I know they get pissed, but I want everyone reading this thread to think about something...
The login concept is to ensure ONLY authorized users can gain access, in addition to solving UBB missing cookie problems with UserName and Password.
With the current concept, a user logs in once, can leave their browser open for all eternity and they will not have to login. Unless, of course, they either logout or close browser session.
I could add in a javascript cookie detect routine in the login page which would allow users have either their username and password already filled out so all they need to do is click on the submit button. Or, if cookies detected, simply take them to your $welcome page defined in the config.
BUT --- and folks, pay attention to this --- what if someone else comes by and uses the computer? Or what if a child gets into an adult UBB because the cookies still exist? Or some folks in a work environment where everyone shares a lan and PC's are all over the room with Internet access? One employee could "use the login" of another employee who stepped away from his desk more easily than before.
You see, a login being required is a GOOD thing, and my original concept of additional security does mean users will and should type in their username/password at each visit.
This is how the old dialup BBS's worked, and how high end secured web sites work. The "convenience" features such as bypassing login to avoid "pissed off users having to type in something which takes 10 seconds" are really dangerous at their core.
I'd like to get some opinions on this, what do you think is the best strategy? I personally think those extra 10 seconds provides you, the webmaster, and unknowingly the user, with some peace of mind that only they are using their account.
So, bells and whistles can be a bad thing.
Thoughts, comments?
------------------
From: Jim Goldbloom
UBB Code Hacker
http://www.accessdeniedbbs.net/downloads for latest hacks
