pm
Top

Postby re*s.t.a.r.s.*2 » Sun Aug 29, 2010 8:02 pm

I use Wordpress, since I dont want to give author or other powers to the moderator of the chat, I wrote a little check like
Code: Select all
$user_name = "Wordpress database nickname";
if ($user_name =="moderator"){
$params['isadmin'] = TRUE;
}else{
$params['isadmin'] = FALSE;
}

That takes care of the admin granting, but now I have disabled the ramdon nickname if not registered, and placed the PROMPt where the user can use the nick they like, doing so open the issue for anyone to pose as moderator or use the nick the moderator use, and since forms uses the $_POST[] array , I thought it would good Idea to test the value the user types in the PROMPT form of the chat and disallow the access if they typed the moderator nick.. but looks to me that prompt pfc use is not as a regular from that uses POST array, Am I rigth?

can you tell me if the Prompt for use POST or GET, or is a different beast? thanks for your help.. regards..
Last edited by re*s.t.a.r.s.*2 on Sun Aug 29, 2010 8:07 pm, edited 1 time in total.
Free Singles Chat Rooms No Registration Required
Text and Chat Singles no need to register or app required
Sala De Bate Papo Online Grátis E Sem Cadastro
re*s.t.a.r.s.*2
Support Team
 
Posts: 612
Joined: Wed Sep 24, 2008 4:04 pm
Location: los angeles CA
  • Website
Top

Postby re*s.t.a.r.s.*2 » Sun Aug 29, 2010 9:55 pm

Ok, I found out that the prompt make /nick newnick comand to the chat... how unfortunate.... anyy help...
Free Singles Chat Rooms No Registration Required
Text and Chat Singles no need to register or app required
Sala De Bate Papo Online Grátis E Sem Cadastro
re*s.t.a.r.s.*2
Support Team
 
Posts: 612
Joined: Wed Sep 24, 2008 4:04 pm
Location: los angeles CA
  • Website
Top

Postby jimmo » Sun Aug 29, 2010 10:43 pm

re*s.t.a.r.s.*2 wrote:[...] I thought it would good Idea to test the value the user types in the PROMPT form of the chat and disallow the access if they typed the moderator nick..

Ok, but if you do that, then how does your moderator access the chat? If all users, including your moderator, access chat the same way, then I don't see how the prompt form can tell if the person choosing the moderator nick is really the moderator or some other random user. I can't see any way to escape some form of authentication.

If you don't want to integrate with wordpress authentication, then there are other alternatives but these all involve changing the code.

For example, you could update the /nick command to take an optional password parameter, define a list of "reserved" nicks in the global config (probably easiest to use the "admin" nick name/password list) and then only allow people to choose those nicks if they specify the corresponding password. Then the moderator could join as any other random name and then do "/nick moderatornick password" to become the moderator.

Does that make sense?

(Actually, thinking about it, this seems like a reasonable feature request - i.e. to have the ability to restrict a users ability to select defined admin nicknames unless accompanied by the corresponding password. I'm on the road at the moment, I'll have to think about how this could be implemented and when I get time, I'll see if I can post a feature-request/contribution on this)
jimmo
Member
 
Posts: 23
Joined: Wed Aug 18, 2010 3:51 pm
Top

Postby re*s.t.a.r.s.*2 » Sun Aug 29, 2010 11:00 pm

no, moderators identify outside the chat, and the chat gets their user_name value, then if not registered gets the prompt, now I found a way other than what your are saying, since the $nick get the user nick either from registered variable from database or from /nick command by ajax call, then What I did was the following:
Code: Select all
    require_once('../blog/wp-config.php');//start admin protection
    $current_user = wp_get_current_user();
    $user_name = addslashes($current_user->display_name);
    $nick = $params[0];//original with the chat
   if($nick == moderator){
   if (empty($user_name)){
    return false;
   }
   }//end protection code

Now we get the nick and the nick == to moderator then we check if the $user_name is empty with empty() function, now we get an empty then this user is a random user trying to pose as moderator, return false (kills I think the access to the forward /join), now you would think that any registered user can pose as moderator because I am testing if(empty($username), how about if is not? well dont matter cuz $PARAMS['nick'] gets the $user_name variable which is not empty and wont show the Prompt...
and then like this... hope make sense... looking forward to heard from you friend...

PS, my chat is connected to wordpress but also have the prompt enable so anyone not register can chat as well...
Last edited by re*s.t.a.r.s.*2 on Mon Aug 30, 2010 3:46 am, edited 1 time in total.
Free Singles Chat Rooms No Registration Required
Text and Chat Singles no need to register or app required
Sala De Bate Papo Online Grátis E Sem Cadastro
re*s.t.a.r.s.*2
Support Team
 
Posts: 612
Joined: Wed Sep 24, 2008 4:04 pm
Location: los angeles CA
  • Website
Top

Postby jimmo » Mon Aug 30, 2010 6:03 am

What if I register as a normal user on your wordpress and then connect to your chat with the moderator nick?

$nick == moderator is true but $user_name is set (as I'm a registered user) so it doesn't return false.

Now I can connect to chat with moderator nick...but I'm not your moderator.

If your moderator has a normal (non-admin) wordpress user name, then you could "hard-code" a check for that specific wordpress user name.

For example, lets say the person you have as chat moderator is a normal, non-admin wp user called "myfriendjoe" but in chat, the moderator nickname is "mychatmod". You could do something like this...

if ($nick == "mychatmod") {
if ($user_name != "myfriendjoe") {
return (false);
}
}

This would mean that only that one wp user name could use the moderator nick. Of course, it means explicitly mentioning the authorized user specifically in the code but this is server-side code, so assuming the http directory permissions are set appropriately, it should be safe enough.

Cheers!
J.
jimmo
Member
 
Posts: 23
Joined: Wed Aug 18, 2010 3:51 pm
Top

Postby re*s.t.a.r.s.*2 » Mon Aug 30, 2010 7:40 am

well
What if I register as a normal user on your wordpress and then connect to your chat with the moderator nick?

$nick == moderator is true but $user_name is set (as I'm a registered user) so it doesn't return false.

Now I can connect to chat with moderator nick...but I'm not your moderator.

You cant because there a previous test that checks if $user_name is empty and if you are registered this wouldnt be empty , will hold your nick and the test do so, so it gives this nickname to the chat, now if empty, then you haven logged in or registered and then will show you the PFC prompt,.
So basically if you are registered user and want to pose as "moderator" you will not get it at all because it will use your nickname as first choose, and the test that grands admin powers check that $user_name is equal to "moderator"...... and you have a different nickname...
for the other test you make I think it would also work, because it test the same as my above check...
No if I just can get to show a pop up to show the like when the chat shows that the user name is available would make it perfect thanks for helping learn looking forward to heard from you again fellow...
Last edited by re*s.t.a.r.s.*2 on Mon Aug 30, 2010 7:44 am, edited 1 time in total.
Free Singles Chat Rooms No Registration Required
Text and Chat Singles no need to register or app required
Sala De Bate Papo Online Grátis E Sem Cadastro
re*s.t.a.r.s.*2
Support Team
 
Posts: 612
Joined: Wed Sep 24, 2008 4:04 pm
Location: los angeles CA
  • Website
Top

Postby jimmo » Mon Aug 30, 2010 8:11 am

You cant because there a previous test that checks if $user_name is empty and if you are registered this wouldnt be empty , will hold your nick and the test do so, so it gives this nickname to the chat, now if empty, then you haven logged in or registered and then will show you the PFC prompt,.

Apologies, my friend, I didn't know you had earlier code that only creates the prompt box for an empty $user_name. So yes, you are right - if the user can only choose a nick when *not* logged into WP, then that will work! :)
jimmo
Member
 
Posts: 23
Joined: Wed Aug 18, 2010 3:51 pm
Top


Post a reply
13 posts • Page 1 of 1

Return to General Support (v1.x)

Who is online

Users browsing this forum: No registered users and 47 guests

  • Board index
  • The team • Delete all board cookies • All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
cron
Sign in
Wrong credentials
Sign up I forgot my password
.
jeu-gratuit.net | more partners
Fork me on GitHub