Security improvments

[irishrage]

I find 2 securitity risks that can be imporved:


1. When a ad is published admin is advised to his email and a clickable link when cklicked takes one direkt to admin CP of osclass. So this mean somone get access to your email account allso have access to your osclass admin CP. I suggest admin get advised trough email but the cklickable link dont get direct to admin CP. Admin have to login first.

2. In user account user can change their credentials. I suggest some field in register form can be required and that user dont can make changes to this in user account panel.

Kind regards

[_CONEJO]

Hi irshrage,


1.- The link points directly to the admin panel, BUT you only get in if you're the admin, previously logged on that computer and the cookie is still valid. If the cookie is not valid, then, you're redirected to login page.

2.- What do you mean about credentials? the email? I don't see the problem changing your email or any other data, but maybe a plugin will avoid those changes.


Thanks!!

[irishrage]

2.

Its to avoid froid or scam. Example:

Person who want to make a scam fill in register form with his name, telephone, adress etc

Then he put up a imaginable ipad that dont even exist.

He then change or delete hes name, telephone adress and keep only his e-mail.

Then buyer make contakt and send money for this merchandise.

When buyer complain I look in user information page and se only fake information or even emty fields

I say there would be more safe to make some of the register field obligatory and dont make it editable from user account

also there would be good to be able to make extra field in register form that not been shown in public only for admin like personal numer etc...

I hope this clear some thing up