News:

Herr Otto Partz says you're all nothing but pipsqueaks!

Main Menu

Race For Kicks, login system and other details

Started by Cas, July 11, 2019, 02:22:45 AM

Previous topic - Next topic

Cas

Hi, guys!  I'm creating this topic because Seeker gave me a recommendation that I should extend the session times for login in Race For Kicks and I don't know much about how to do it, although Dreadnaut also suggested another way around it and I can think of a trick or too. Yet, this topic is not just about the login. I would like to add a little more.

Logging in to Race For Kicks
So first thing first... R4K uses PHP SESSION to preserve login data. I have no idea if there exists any way to set this up to create longer lasting cookies or whether, to get the login time to be longer, I would need to abandon SESSION and use something more complicated instead. I'd be interested in knowing the way. I personally feel the current session duration is OK, but I'm fine with longer ones too and I could even place a configuration for each user to have a different session length if they want. Two things I would very much like to avoid, though, are using external libraries and using Javascript. I am kind of proud of the purity of my code, ha, ha. Pure PHP would be best for me.

Cookie-less login
I had an idea in the past of adding an option for cookie-less login, because I would like to support people that have a concern towards the use of cookies over the internet, as opposed to sites pushing their users to just accept cookies "because they're so convenient". Cookies are useful, yes, but if somebody doesn't like them, I'd like to make life easy for them too. I have two ideas of how to do this: one is safer, but more uncomfortable. That would be a mode in which you have to enter your login and password everytime you send a replay or post a message. The other option would be that a user can choose to configure their profile so that their login is IP-based, that is, as long as they preserve their IP, they remain connected for as long as requested, but of course, if two people are sharing an IP, this is not viable and there's some risk to it. Anybody has opinions on this, knows any case in which something like this is being used or knows yet another way of achieving cookie-less login?  I'm really interested to learn about that.

Forum section, perhaps?
I was looking at the forum and how many sections it has, many of which are about tournaments that have not been running for a long time... and I'm posting in General ZSC. Since R4K is alive, I couldn't help thinking it could have a section in the forum and maybe inactive tournaments could be grouped in a category for inactive competitions or something?  Or maybe a category with only one or two sections could be renamed to include R4K, for instance, a category called "OWOOT tournaments"?

I want to clarify that I am not really demanding this. In fact, I am not sure if this is a good idea. R4K is not nearly as popular as those tournaments used to be when they were active and maybe a forum section for it would be too much. This is more of a question than of a request. I would like to drop the idea and read opinions, suggestions, etc. Just whatever you guys things is best, I'll be OK with :)

Subdomain?  Is it possible?
In the same way as above, I wonder if it would be possible to redirect something like r4k.stunts.hu to my site. Maybe it's not even necessary or good, so everything you want to say about this, I'll like to read. I don't think R4K is so, so important as to deserve this much, but maybe it's just more comfortable for pipsqueaks or maybe it just looks better. I'd like to read opinions. Thank you, guys!
Earth is my country. Science is my religion.

afullo

About the login system, for me is basically the same. I agree on considering useful a dedicated forum section and subdomain, since your tournament (for which I blame myself not to play in it too much) is basically the only one still active, apart from ZakStunts.

The fact that old tournaments were more popular is not so important in my opinion, given that some of them have been remained inactive for 10/15 years, and many people who manned them at the time have de facto left the community for several years.

dreadnaut

By default, PHP sessions cookies expire when the browser is closed. You can set a different expiration date when you call session_start(). See this example.

"Cookie-less" sessions are automatic in PHP: if your browser refuses cookies, it will use a GET variable. We discussed this in relation to this Forum. See documentation

Using an IP address is not a valid authentication method. No, never. Not even if anything. Most providers use dynamic IP assignment, some of them use address translation (meaning that all their customers appear to have the same address), proxies exist. It's not that it is unsafe, it also doesn't work.

Forum section: yes, now!

Cas

Thank you, guys. Well, I hope I can give the forum section some good use :)

About sessions, yes, I remembered that topic and now that the situation comes to question, I understand it better. Only thing I don't understand very well is that it seems that if I change the cookie lifetime, it will be the same for all users, but I see that the forum allows you to change this manually when you login sometimes, so it must be possible to configure a default value and allow individual users to set their own exceptional time. But session_start() is always the first thing in the file, so I don't see how that could be possible.

If I understood correctly, Dreadnaut, then cookie-less login is automatically available thanks to that GET and therefore, I don't need to do anything else. That's wonderful!
Earth is my country. Science is my religion.

Duplode

Ooh, a new forum section! The link to the R4K site is a nice touch -- I didn't know the forum had such a feature.

Cas

I didn't know that either!  In fact, at the begininning, I wasn't sure what that was and I clicked it and yep. I was surprised :)
Earth is my country. Science is my religion.