I'll nurse you back to health. I'll wear the nurse outfit!

"BuffyBot" ,'Dirty Girls'


Buffistas Building a Better Board ++

Do you have problems, concerns, or recommendations about the technical side of the Phoenix? Air them here. Compliments also welcome.


Gudanov - May 28, 2018 4:23:55 pm PDT #4092 of 4671
Coding and Sleeping

Some minor tweaks. Replaced the page editor with something that has a more comfortable license.

With pages now editable, I'm considering static pages largely taken care of as far as code goes.

Need to take care of the optional left sidebar, messaging admins, archiving threads, and enabling the random quotes before bumping to beta 0.4.

At that point it's just minor features and bug fixes to polish things up , but the board will be pretty much ready to go.


Gudanov - May 30, 2018 4:22:31 am PDT #4093 of 4671
Coding and Sleeping

I've thought of an idea for migration without migrating user accounts. I could suck in the current threads and set all the users to a special legacy user. I can store the legacy time, legacy user name, and legacy tagline with the post and display those instead when a post is created by the legacy user.

Those posts would be a little different in that the user name wouldn't be a link and you couldn't block the user, but I don't think that would be that big a deal.


Tom Scola - May 30, 2018 5:15:14 am PDT #4094 of 4671
Mr. Scola’s wardrobe by Botany 500

What's the issue with migrating user accounts?


Gudanov - May 30, 2018 5:26:13 am PDT #4095 of 4671
Coding and Sleeping

There are a lot of user accounts, many that aren't active. In order to migrate users we'd need to store the old password hashes which aren't secure. Even if users are required to change the password immediately, all those inactive hashes will still be sitting around. The database will be much better protected, but we can't count on the database never being breached and those old passwords being cracked.


Tom Scola - May 30, 2018 5:49:55 am PDT #4096 of 4671
Mr. Scola’s wardrobe by Botany 500

We can migrate the accounts and make everyone change their passwords without copying the old password hashes.


Gudanov - May 30, 2018 5:53:58 am PDT #4097 of 4671
Coding and Sleeping

That's not much different than creating a new account. I suppose we could match on user name if the user wants and load that data.


Tom Scola - May 30, 2018 6:07:58 am PDT #4098 of 4671
Mr. Scola’s wardrobe by Botany 500

I just think that this "legacy account" idea you're proposing would be too confusing, and that there should be more continuity between the two sites.

People really do come back to the site after a very long time, and we shouldn't make it harder for them.


Gudanov - May 30, 2018 7:09:49 am PDT #4099 of 4671
Coding and Sleeping

The part that I get caught up on is how to authenticate a returning user without keeping the insecure hashes.

We could do name matching, but that would make it really easy to hijack an existing account. We could authenticate by using the profile e-mail, but that might be out of date and then the user is kinda stuck since they can't create a new account since there is an existing one.

I don't know. It's a tricky problem.


Tom Scola - May 30, 2018 8:11:05 am PDT #4100 of 4671
Mr. Scola’s wardrobe by Botany 500

You keep the old hashes (for a short period of time). The first time a user logs in, you prompt them for a new password and/or generate a new hash. After the grace period has expired, the old passwords are purged. Then a user would have to either use their account email address, or the admin contact form, same as always.

I just don't want there to be so much friction that we lose people during the board transition.


Gudanov - May 30, 2018 9:16:25 am PDT #4101 of 4671
Coding and Sleeping

A grace period could work.