Secure login.

From: Ryan Dwyer | Posted: 22/02/2006 10:28:56 AM
This is a new feature found in User Settings. By default, this is enabled for everyone. Here's what it does and how it should be used:

Short version:
Untick this if you keep getting logged out.

Long version:
Unlike other forums, checking your hostname (eg. aol.com) is part of the authentication process. If you were to overwrite your cookie with the contents of another user's cookie, you would still not be logged in as them unless you both have the same hostname (usually ISP). I say usually because sometimes it can't determine your hostname and it comes up unknown. Anyway, checking the hostname as well as the cookie is the most super awesome idea in the history of mankind, and it makes the forums 99% more secure.

Now, some ISPs are weird. Depending on who you're with, the server may or may not determine your hostname. In this case, the hosts won't match the last recorded host and you won't be logged in automatically. This WILL happen if you change providers (eg. alternating between college and home). So if you find that you are indeed getting logged out, you can disable the secure login so it doesn't check hosts at all. However, this means that someone can gain access to your account if they get your cookie. But then again, you're only reducing the level of security to the "equal to every other site" level so it's not much of a concern.

Also note that you will be logged out when your cookie expires. But that won't happen for 10 years.
I will not use abbrev.
From: Luster Soldier | Posted: 23/02/2006 1:44:38 AM
Could you fix the "Change Password" so users can actually change their password here? I want to change my password but I get the following message on a blank white page when I try to change it:

UPDATE users SET password = SHA1('********') WHERE id = 'lustersoldier'

You have an error in your SQL syntax near '('*******') WHERE id = 'lustersoldier'' at line 1


I censored out what my new password would be using *'s above.
From: Ryan Dwyer | Posted: 23/02/2006 7:10:23 AM
Wow, I didn't know that didn't work. This server is running MySQL 3.23, which doesn't support SHA1(). I sha1()'d it in the PHP script instead and it works fine now. Thanks.
I will not use abbrev.