Thx Paul

Porl can you fix how the likes and reputation works, sending the user cookies or whatever and validate who it is serverside instead of sending the ID of the user in the post data and assume it's his.

I could have seen the names of everyone on Korr's scum board by making them like a post so it's a problem.

Mercator @ 18/2/2015 20:01

Porl can you fix how the likes and reputation works, sending the user cookies or whatever and validate who it is serverside instead of sending the ID of the user in the post data and assume it's his. I could have seen the names of everyone on Korr's scum board by making them like a post so it's a problem.

I agree it's a problem and I'm glad you broke it because I'd honestly forgotten about it. The like and rep features were written very quickly. I had about half a day to work on them so I cut corners because nobody was really using the software at the time anyway.

I can put some server side validation in without too much trouble.

I'm working on some other stuff at the moment which is why I've not rushed it along, but for a game where players lists need to be secret I can see why it's important.

Mercator @ 19/2/2015 1:01

Porl can you fix how the likes and reputation works, sending the user cookies or whatever and validate who it is serverside instead of sending the ID of the user in the post data and assume it's his. I could have seen the names of everyone on Korr's scum board by making them like a post so it's a problem.

/facedesk

Yeah I didn't think it was really a problem until I figured that out.

Try breaking the like/dislike and rep system now. I've put some checks in place. It still sends all the data in the same way but it should look at the session data you have in your cookies and block all attempts at reps/likes that aren't yours.

It works!

RIP my rep powers.

much better now, I was thinking putting a brighter transparent image on top when you hover over it, but this will do. Thx von Paul.

I had no objection to you being rep demi-god until you used it to praise vernon. At that point there had to be retribution.

PORL @ 18/2/2015 16:40

I had no objection to you being rep demi-god until you used it to praise vernon. At that point there had to be retribution.

The lord must giveth to taketh.

PAUL'S A BEAST

Paul do you remember programming that javascript player roster thing for ATTWS? Is there a way when mouseovering a picture to get another image to show instead of a tooltip? Being a shitty script kiddie, I've tried to change variables around to get the background to show an image instead of a dull color background but failed miserably...

I dunno if you can without messing with the script file, which you can't do since it's hosted on the NDim Side. I'll have to play around with it to see.

I'm not sure how to attach a screen shot saved on my desktop as a pdf here, but I can email it if that helps, and I also have the same issue on my tablet. But when I am typing in the 'Add Reply' like right now, there are no BBC codes above to modify the text. Any suggestions on why?

They are there when I create a new thread for the 1st post and when I click to edit a post.