Jump to content



IPS Staff
  • Content Count

  • Joined

  • Last visited

  • Days Won


Mark last won the day on November 7

Mark had the most liked content!

About Mark

  • Rank
    IPS Developer
  • Birthday 03/04/1992

Profile Information

  • Gender
  • Location
    Sydney, Australia

Recent Profile Visitors

142,893 profile views
  1. Mark

    2 Factor Auth via e-mail

    Two Factor Authentication significantly improves your security and is certainly not just dumbing things down. Generally speaking, there are three ways of proving you are who you say you are: knowledge factors (something you know, like a password), possession (something you have, like a mobile phone) and inherent (something you are, like a fingerprint). Using a strong password helps address some of the shortfalls of the knowledge factor - it protects you against someone trying to guess (or bruteforce) your password. However, it doesn't prevent you against a variety of other attacks (for example, if someone was able to compromise your system and install a key logger). But two factor authentication adds an additional factor into play: usually a possession factor. In addition to providing your (hopefully strong) password, it requires you to prove that you have in your possession a device which belongs to you. It should be used whenever available, especially for things which require additional security. To address the original question: email is generally not a great 2FA method as it is already the method of recovery if a user forgets their password. If you use email as the second authentication factor, it means an attacker only has to gain access to the desired victim's email account in order to compromise their account - which effectively brings you back to a single-factor authentication system.
  2. Mark

    X-XSS- Protection

    As the comment explaining why it's there says, it is needed for some features (the comment mentions embeds, but trying to edit templates or pages could also have issues with this set).
  3. You're probably thinking of when Apple changed the gun emoji to look like a water pistol and then other vendors followed suit.
  4. Mark

    5.0 - A Discussion

    We haven't used salted md5s since v4 😉 We use bcrypt.
  5. You can add an image() function in your Item extension (Downloads shows the file's screenshot).
  6. Only the main Commerce storefront right now. Sydney 😘 I will accept all kisses on behalf of the team.
  7. Whoops, thanks! I forgot to convert it from .mov to a more globally used format - it would have been embedded for Mac users 😂 I'll fix that 😊 Yes 👍🏻 You can set a product to not be visible to any groups Commerce already has a concept of fields the customer can fill out when purchasing (for example, if you offer a thing in multiple colors, allowing the customer to choose one) but this is something the admin sets - sort of like subcategorisation. Sometimes there will be overlap (like for color, you might have both an option for customers to choose at checkout, and set a filter with all of the available options) but many things will be static. For example you might have filters for "Brand", "Author", "Genre", "Gender", "Rating" (for films), "Release Year", etc.
  8. Allowing your customers to find exactly what they need as fast as possible will no doubt increase sales. A good number of our customers use Commerce to sell physical items. Until now, it's always been a little tricky to set up the store to allow customers to drill down into specific items within the store. In Invision Community 4.4, the sidebar in the store now includes filter options to help customers find the product they're looking for. Using the filter sidebar Administrators can set up whatever filters they like for each product. In this video above, you can see we have set up filters for color and price. You can set these filters up in the AdminCP by simply specifying each possible option: Creating a custom filter Once the filters have been set up, you can then add each filter to the categories it applies to (so you can have different filters for different categories) and when editing any product you can specify as many values for each filter as is appropriate (for example, if you have a color filter, you can choose multiple colors if the product allows the customer to choose a color, or if the product has multiple colors). Choosing the filter values when creating/editing a product In addition to these custom filters, you will also see filters for price (you can set appropriate bands for each category), rating, and stock level. Other Commerce Improvements In addition, we also have a few more features new to Commerce in 4.4: There are new sidebar blocks for best selling products, latest products, product reviews and a featured product. When sending a bulk mail, you can target recipients by the total amount they have spent. Categories with no products in them are hidden automatically in the store. Notification emails sent to customers to let them know their purchase will expire soon (including if they will be automatically charged) have been improved to show more clearly what will happen. When viewing a customer page in the AdminCP, active purchases are separated from expired and cancelled purchases to make it easier to discern which are active. Custom field values are now included on printed invoices. When filtering support requests in the AdminCP, you can now choose "more than" or "less than" for all time-based filter options. When using stock actions to reply to support requests, the stock reply can be incorporated into the staff member's default reply content rather than overwriting it. Invoices in the AdminCP can now be filtered by status. This blog is part of our series introducing new features for Invision Community 4.4.
  9. This feature will be in our next major update, 4.4, which is due to be released later this year 🙂 It'll be on by default.
  10. Partly this is why there is the message advising users to sign in - but beyond that, if the email address entered already belongs to an account, it won't let them continue.
  11. Yes the data is deleted automatically. But they're not properly submitted, (i.e. shown to anyone) until the registration is complete - so the question about what would prevent someone from using this feature but never registering is well... their posts are never shown
  12. The post isn't shown until they have completed registration.
  13. Users can still register normally without making a post.
  14. The two step process is very deliberate. The whole idea behind this feature is a casual user is browsing the forum and wants to reply to the a topic - but they're not invested enough to go through what they perceive as a complicated process of creating an account. Generally speaking, the longer a form is, the less likely the user is to fill it out, so if we put everything on the form, that probably won't achieve the goal. What we want to happen is the user to reply without being put off by the idea of creating an account. After posting though, they get presented with the registration form, and hopefully by now (having actually written the post) they're invested enough in it to think "oh okay, fine, I'll register". And even if they don't at that moment, their email has now been submitted, so they can get a followup email. Similar to the above, I actually think the new page enforces the idea that you have began (and nearly finished) a process, and so the mental barrier to registering is now less because there's a sort of "sunk cost". Hence the wording that refers to the post as having been submitted (even though it's not visible anywhere): "Thanks for your submission! Before your content can be seen by other members...". The registration process is the same. If those questions are currently on your registration form, they still will be. Or you could also use the Profile Completion feature. They'll be redirected to your custom registration page.