Wow. Never noticed it but very cool of AO...

**Katja** · October 12th, 2005, 10:48 AM

I just noticed that you can get someone's profile by username instead of by userid. For example, to get my profile I just go to:
http://www.antionline.com/member.php...username=katja

Still, I'm not sure if AO really meant users to have access to the memberlist in this way... The default way would be through the userid like this:
http://www.antionline.com/member.php...&userid=198056

Still, I consider this a cool feature.

Then again, passing information like this through the URL might not be the safest way.

***©opy®ight*** · October 12th, 2005, 11:13 AM

And why is this in the suggestions forum ?

**Katja** · October 12th, 2005, 11:20 AM

Because I suggested that it could be unsafe.

I don't know if the URL allows other actions to be performed this way. For example, would a setdata action work too?

And of course it's a nice suggestion for the members in case you quickly want to search for some member by name. No need to go to the member list and search for them there. Just use this link, change the name and done.

Btw, about your mood... What's a girllfri?

***Egaladeist*** · October 12th, 2005, 11:26 AM

Hi katja,

Why is that cool ?

A cool feature would be being able to block trolls from accessing the site.

OH...and I agree with Copyright...this is not a suggestion...it's an instruction on how to access a userid.

Eg

***©opy®ight*** · October 12th, 2005, 11:31 AM

Btw, about your mood... What's a girllfri?

I understand your joking but this issue has been presented to mnstrlgrl, never knew if she got around to fix it or not. I think the Location: used to split too ....

***Black Cluster*** · October 12th, 2005, 11:32 AM

Originally posted here by Katja

Still, I'm not sure if AO really meant users to have access to the memberlist in this way... The default way would be through the userid like this:
http://www.antionline.com/member.php...&userid=198056

Still, I consider this a cool feature.

Then again, passing information like this through the URL might not be the safest way.

Hi Katja,

Why do you think it is not safe? It does not expouse critical data, and only AO member can see them!
And all members' profiles are here ...
http://www.antionline.com/memberlist.php?s=

Cheers

***MrLinus*** · October 12th, 2005, 11:55 AM

If you think it's unsafe then either it belongs in Oops a Bug or should be sent as a note to mnstrgrl to fix before announcing...

**Katja** · October 12th, 2005, 12:09 PM

No, it's not unsafe if this getinfo is the only action that can be executed this way. Besides, the site does check if the user is logged in or not. It's actually very useful to bookmark member profiles.
Since the profiles don't contain any email addresses of members, it's no use for spammers to walk though the member list anyway to collect those addresses.

It's just that I wondered if this functionality is in the site on purpose or if it's just a side-effect of how the php page is retrieving information from it's MySQL database.

Thread: Wow. Never noticed it but very cool of AO...

Thread Tools

Display

Wow. Never noticed it but very cool of AO...

Re: Wow. Never noticed it but very cool of AO...

Posting Permissions