memobug
04-20-2005, 10:00 PM
Background: The existing vB Reputation System is anonymous, which is fine in a perfect world, but here on earth this can lead to problems: Some users abuse the system by reputation "sniping," and others could potentially abuse its anonymity by "signing" a different username to their negative reps and stir up even more trouble.
With that in mind, here is an ultra simple hack that removes the anonymity of reputation by "signing" reputation comments with the username.
One code modification to reputation.php. Installation & test time is under five minutes.
Right before this bit near line 192:
$DB_site->query("
INSERT INTO " . TABLE_PREFIX . "reputation (postid, reputation, userid, whoadded, reason, dateline)
VALUES ($postid, $score, $userid, $bbuserinfo[userid], '" . addslashes(fetch_censored_text($reason)) . "','" . TIMENOW . "')
");
Insert this
$reason.=" ({$vbphrase[leftby]} {$bbuserinfo[username]})";
Now send a rep to a test account and check it out through the existing admincp tool: User Reputation ->View Reputation Comments (BTW - I always have to set the end date a day forward to catch all of today's reps on that query tool. I think it had a bug at one time)
Notes:
1. Screenshot? See attachment (the first reputation was left before I found the right phrase. The circled one is how it comes out.
2. You might also want to add something to your reputationbit template and/or your FAQ to let people know that the reputation system is not anonymous. This could go somewhere like this (new part in italics
[your_comments_on_this_post]:<br />
NOTE: Your username will be automatically signed!<br />
3. A more involved hack might display something akin to what the admin can see by viewing reputation - seeing the sender's clickable username in a column of its own. The main reason I can't do that is I don't want to reveal the senders of past reps made under the anonymous system, but I'd agree it is the "right way."
Regards,
Matt
P.S. The attachments below are different colors 'cause they came from two different templates!
With that in mind, here is an ultra simple hack that removes the anonymity of reputation by "signing" reputation comments with the username.
One code modification to reputation.php. Installation & test time is under five minutes.
Right before this bit near line 192:
$DB_site->query("
INSERT INTO " . TABLE_PREFIX . "reputation (postid, reputation, userid, whoadded, reason, dateline)
VALUES ($postid, $score, $userid, $bbuserinfo[userid], '" . addslashes(fetch_censored_text($reason)) . "','" . TIMENOW . "')
");
Insert this
$reason.=" ({$vbphrase[leftby]} {$bbuserinfo[username]})";
Now send a rep to a test account and check it out through the existing admincp tool: User Reputation ->View Reputation Comments (BTW - I always have to set the end date a day forward to catch all of today's reps on that query tool. I think it had a bug at one time)
Notes:
1. Screenshot? See attachment (the first reputation was left before I found the right phrase. The circled one is how it comes out.
2. You might also want to add something to your reputationbit template and/or your FAQ to let people know that the reputation system is not anonymous. This could go somewhere like this (new part in italics
[your_comments_on_this_post]:<br />
NOTE: Your username will be automatically signed!<br />
3. A more involved hack might display something akin to what the admin can see by viewing reputation - seeing the sender's clickable username in a column of its own. The main reason I can't do that is I don't want to reveal the senders of past reps made under the anonymous system, but I'd agree it is the "right way."
Regards,
Matt
P.S. The attachments below are different colors 'cause they came from two different templates!