vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   It's safe to overwrite the username value? (https://vborg.vbsupport.ru/showthread.php?t=193493)

oasi 10-13-2008 06:36 AM
It's safe to overwrite the username value?
 
We're trying to implement an alias feature, to give our registered users (their login value is fixed by the organization, but they want to give them the possibility of posting more "anonymously") the possibility of appearing on screen with their alias, so only the administrators can know which username is behind an alias.

We've tried an existing plugin, but it doesn't cover all the range we want (forums list, threads, user's page ...).

We also tried to modify some templates to show the alias instead of the username, but there are lots of templates, and some variables not easily accessible (e.g. the lastposter values).

So, we've thinked on overwriting the username value in the fetch_userinfo hook with the alias value we store in a custom field.

It seems to work in most places (not fully tested), and we think that it could be fine, because most of the DB tables work with the userid value, not the username, but we would be pleased if some developer or expert could give their opinion about the security of this method.

Thanks in advance.

Marco van Herwaarden 10-13-2008 08:10 AM
I would not consider this safe without extensive testing.

oasi 10-15-2008 08:52 AM
Thanks, we're going to test it extensively...

At this moment, we've a little problem, when we log out, the cookie value for username (the username value set by default when you enter to the forum without being logged in) is set to the alias value, due to this modification.

I've been looking to the hooks, trying to figure where the cookie is set, but I'not been able to find it... somebody knows where it happens?


All times are GMT. The time now is 11:23 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01030 seconds
  • Memory Usage 1,706KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (3)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete