Usernames in Comments Usernames in Comments
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Usernames in Comments

Started by JamesChip, February 11, 2006, 09:54:53 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

JamesChip

I made a renaming of one of my users. Then I discovered that the usernames in the comments remain the same (the old ones). Why are the user names in the comments table stored as "varchar"? I'm not a database specialist but I would expect the users to be linked to the comments with the user ID und the username to be extracted from the entry in the users table. Storing the usernames in the comments table leads to an inconsistent state if a user gets renamed.

Joachim Müller

Unlike in most major BBS apps, the usernames aren't suppossed to be changed after registration (that's why the user can't do this), so the need wasn't there. This is simply a matter of performance. When displaying comments, the page has to do less lookups in the database (less queries), so the page loads much faster - that's why.

Stramm

I'm again to late ;) yes, it's performance reasons and you'd recognize that very soon. However there's a quick fix.
Open usermgr.php and find the function update_user
here find
    if (mysql_num_rows($result)) {
        cpg_die(ERROR, $lang_register_php['err_user_exists'], __FILE__, __LINE__);
        return false;
    }
    mysql_free_result($result);

and add after
//mod change username in comments and pictures
//check if username changed in form
    $sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_name = '" . addslashes($user_name) . "' AND user_id = $user_id";
    $result = cpg_db_query($sql);

    if (mysql_num_rows($result)==0) {
$namechanged="true";
    }
    mysql_free_result($result);
//end username changed
//end mod


lil bit below find
    if (!empty($user_password)) $sql_update .= ", user_password = '".(($CONFIG['enable_encrypted_passwords'])?md5($user_password):$user_password)."'";
    $sql_update .= " WHERE user_id = '$user_id'";

    cpg_db_query($sql_update);

and add after
//mod change username in comments
if($namechanged){
    $query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET owner_name='".$user_name."' WHERE owner_id='".$user_id."'";
    $result = cpg_db_query($query);
    $query = "UPDATE {$CONFIG['TABLE_COMMENTS']} SET msg_author='".$user_name."' WHERE author_id='".$user_id."'";
    $result = cpg_db_query($query);
}
//end mod

Nibbler

Also, it needs to be able to store the names that are typed in by anonymous users. You can't do that with a direct link to the users table.

JamesChip

I've installed a bridge which allows to use the users of my joomla cms. So I suppose this won't work in my situation. Thanks anyway.