hellkvist.org Forum Index hellkvist.org
Discussions about the free software on hellkvist.org
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

e-mail method - MSISDN not required

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    hellkvist.org Forum Index -> Peffisaur
View previous topic :: View next topic  
Author Message
Guest
PostPosted: Tue Apr 27, 2004 2:40 pm    Post subject: e-mail method - MSISDN not required Reply with quote
sorry for another Q but is there an easyway i can modify peffis to not require the users phone number to send a mms e-mail? , wouldent the unique e-mail be sufficient?

like p-e4334tds@whatever is random for each person so could i remove the e-mail check for +353851238232@blah ? this would make it alot easier for peple to send images in over e-mail as one of my friends is reluctant to give me his phone number, lol ^_^

or maybe to change it so it only requires a valid MSISDN if one is specified?

thanks in advance

Angela
Back to top
Peffis
Site Admin


Joined: 09 Sep 2003
Posts: 324
Location: Sweden
PostPosted: Tue Apr 27, 2004 7:22 pm    Post subject: Reply with quote
Well, the whole purpose of having people to type in their MSISDN was for me to get the phone number of attractive girls Smile

No, seriously, the MSISDN was just some sort of security enhancement so that it would not be that easy to submit messages in someone elses name. With just an ID it would be, in theory at least, possible to just bomb the site with emails, counting up the ID till a message appeared on the page in someone's name. So I thought that it might be good to also add some other level of security. But it doesn't matter much really. It will still be pretty insecure if you deploy it wide open on the Internet. So feel free to remove it as you wish. Making it easy for user's is also important of course.

/S
Back to top
View user's profile Send private message Visit poster's website
Peffis
Site Admin


Joined: 09 Sep 2003
Posts: 324
Location: Sweden
PostPosted: Tue Apr 27, 2004 7:27 pm    Post subject: Reply with quote
...and the way to change it is to edit recmail.pl and hack the isValid method into something like this perhaps (not tested):
Code:
sub isValid
{
    ($to, $from) = @_;
    @tos = split( "@", $to );
    $pwd = substr( $tos[0], 2 );
    if ( ($index = index( $pwd, "<" ) ) >= 0 )
    {
   $pwd = substr( $pwd, $index + 3 );
    }

    $query = "SELECT id FROM users WHERE phonepwd='$pwd'";
    $sth = $dbh->prepare($query) || die;
    $sth->execute();

    $id = 0;   
    if ( @row = $sth->fetchrow() )
    {
   $id = $row[0];
    }
    $sth->finish();

    $id || die( "pwd is $pwd" );

    return $id;
}
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    hellkvist.org Forum Index -> Peffisaur All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group