Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Clean up account creation UX flaws
See original GitHub issueBrief summary of issue / Description of requested feature:
A character can be created easily enough from the terminal:
create johnny password123
As one would expect, this creates johnny with password password123. In any other context, this is great for conversion rate; it gets the user in the door with minimal fuss.
The user experience starts to degrade when I issue a typo:
create jhonny password123
> A new account 'jhonny' was created. Welcome!
As there is no step confirming entry of either my username or password, I’ve now created an account I don’t want and that nobody else can use. This can also be abused to DoS or degrade the entire application by anyone with elementary scripting skills by creating new usernames endlessly:
while true:
send create <randint> <randint>
> A new account '293942934' was created. Welcome!
...
The user experience also breaks down when a user ignorant of spacing conventions-- let’s call him ‘Jim Bob Ray Mack’-- wants to register his name.
create jim bob ray mack password123
> A new account 'jim' was created. Welcome!
Again, an undesired account jim is created, and the user is unlikely to realize that if they did want to use this account, the password was set to bob ray mack password123.
(New) Characters will also be created with bogus characters when, using a crappy client like Telnet, the backspace key is pressed. This will result in characters with names like jimmy\x7f\x7f\x7f which are near-impossible to use.
Extra information, such as Evennia revision/repo/branch, operating system and ideas for how to solve / implement:
Extra accounts in the database may not seem like a big deal, but in cases where we provide a directory of players via the web interface, it’s misleading and undesirable to include bogus/duplicate accounts with no activity in that population (we’re not Twitter or Ashley Madison).
-
The first issue could be mitigated by confirming data entry before blindly creating new accounts.
-
The security aspect can be mitigated by rate limiting account creation by IP.
-
I’m thinking the second issue can likely be solved by throwing an error if more than 2 arguments are provided to the
createcommand.
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource. </bountysource-plugin>
Issue Analytics
- State:
- Created 6 years ago
- Reactions:4
- Comments:6 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
A switch to an EvMenu based login would be very helpful here, too. Plus that would make autoconnection work. Edit: Natively, in Mudlet, I mean. It’s a little hard to figure out how to change Mudlet’s autologin.
Added a new issue where the backspace char can be appended to character names.