Page 5 of 5

Posted: Thu Aug 17, 2006 6:01 pm
by RobertGonzalez
IP's are totally unreliable for baning purposes. You should ban by user id. Also, when a user is banned, do you plan on it being forever? If you ever think of doing a temporary ban, then you will need a time to start it and a time to end it.

Posted: Thu Aug 17, 2006 6:48 pm
by adamb10
I agree that IP isnt reliable but what is preventing the user from just entering in a different username? This script doesnt require guests to login at all.

As for temorary banning, I dont know how to code that, I had troubles coding this baning system alone.

I guess I'll leave the banning table the way it is as well as any other tables that have ids in them.

Heres my entire DB structure. Theres 2 ban tables 1 is the newer one, the other will be deleted when the new one is done.

http://img219.imageshack.us/img219/8906/picture1lt3.png

feyd | 201K image? No thank you.

Posted: Thu Aug 17, 2006 8:06 pm
by RobertGonzalez
adamb10 wrote:I agree that IP isnt reliable but what is preventing the user from just entering in a different username? This script doesnt require guests to login at all.
Without requiring a loging for banning, you are essentially removing the ability to successfully ban a user completely and effectively. I mean, a user should be abe to use your site to some extent. But anything that user does that could cause the user to be banned should be behind a login system. That is the only way that you can effectively ban users.

EDIT | Also, your user table should contain a user_id and user_name, in addition to a user_email_address. Making a user get a second email address to bypass the ban makes it more inconvenient for them to get back in. Not impossible, but certainly a lot more difficult than going to the library or shuffling IPs on their router.

Posted: Thu Aug 17, 2006 8:50 pm
by adamb10
I do have the script require email address's and the script does record the IP of the poster. The script wasnt made for banning in mind. It's hard to explain but every file is linked to index.php in some way.

As for the comments table I do have an id field and email as mentioned earlier. The userdata contains the login info for the admin like the pw(sadly not encrypted :().


The database structure is a mess right now. The only tables i've fixed are the images and colors & settings tables. I'll do the userdata table and hf table but the way your speaking I'm even more confused on implenting a proper system with ID. The only way I know of to use the id field is to have the data be stored like it was previously.

The script itself could use temporary bans that auto expire and as I run out of features to add to the guestbook it becomes even more obvious to add it if it werent for my lackluster coding abilities.

Posted: Thu Aug 17, 2006 9:32 pm
by RobertGonzalez
You'll get there. Just keeping thinking logically. Index.php doesn't have a lot to do with database based authentication systems. But, like I said, keep the logic flowing. That will get you out of a ot of tight spots later on.