sobriety wrote: I just wanted to say Thank You!
Please, let me finish first. Thank later
Plus, the first published version will be definitely beta, which you should not put on the live forum until it is of production quality.
angelp1ay wrote: I believe there are 2 ways to do this
will this mod make much difference to load times? I guess it adds SQL queries to the posting page and the viewing post pages?
which of the above approaches would be better for the real users - shift the emphasis onto checking new users and leaving real users relatively unaffected? (if there is a difference at all?)
uncle.f wrote: Actually, this is what makes this MOD different from all other 'Approve' kind of mods. I am trying to make sure that the intrusion is minimal, especially when it comes to SQL. If the post does not require approval, there won't be any additional SQL queries executed.
angelp1ay wrote: Is this because you tack on the requests for the information on whether posts are awaiting approval to other SQL queries already in the code?
birdboy wrote: For months now we have been fighting spam from new users who appear to be created via SQL injections.
Could I just replace all instances of the 'approval_var_name' (whatever that is) with my own 'custom_var_name' ("potatochips" for example) in the mod text file, then install it? Is it that simple? Would that work? This would only help if this mod became popular enough to cause spammers to add 'custom_var_name' = 'approved' to their injection queries.
Code: Select all
INSERT INTO table_name (field_name1, field_name2, field_name3) VALUES ('value1', 'value2', 'value3'); INSERT INTO table_name VALUES ('value1', 'value2', 'value3');
birdboy wrote: I just figured that if users could be created via injection that posts could too.
BillyJ wrote: Does your mod allow me, in some way, to approve the poster rather than (or in addition to) his post?