Important notice regarding pics.bbzzdd.com

[bizmark]

what exactly do you mean by limiting the site? Eliminating users who aren't AT users, or not allowing referral pages that aren't from anandtech.com? In other words, if I post something on AT linking to a pic of mine at pics.bbzzdd, and I also send an email to a few of my friends saying "hey this is funny look at this", will they still be able to access it?

Thanks for hosting such a useful service!

n/m you just explained it. So if there's no referrer, then it can't be blocked, right?

also you may want to add forums1.anandtech.com, forums2.anandtech.com, etc.

 

Originally posted by: bizmark

n/m you just explained it. So if there's no referrer, then it can't be blocked, right?
also you may want to add forums1.anandtech.com, forums2.anandtech.com, etc.

Yeah, direct links will always work. I will add all forums permutations.

If anyone has a problem seeing the below image, let me know, and let me know the forums URL you are using:

http://pics.bbzzdd.com/users/dwell/string.jpg

 

[Ladies Man]

please add forums3.anandtech.com

i can't see any pictures

 

[notfred]

Originally posted by: yllus

Originally posted by: Czar
thats actualy a very good idea,

when the user registers on the pics database then he just have to provide the id of his user account on anandtech and then the processing form gives him a random id that he must put someplace in his profile. Then maybe every 10 logins it checks the profile page and sees if the random id is still in place.

Well, no need for continuous checks. Just make sure on registration that A) user has been registered for more than 15 days, B) user has more than 100 posts.

I could write the above script in two hours or so in Perl...someone would have to create the PHP equivalent because I've never gone in-depth with that language yet. Problem is, there's no need to write it - unless someone is thinking about writing more AT-only services in the future? It's solely an intellectual exercise and a nice blueprint on how to create services available to members of a specific forum for me.

Originally posted by: notfred
you could just require thier AT password, and validate it by logging into AT and checking to see whether the page that's returned has an error or not. Granted, this would give you everyone's password, but most people don't seem to care anyway (look for my thread on fusetalk sending your password plain text to the browser and putting it in the html on the "profile" page).

That might be harder or easier to do, because I currently do not know how to splice together content in a form and POST/GET it. I did see that thread though...gotta say, really amateur to have a password sitting right there in a HTML page.

#!/usr/bin/perl

use LWP::Simple;

$username = "someuser";
$password = "somepassword";

$out = get("http://forums.anandtech.com/login.cfm?FTVAR_USERNAMEFRM=$username&FTVAR_PASSWORDFRM=$password&FT_ACTION=login&FTVAR_REDIRECTURLFRM=index.cfm");

if ($out =~ /Your login credentials were invalid./) {print "looks like the wrong password"}
else{print "looks like you logged in ok"};

That will do it.

 

[Rallispec]

Originally posted by: notfred

Originally posted by: yllus

Originally posted by: Czar
thats actualy a very good idea,

when the user registers on the pics database then he just have to provide the id of his user account on anandtech and then the processing form gives him a random id that he must put someplace in his profile. Then maybe every 10 logins it checks the profile page and sees if the random id is still in place.

Well, no need for continuous checks. Just make sure on registration that A) user has been registered for more than 15 days, B) user has more than 100 posts.

I could write the above script in two hours or so in Perl...someone would have to create the PHP equivalent because I've never gone in-depth with that language yet. Problem is, there's no need to write it - unless someone is thinking about writing more AT-only services in the future? It's solely an intellectual exercise and a nice blueprint on how to create services available to members of a specific forum for me.

Originally posted by: notfred
you could just require thier AT password, and validate it by logging into AT and checking to see whether the page that's returned has an error or not. Granted, this would give you everyone's password, but most people don't seem to care anyway (look for my thread on fusetalk sending your password plain text to the browser and putting it in the html on the "profile" page).

That might be harder or easier to do, because I currently do not know how to splice together content in a form and POST/GET it. I did see that thread though...gotta say, really amateur to have a password sitting right there in a HTML page.

#!/usr/bin/perl

use LWP::Simple;

$username = "someuser";
$password = "somepassword";

$out = get("http://forums.anandtech.com/login.cfm?FTVAR_USERNAMEFRM=$username&FTVAR_PASSWORDFRM=$password&FT_ACTION=login&FTVAR_REDIRECTURLFRM=index.cfm");

if ($out =~ /Your login credentials were invalid./) {print "looks like the wrong password"}
else{print "looks like you logged in ok"};

That will do it.

seems like the actual implementation of it would be more difficult though.. and that relies on the forum code being how it is now-- if the software were to change and the password taken out of the page-- this would no longer work.

 

[notfred]

Originally posted by: Rallispec

Originally posted by: notfred

Originally posted by: yllus

Originally posted by: Czar
thats actualy a very good idea,

when the user registers on the pics database then he just have to provide the id of his user account on anandtech and then the processing form gives him a random id that he must put someplace in his profile. Then maybe every 10 logins it checks the profile page and sees if the random id is still in place.

Well, no need for continuous checks. Just make sure on registration that A) user has been registered for more than 15 days, B) user has more than 100 posts.

I could write the above script in two hours or so in Perl...someone would have to create the PHP equivalent because I've never gone in-depth with that language yet. Problem is, there's no need to write it - unless someone is thinking about writing more AT-only services in the future? It's solely an intellectual exercise and a nice blueprint on how to create services available to members of a specific forum for me.

Originally posted by: notfred
you could just require thier AT password, and validate it by logging into AT and checking to see whether the page that's returned has an error or not. Granted, this would give you everyone's password, but most people don't seem to care anyway (look for my thread on fusetalk sending your password plain text to the browser and putting it in the html on the "profile" page).

That might be harder or easier to do, because I currently do not know how to splice together content in a form and POST/GET it. I did see that thread though...gotta say, really amateur to have a password sitting right there in a HTML page.

#!/usr/bin/perl

use LWP::Simple;

$username = "someuser";
$password = "somepassword";

$out = get("http://forums.anandtech.com/login.cfm?FTVAR_USERNAMEFRM=$username&FTVAR_PASSWORDFRM=$password&FT_ACTION=login&FTVAR_REDIRECTURLFRM=index.cfm");

if ($out =~ /Your login credentials were invalid./) {print "looks like the wrong password"}
else{print "looks like you logged in ok"};

That will do it.

seems like the actual implementation of it would be more difficult though.. and that relies on the forum code being how it is now-- if the software were to change and the password taken out of the page-- this would no longer work.

It's fairly obvious you have no idea what the code I posted actually does

 

Originally posted by: Ladies Man
please add forums3.anandtech.com
i can't see any pictures

Should work now. I had to list all the forums sites manually because regex wont work there. How many forums are there?

 

[Rallispec]

Originally posted by: notfred

Originally posted by: Rallispec

Originally posted by: notfred

Originally posted by: yllus

Originally posted by: Czar
thats actualy a very good idea,

when the user registers on the pics database then he just have to provide the id of his user account on anandtech and then the processing form gives him a random id that he must put someplace in his profile. Then maybe every 10 logins it checks the profile page and sees if the random id is still in place.

Well, no need for continuous checks. Just make sure on registration that A) user has been registered for more than 15 days, B) user has more than 100 posts.

I could write the above script in two hours or so in Perl...someone would have to create the PHP equivalent because I've never gone in-depth with that language yet. Problem is, there's no need to write it - unless someone is thinking about writing more AT-only services in the future? It's solely an intellectual exercise and a nice blueprint on how to create services available to members of a specific forum for me.

Originally posted by: notfred
you could just require thier AT password, and validate it by logging into AT and checking to see whether the page that's returned has an error or not. Granted, this would give you everyone's password, but most people don't seem to care anyway (look for my thread on fusetalk sending your password plain text to the browser and putting it in the html on the "profile" page).

That might be harder or easier to do, because I currently do not know how to splice together content in a form and POST/GET it. I did see that thread though...gotta say, really amateur to have a password sitting right there in a HTML page.

#!/usr/bin/perl

use LWP::Simple;

$username = "someuser";
$password = "somepassword";

$out = get("http://forums.anandtech.com/login.cfm?FTVAR_USERNAMEFRM=$username&FTVAR_PASSWORDFRM=$password&FT_ACTION=login&FTVAR_REDIRECTURLFRM=index.cfm");

if ($out =~ /Your login credentials were invalid./) {print "looks like the wrong password"}
else{print "looks like you logged in ok"};

That will do it.

seems like the actual implementation of it would be more difficult though.. and that relies on the forum code being how it is now-- if the software were to change and the password taken out of the page-- this would no longer work.

It's fairly obvious you have no idea what the code I posted actually does

i thought it would be even more obvoius that i didnt read the code, beucase you're right, i wouldtn understand it.-- i'm just talking about the actual implementation of whatever the hell you two were talking about, reading the password from the HTML page and stuff. but whatever.

 

[Rallispec]

notfred, i might learn Perl just so i can start understanding some of this crap for you though. looks a hell of a lot better than php.

 

[notfred]

Ah, well, the code i wrote doesn't look at the profile page. It looks at the login page, and attempts to log in with the username and passwortd that I (or sully, or whoever) provides. If it gets an error message, it assumes your password is wrong. Otherwise, it assumes it's correct.

It does depend on the code for fusetalk not changing, but even if it did change, it shouldn't take more than 10 minutes to fix (hell, it only took me that long to write it). And, really, unless sully buys e-Zone media, all his code for interacting with a fusetalk forum will depend on the code for the forum not changing. It's not uncommon, either. It's the same reason that Trillian refuses to work with AIM every once in a while. AIM changes the protocol, and the Trillian programmers have to update thier code to match.

 

[Rallispec]

Originally posted by: notfred
Ah, well, the code i wrote doesn't look at the profile page. It looks at the login page, and attempts to log in with the username and passwortd that I (or sully, or whoever) provides. If it gets an error message, it assumes your password is wrong. Otherwise, it assumes it's correct.

It does depend on the code for fusetalk not changing, but even if it did change, it shouldn't take more than 10 minutes to fix (hell, it only took me that long to write it). And, really, unless sully buys e-Zone media, all his code for interacting with a fusetalk forum will depend on the code for the forum not changing. It's not uncommon, either. It's the same reason that Trillian refuses to work with AIM every once in a while. AIM changes the protocol, and the Trillian programmers have to update thier code to match.

you make programming sound so easy

 

[Haircut]

Originally posted by: dwell

Originally posted by: Ladies Man
please add forums3.anandtech.com
i can't see any pictures

Should work now. I had to list all the forums sites manually because regex wont work there. How many forums are there?

I think we have forums, forums1, forums2, forums3, subscriber, subscriber1 and subscriber2

 

[yllus]

Yeah, LWP::Simple echoed in my head right after I asked myself "Now how can I return the content of a dynamically-crafted URL without user intervention?" After you start getting comfortable with Perl, you really gotta love it.

Rallispec: As you basically said, it's not good programming policy to rely on a password that seems to sometimes and sometimes not be left in the HTML source. My primary solution to verifying an AT account would still be along the lines of what I originally said, with getting the actual password input into a field by the user (the notfred solution) as a last-ditch method. It's not really a huge deal to disclose your AT password to another fairly trusted site but people aren't inclined to do it anyway, so that's probably not a realistic solution.

So...if anyone is planning on writing AT web services, let me know? Any decent programmer could write this up in a hurry and set it up as a sort of central authorization server which would be able to communicate to other sites if a user if an ATer or not. But again at this point there simply is no need for that.

 

[Rallispec]

Originally posted by: yllus
Yeah, LWP::Simple echoed in my head right after I asked myself "Now how can I return the content of a dynamically-crafted URL without user intervention?" After you start getting comfortable with Perl, you really gotta love it.

Rallispec: As you basically said, it's not good programming policy to rely on a password that seems to sometimes and sometimes not be left in the HTML source. My primary solution to verifying an AT account would still be along the lines of what I originally said with getting the actual password as a last-ditch method. It's not really a huge deal to disclose your AT password to another fairly trusted site but people aren't inclined to do it anyway, so that's probably not a realistic solution.

So...if anyone is planning on writing AT web services, let me know? Any decent programmer could write this up in a hurry and set it up as a sort of central authorization server which would be able to communicate to other sites if a user if an ATer or not. But again at this point there simply is no need for that.

sully, do you realize that you are the single most motivated person i know?

 

[yllus]

Originally posted by: Rallispec
sully, do you realize that you are the single most motivated person i know?

I'm actually pathetically lazy but recently inspired. When a good friend gets stricken with bulimia, cancer and then edemia - but then still manages to keep a 4.0 GPA, a full scholarship, work out every morning and two jobs (one at an abortion clinic) and runs a bulimia support group as a volunteer...well, being shamed into spending my time better is a good motivator. I intend to write a book about her life someday. We should all be blessed to have such a friend.

 

[Howard]

When a good friend gets stricken with bulimia, cancer and then edemia - but then still manages to keep a 4.0 GPA, a full scholarship, work out every morning and two jobs (one at an abortion clinic) and runs a bulimia support group as a volunteer

Crazy. I knew it wasn't a guy.

 

[Paulson]

Well I'll bump it for ya dwell...

 

Nice. No sooner do I change the rules before some joker abuses the system.

http://www.shawnscomputers.com/forums/messageview.cfm?catid=17&threadid=12899

(it's the second post)

Very cute (he renamed the image as .TXT) to get by the image referral ban. Now I just ban all filetypes from being linked.

 

[Zenmervolt]

Originally posted by: dwell
Nice. No sooner do I change the rules before some joker abuses the system.

http://www.shawnscomputers.com/forums/messageview.cfm?catid=17&threadid=12899

(it's the second post)

Very cute (he renamed the image as .TXT) to get by the image referral ban. Now I just ban all filetypes from being linked.

Damn, I wonder how many images he had on your site since his avatar was hosted there too. Points to him for determination, but a lot of points taken away for not abiding by the user agreement.

ZV

 

Originally posted by: Zenmervolt
Damn, I wonder how many images he had on your site since his avatar was hosted there too. Points to him for determination, but a lot of points taken away for not abiding by the user agreement.
ZV

Not to mention he had three accounts set up (all deleted).

 

[Zenmervolt]

Not to mention he had three accounts set up (all deleted).

Now that was just asking to be deleted. How does a person honestly expect an admin not to know if a person has multiple accounts? I'm glad I don't have to deal with this kind of stuff.

ZV