grimmeissen
Administrator
Join Date: 8/30/2005
Posts: 656
Location: Cincinnati, Ohio
|
|
|
Posted: 11/15/2007 1:12:12 PM
|
|
|
|
Very soon I will begin development on version 3.2 of DMG Forums, mainly to address some small bug issues and a few improvements over the current version. I am still in the planning stages at this moment, so I am open to suggestions for some changes to the core code that any of you may have.
|
|
Kaan
Newbie
Join Date: 11/17/2007
Posts: 7
Location: Türkiye
|
|
|
Posted: 11/18/2007 6:06:40 AM
|
|
|
That would be cool if you can make the read/unread topic differency. You know, if a user reads a topic and gets a reply afterwards the next time he logs in he will see the topic with another color or with a signal...
Also i think it would be more comfortable if when a user opens a topic it loads from the last page.
|
|
wizbit
Newbie
Join Date: 11/22/2007
Posts: 1
|
|
|
Posted: 11/22/2007 11:10:22 AM
|
|
|
Our website has a large and active Snitz forum, and I see more than a few similarities there looking through your code. I love the platform. Love it. But I'm seriously disappointed that you copied the Snitz model of "database independence through concatenated SQL queries". Our Snitz forum got burned more than a few times by SQL injection holes. It was one of the major reasons we did not transition our Snitz forum to DMG (which looked like it would've been a breeze).
Please, please, please, rewrite - the lion's share, if possible, but if not, the post logic for sure! - any queries like this as parameterized queries instead. I understand the desire to support MySQL in an open source project, and it appears that ADO.NET OdbcParameters can be used w/ MySQL.
Just my 2 cents.
|
|
grimmeissen
Administrator
Join Date: 8/30/2005
Posts: 656
Location: Cincinnati, Ohio
|
|
|
Posted: 11/22/2007 10:07:17 PM
|
|
|
|
I understand where you are coming from with your concerns. These types of injection attacks are much harder to do in .NET than they were with classic ASP and we're always trying to find vulnerabilities. A more parameterized approach could probably be in the cards for a major update.
|
|
adrahn55
Beginner
Join Date: 11/9/2007
Posts: 21
Location: Seattle, WA
|
|
|
adrahn55
Beginner
Join Date: 11/9/2007
Posts: 21
Location: Seattle, WA
|
|
|
Posted: 11/24/2007 7:51:33 AM
|
|
|
Quote: Quoted From wizbit:
Our website has a large and active Snitz forum, and I see more than a few similarities there looking through your code. I love the platform. Love it. But I'm seriously disappointed that you copied the Snitz model of "database independence through concatenated SQL queries". Our Snitz forum got burned more than a few times by SQL injection holes. It was one of the major reasons we did not transition our Snitz forum to DMG (which looked like it would've been a breeze).
Please, please, please, rewrite - the lion's share, if possible, but if not, the post logic for sure! - any queries like this as parameterized queries instead. I understand the desire to support MySQL in an open source project, and it appears that ADO.NET OdbcParameters can be used w/ MySQL.
Just my 2 cents.
I don't mean to offend you but I worked with Snitz for a few weeks, the coding is a huge spagetti mess. This forum coding is as clean as it gets and, it's up to date with ASP. I quess Snitz is OK if you are going to just use it and not try and learn from the code. Ha ha ha!
|
|
adrahn55
Beginner
Join Date: 11/9/2007
Posts: 21
Location: Seattle, WA
|
|
|
Posted: 11/24/2007 7:58:05 AM
|
|
|
I haven't learned all the features yet so please excuse me if I missed this one. I think it would be great if one got an email notifying them that someone replyed to a post they left on the forum.
I wish I could delete this message because I am wrong! It does have the notify feature already! So much to learn ha ha ha!
|
|
adrahn55
Beginner
Join Date: 11/9/2007
Posts: 21
Location: Seattle, WA
|
|
|
Posted: 11/24/2007 5:47:31 PM
|
|
|
Another suggestion, In the setup.aspx file, the Administrator Email Address should be manatory or the username doesn't show up after "Posted by" in the forums nor does it show up in the User CP header. In the User CP header what shows up is " 's Control Panel"
|
|
adrahn55
Beginner
Join Date: 11/9/2007
Posts: 21
Location: Seattle, WA
|
|
|
Posted: 11/24/2007 6:14:23 PM
|
|
|
Please do use that are implementing this into a Master Page a huge favor. I know it's alot to ask but running the reqular setup program to upgrade won't work for us. In my case all the pages except the Administrator pages have to be customized to work in a Master Page. This is because the Master Page has the <head><form> etc tags are in the Master Page they have to be removed from the DMG Forum pages. If you could keep track of the changes that need to be done in code and give those to us that are doing as I am to change in the pages ourselves that would be a HUGE favor. HUGE
|
|
grimmeissen
Administrator
Join Date: 8/30/2005
Posts: 656
Location: Cincinnati, Ohio
|
|
|
Posted: 11/24/2007 7:53:26 PM
|
|
|
Thanks for the other comments.
As for master pages, it's not something that I use normally, so it might be best if thsoe who have converted DMG to work with master pages could post the steps they took.
I'd be happy to leave it posted here on the site to help anyone who needs to use master pages.
|
|
adrahn55
Beginner
Join Date: 11/9/2007
Posts: 21
Location: Seattle, WA
|
|
|
Posted: 11/25/2007 5:45:05 PM
|
|
|
Quote: Quoted From adrahn55:
I think it would be great if you implement a "Forgot Your Password?" link!
I will take on this item for us!
|
|
grimmeissen
Administrator
Join Date: 8/30/2005
Posts: 656
Location: Cincinnati, Ohio
|
|
|
Posted: 11/26/2007 8:55:04 AM
|
|
|
I think the only good way to accomplish a forgot your password function is to allow some way for them to have a new password generated and sent to them via e-mail.
The passwords are stored encrypted in the database, so there is no real way to send them the unencrypted string for their password.
I have been planning a new function for people to recover their password if they lose it, so this will probably come in the next version. This may be several months down the road, so if it is something that is needed immediately you may want to write up a quick custom function.
|
|
adrahn55
Beginner
Join Date: 11/9/2007
Posts: 21
Location: Seattle, WA
|
|
|
Posted: 11/26/2007 4:13:17 PM
|
|
|
Exactly! I have the part working that gets their username from their email address, generates a new password, encrypts the new password, and puts it in the database. I am working on the emailing them their username with the new password now.
|
|
Kedrin
Newbie
Join Date: 11/27/2007
Posts: 1
|
|
|
Posted: 11/27/2007 5:28:25 PM
|
|
|
Im looking to start using DMG and im intrested in a few items.
a WYSIWYG editor like tinymce
a links and download mod, would love to see these with unlimited subcatagories
im sure if they could be done they would be a long way off.
|
|
jerzybest
Beginner
Join Date: 9/10/2007
Posts: 24
|
|
|
jerzybest
Beginner
Join Date: 9/10/2007
Posts: 24
|
|
|
Posted: 12/14/2007 6:25:40 PM
|
|
|
The other thing that should be added is show who is online when they login.
alos how many guest and registered users are currently online.
|
|