Shawn's Scraps

nobody reads my blog

Another road marker in the life of Rollator: Auto Logout

With the migration to cookies, it was a matter of time, well – hours, until I opted to ensure that any users actually using the function were active, and not just leaving it open.

It’s a pretty easy hack, and any savvy-user can circumvent it quite easily if they know how to manage their cookies and UNIX timestamps – but then again, it’s easier to just login. ;)

The cookies are computed at login: a login time stamp, and an ‘idle’ stamp which is refreshed every time you do an administrative function – not that unlike many similar tools, this isn’t changed if you just hit ‘refresh’ on the administrative screen – this is by design.

As all administrative functions are currently wrapped, it’s only checked in the administration interface, but everything’s been written to break things apart, throw them back in, write your own functionale, etc.

I’ve already created a few ‘toy’ modules for Rollator, most notibly the calendar, URL logging functions, and the whole music blogging system – these are merely ‘fun fluff’, which is easily integrated into the primary system.

I’m contemplating additions, and honestly, beyond cleaning and FINALLY getting to making the whole system templated, I really don’t know what to do – it’s got full archive and search functionale – you can edit by entry number or name, delete entries, leave/edit/remove comments related to an entry, even upload files or optimize your tables at a single button click.

I’d really like to get down to a better ‘security’ system than checking for certain poisoned data all the time, with a header ‘hack’ check atop of each external function, but I’m not sure how to proceed.

I’m contemplating how to do the multi-user blogging, and indeed, how to manage the users. Up until recently, the entire system was designed for a ‘single shot’ easy-use Blogging/Content system – but it is certainly capable of much more. One thought going through my head, as with a previous post is keeping a ‘root’ admin who is capable of managing users and all content in a local file, and using an SQL backend for user auth and privileges.

Hmmm.