Memberships Process Tidy-up & streamlining

The NZLARPS online database is ready to be tested by you guys.

nzlarps.org/database.php

As I’ve said it’s pretty basic. It doesn’t give a lot of messages, if you do something weird you’ll get ugly errors, and it doesn’t do much validation that what you’re entering is sensible. It works fine when it’s used in a sensible way, but most users aren’t terribly sensible.

But I figure you guys can catalogue all the issues and I can fix them before we announce it. Register yourselves and I’ll set you up as admins. That means you can see all the user profiles and edit other user’s NZLARPS membership status. I’ll set Craig up with higher permissions so he can set users as admins and edit user profiles.

I’m particularly unsure about the sessions. Sessions are what keeps track of who you are that is logged in. I’ve set it up to keep you logged in for a few hours from your latest activity, then you should be booted to the login page. In theory. But actually, the server clock is on US time and I’m storing both database and cookie session info and the whole thing is a little confused - I probably should have spent longer on it. Let me know how long it actually keeps you logged in (e.g. bookmark your profile page and see how much later you can access it after the last time).

The database assumes that not just NZLARPS members will be using it. So it has you register as a new member, and then click a button to say you want to register. Two-step process seemed the best way to me. It also means that non-members will be reminded about joining every time they visit their profile.

Feel free to register multiple times to test it, I can delete test registrations.

I’ve signed up and I can see the two of us. Looks like a nice simple process, thanks Ryan. Let me know when I’ve had my access rights upped and I’ll take another look.

Craig, I see you’ve registered. I’ve updated your permissions. Try to avoid the temptation to delete my account.

I entered my expiry as “AGM 2008” and it defaulted to 31 December, 1969.

My membership number transformed in to 7, rather than 007. You can guess which I’d prefer.

You’re barely scratching the surface of stupid things you can do, try harder.

Now we’re talking.

I made a new user with first name and last name that were both html-inected links. Now I can’t click on him as the admin user to delete him because doing so sends me to some hacker website.

Probably disallow the “<” character to solve this one…!

Yah, saw that and thought it was a good’un. I can access the user by changing the URL though, even without getting into scripting. But code insertion is definitely something we shoudl check for.

I’ll collect up all the issues people come up with, prioritise them, and fix them all at once in a few days time.

I’ve marked you as an admin Anna, so next time you access it you should see more options.

I can’t see anyone’s passwords, by the way. They’re hashed before they go into the database. So they’re as secure as they are on Diatribe: the only way to get them would be to intercept the packets as they make their way to the server, which is real hacker stuff and can only be got around with an SSL certificate. SSL would be an excessive degree of security unless we’re handling credit card numbers.

Good work, Ryan.

I left my birthday blank and it defaulted to 4-Oct-2007 which I assume is the date on the server. Can this field be nullable ?

It’s nullable, it just sets to now() when given a blank string for some reason. I fixed that issue on the expiry dates, will apply the same fix to the birth date.

I’ve set Mike and AJ to admins.

Nice work.

Maybe add a password verification line in case of typos.

I found that using a 4 digit month code left me with only 3 digits for the year. I.e. “17 Sept 200”

When I made up Larpers R Gay, I typed “yesterday”, and now its set to the 3rd.

Was looking at the profile list, noticed that the ordering isn’t great. It orders by membership status which I think is good (unprocessed membership applications go to the top), but it should sub-order alphabetically by name too.

Also, we may want an email to be sent automatically when people apply for membership, so that someone on the committee knows to log in and update them (as well as check the account, send the card, etc). Who should this email go to?

EDIT: secretary@nzlarps.org as Scotty suggested earlier?

EDIT: we may also want to edit the membership page to direct people to registering via the database instead.

I was 1/2 way through saying that when you did.

Yes for me, and probably yes for Steve…

Yes for membership page directions too.

And if I could ask the committee to register with their most up to date details, I can send them off to Societies.govt.nz to complete this years registrations. One stone, two birds.

When I went throught the registration process i was asked if i want to join or if i was a member. There didn’t seem to be an option to click through if i was a member though only, sign up or sign up with discount.

It says “Please click below if you would like to join or are already a member.” I’m assuming that existing members will just choose the appropriate button depending on whether they already have a discount or not.

Open to suggestions on the wording.

I’ve added you as an admin so you should see some more options now.

When you sign up in the database, I think there should be 3 buttons - ‘sign up’, ‘sign up with discount’ and ‘already a member’.

Can you set me to be a listed member and possibly an admin as well so I can explore it?

Also, when your membership expiry date approaches, maybe have a ‘renew membership’ button next to it on the page that does the saem as the ‘sign up’ buttons?