Authentication issues #70

Satnet opened this Issue Mar 24, 2013 · 6 comments


None yet

4 participants

Satnet commented Mar 24, 2013

If I write "Admin" in the login box and no password.
I get logged in as Admin guest user, even tho the Admin user is in the users.php.

I don't know if you guys coded that with purpose or not?
But I see it as a bug.


This is not an issue of authentication, per se. Nicknames are case sensitive, and the Admin guest user does not collide with the "admin" administrative role user. The "Admin" guest user still has guest permissions. The only issue is one of confusion, but the permissions are still as they should be.

Satnet commented Mar 25, 2013

They do colide.
the "admin" and the guest "admin" collide. Because people might think that the Guest user admin is the real admin.
That's not right...

gWorldz commented Mar 25, 2013

They don't collide as far as code or get the other persons private messages and such. Its more an issue with unintelligent users mistaking a troll for an admin. Real admin are displayed by name in color and style associated with admin, fake admin are displayed in () in the color and style associated with guest.

In the end it comes down to this. anyone can claim to be an admin in your chat but those people are trolls. We would need to remove allot of nick options to beat the trolls at this game, admin, administrator, owner, developer, mod, moderator, staff or anything else that can be pulled form a thesaurus but the bottom line a troll will always find a way.

Still it might be nice to have a mod to prevent certain nick names from being selected such as this and the more common troll vulgarities o.O

Frug commented Mar 25, 2013
  • Usernames are case sensitive by design. It's a preference issue, but code-wise it's useful to distinguish between Admin and admin because they are, in fact, different, and some integration version may require this distinction to be kept.
  • Guests are denoted by having different color names and brackets around their names by default. It's pretty clear who is an admin and who is a guest with the name admin. I know some users are not savvy enough to tell the difference but I think it's obvious. If you want to make it even more obvious for your users, you can set the guest prefix to say 'guest: ' in your config.php.

You can make two feature requests if you want. a) allow case-insensitive usernames as an option and b) force guest names not to match any version of a registered username, but there is no collision of names happening and this isn't going to be a priority right now.

Satnet commented Mar 25, 2013

What's needed is a Database authentication, users stored in the database and remove the case sensetivity on Usernames. Also no one should be able to use "FiNCH" or "finch" if "finch" or "FiNCH" is in the database.
This is something that is needed. I've tryed to mod it but the code is to complex for me, im not used to this kind of code.

Frug commented Mar 25, 2013

Database storage of usernames in the standalone client may happen in a later release. If you need it now, you'll need to integrate with an existing system. As this is going beyond a feature request, please take discussion to the google group.

@Frug Frug closed this Mar 25, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment