1

Topic: Strange needs?

Hi,

please tell me if somebody know about the existence of mods for:

- Hide the users list for new users

- Moderate only the new user's posts

- Encrypt IPs in the database.



thanks,

Re: Strange needs?

svo wrote:

- Hide the users list for new users

In userlist.php, after:

define('PUN_ALLOW_INDEX', 1);
require PUN_ROOT.'header.php';

add something like:

if ($pun_user['is_guest']) {
   echo "Failure - ".$pun_user['username']." not permitted access.";
   require PUN_ROOT.'footer.php';
   exit();
}
else {
...rest of normal code...
}

should work but make a backup and test it first.

svo wrote:

- Moderate only the new user's posts

Comment Control 2.0.0 looks similar to what you want but not fully, moderates guests and posting new topics. can be modified further to do what you want.

svo wrote:

- Encrypt IPs in the database.

very possible but don't think a mod exisits for it. why would you want to encrypt the IPs?

3 (edited by svo 2007-04-02 16:53)

Re: Strange needs?

Hi,

lot of thanks for your extensive help. I think it solves most of my problems smile
Based on that, it works for some groups:

if ($pun_user['group_id'] != 1  && $pun_user['group_id'] != 2 && $pun_user['group_id'] != 4 && $pun_user['group_id'] != 5) {
   echo "Failure - ".$pun_user['username']." not permitted access.";
   require PUN_ROOT.'footer.php';
   exit();
}

I'm interested in implementing encryption for IP and email addresses in the database.  Just to add security and privacy in case of holes in the server.

I suppose it is not difficult while there is only need of a simple function with mcrypt or similar. However  I'm newbie with PunBB; then to save time I have asked about something similar.

anyway thanks a lot for the code and the mod.  smile

Re: Strange needs?

If you encrypt IP address and email how could you use them later?

5 (edited by svo 2007-04-02 17:27)

Re: Strange needs?

well, I suppose any reverse function can works.  My idea is encoding the php scripts with eAccelerator.
Do you think there is any obstacle?. Please, tell me your thoughts smile

An example can be this from php.net:

<?php
 function encrypt($string, $key) {
   $result = '';
   for($i=0; $i<strlen($string); $i++) {
     $char = substr($string, $i, 1);
     $keychar = substr($key, ($i % strlen($key))-1, 1);
     $char = chr(ord($char)+ord($keychar));
     $result.=$char;
   }
   return base64_encode($result);

 }
 function decrypt($string, $key) {
   $result = '';
   $string = base64_decode($string);
   for($i=0; $i<strlen($string); $i++) {
     $char = substr($string, $i, 1);
     $keychar = substr($key, ($i % strlen($key))-1, 1);
     $char = chr(ord($char)-ord($keychar));
     $result.=$char;
   }
   return $result;
 }
?>

Re: Strange needs?

if you can decrypt it, then without being more complicated, so can anyone else.

Re: Strange needs?

not if svo passes the key as a seperate "password" in the admin area when he wants to view the IP. the user would need both the admin password plus the decryption key to see the IP.

Re: Strange needs?

thats rather ridiculous imo

Re: Strange needs?

Connorhd wrote:

thats rather ridiculous imo

ridiculous, i agree - this is svo's request, not mine, and he/she may have a specific purpose for it. but having the key requested in admin does not allow anyone else to decrypt it without knowing both the admin username, admin password, and finally the decryption key required.

10

Re: Strange needs?

well, in fact the idea is not avoid quantum cryptography but just having the ip's and emails cyphered inside the BD.

Putting the function to decipher information outside of the public space, and enconded with eaccelerator and a key of a good lenght. This can be enough to me. This function would be validated against the Administrator IP, some characters of the agent navigator or whatever.

Just I wonder about the difficulty of having the ip's and e-mails cyphered because all the sql querys. Then to know if maybe it can be solved in a quick way or at the contrary one will need to apply this function everywhere.

best regards,

Re: Strange needs?

I fail to see why an IP is so important to hide.

12

Re: Strange needs?

Hi,

well, it is a good general practice. But also because in my country there is a law which force to protect sensible data of users in websites involving commercial transactions, religion, politics and such things. I'm developing a site of such characteristics then I prefer to implement this.
So it is not to avoid authorities or something like that but all the contrary. Also, note in that case it would be ridiculous when logs of visitors are in the server anyway.  My concern is about the site that I'm developing so the sensible data  will not visible in the database. Or at least I want to make it with this intention.  If some day somebody can break this, it will be another problem.



best regards,