An anonymous user can post comments for a registered user An anonymous user can post comments for a registered user
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

An anonymous user can post comments for a registered user

Started by raetsche, January 28, 2004, 04:25:09 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

raetsche

January 28, 2004, 04:25:09 PM
Hi there,

again a question concering the comment function of coppermine.

As an anonymous user i can post comments using a free selectable name. But that's a problem! So an anonymous user can post comments for a registered user. For example if I've got a user called "admin" an anonymous user can also post comments as "admin", when he fills the field name with "admin"
There's no function which checks if a user already exists as far as i know.

Is this implementable and maybe somebody already knows a solution?
My idea is the following. If a guest user adds a comment his name is automatically appended with "(guest)", so everybody knows that this is not the registered but a guest user. In the example mentioned above, the user name would be "admin (guest)"

Nice greetings and thanks!

Nibbler

#1
January 28, 2004, 07:06:14 PM
Dead simple,

add the following in line 120 of db_input.php

Code Select

$msg_author .= ' (guest)';

Joachim Müller

#2
January 28, 2004, 08:29:37 PM
even more simple: don't allow guests to post comments at all. The internet is fool of fools who hide behind anonymity (or something they think that exists called anonymous surfing). Every web page that allows user interaction (like posting comments) needs some form of moderation...

GauGau
Print
Go Up Pages1
User actions