Re: [Giftweb-discuss] CVS updated

[Gregory Gee]

Matthew T. Jachimstal wrote:

> Just some notes that I've thought of while perusing your changes:
>
> siteadmin.php:
>         Yes, make them links instead of a form (that was ugly). But, keep
>         everything in one file. All siteadmin functions should be done in
>         siteadmin.php. Don't make a separate file for each task.
>
>         So, fold in manageevents.php, manageusers.php.
>         Probably grpedit.php, too.
  Sounds ok to me.  I believe I fixed all the bugs in the grpedit.php so that
it isn't "Broken" anymore.

> newgrp.php:
>         I _still_ don't like the idea of any user being able to automatically
>         create a group. After the mess I just went through on my live site[1],
>         I'm convinced that some oversight is necessary.
  I didn't think that the newgrp.php was finished.  I just wanted to get the
ability to create them first.  The next step was to get the new groups to be
approved by the site admin.  I hadn't gotten to that part yet.

>         [1] A user joined _all_ my groups and started marking items purchased.
>             marked _all_ of my (personal) items! I had no idea who this person
>                 was; I suspect it was someone trying out the system. It just
>                 solidified the idea that you can't let just any user run wild
>                 on the system.
   How was this person allowed to join groups?  Don't you have to be approved
before you can start marking items purchased?

> I'm taking the changes from smallest diff to largest diff to an
> individual file. Of course, some of them have to be taken together which
> makes the process that much harder. I have to comprehend all the changes
> (sometimes as a whole) in order to be able to see what they're doing. :)
>
> Later,
> Matthew

Greg