When using debug mode, only admins should see the debug info the prints out on the bottom of the site. Currently, there is no usergroup conditonal around it.

I'd like to suggest this be changed in a future version. There's no good reason for regular members to see the extra stuff at the bottom that I can think of. Anyone else chime in here ???

The way I see it, I can leave my site in debug mode while i'm working on a product for an hour or so, and not have to worry about Bots indexing it, users seeing it, etc etc.

When using debug mode, only admins should see the debug info the prints out on the bottom of the site. Currently, there is no usergroup conditonal around it.

I'd like to suggest this be changed in a future version. There's no good reason for regular members to see the extra stuff at the bottom that I can think of. Anyone else chime in here ???

The way I see it, I can leave my site in debug mode while i'm working on a product for an hour or so, and not have to worry about Bots indexing it, users seeing it, etc etc.

+ 1 vote:)

Debugmode is set before the system is initialised.

The way I deal with it on my forum is have a misc plugin that lets me ?setcookie=true to misc.php, which sets a cookie.

Then in config.php I check if that cookie is set and then define the debug variable.

Debugmode is set before the system is initialised.

The way I deal with it on my forum is have a misc plugin that lets me ?setcookie=true to misc.php, which sets a cookie.

Then in config.php I check if that cookie is set and then define the debug variable.
What Brian is talking about is the debugging output at the bottom of the page. He wants it only to be shown to an admin and no one else, when the board is in debug mode.

On another level, this is my personal preference but I *never* put a live installation in debug mode. That's what you have a separate test installation for. All of my development goes on in the test installation. :)

I enable debug mode on a per IP address level. IE:


if ($_SERVER["REMOTE_ADDR"] == "192.168.0.1") {
// enable debug mode for only my IP address
$config['Misc']['debug'] = true;
}

This way only I see it, and it adds no overhead (well, one if condition as opposed to the full debug logging etc.) to anyone else that is visiting my site.

The point is your live install should never be running in debug mode for normal users (at the very least).

Why would you enable debug mode for everyone (which gives them access to ?explain=1) and only show the debug output for admins?

Andy: I wish i could do it that way, I dont have a static ip, so cookies are the next best thing :)

Andy: I wish i could do it that way, I dont have a static ip, so cookies are the next best thing :)

My ISP doesn't guarantee static IP for me, too. Luckily for me, my IP are fairly static, at least for a few weeks to a few months, depending on their mood. I keep it to my IP, and if it disappears, I check what my IP address is, and update it as needed.

If you're doing it via cookies, it would be a good idea to set it to some cryptic name, so no one can guess it. Security by obscurity is not a way to be, but it sure beats no security what so ever ;)

You're right, its something I've not thought about tbh. /me goes off to think about the best way of fixing that

Maybe some kind of hash of the userid or something. Hmm.

I disagree, this should not be staff only. But a 0,1,2 option system.

0 = everybody on or off (for dev board)
1 = specific usergroups (for live board with debuggers/private beta testers - allowing non staff to be testers too)
2 = super admin only (not staff, not admins, just the super admins)

$config['Misc']['debug'] = true;
could be
$config['Misc']['debug']['0'] = true; // On for everybody
$config['Misc']['debug']['1'] = true; // On for specific usergroups
$config['Misc']['debug']['2'] = true; // On for super admins

The point is your live install should never be running in debug mode for normal users (at the very least).

Why would you enable debug mode for everyone (which gives them access to ?explain=1) and only show the debug output for admins?

Andy: I wish i could do it that way, I dont have a static ip, so cookies are the next best thing :)
Usually your IP will change every couple of days (unless you click to connect everytime). If so, grab your IP at a site like this (http://www.dslreports.com/ip), then edit your config file for that IP.

Usually your IP will change every couple of days (unless you click to connect everytime). If so, grab your IP at a site like this (http://www.dslreports.com/ip), then edit your config file for that IP.
I want to add a domain or range. Like, My IP is quite static, but every once in a while they change it and it goes from 77.* to 86.* etc.

I rather want to add range chello.nl (which is my isp) limiting allowed logins to at least my ISP. Or set the ranges: 77.49.*.*, 86.49.*.* to narrow it down even further.

And yes, as a hidden option (like debug true, and hook false) in the config.php

Again, this should be an optional feature.

I disagree, this should not be staff only. But a 0,1,2 option system.

0 = everybody on or off (for dev board)
1 = specific usergroups (for live board with debuggers/private beta testers - allowing non staff to be testers too)
2 = super admin only (not staff, not admins, just the super admins)

$config['Misc']['debug'] = true;
could be
$config['Misc']['debug']['0'] = true; // On for everybody
$config['Misc']['debug']['1'] = true; // On for specific usergroups
$config['Misc']['debug']['2'] = true; // On for super admins
Currently this would be hard to accomplish because debug mode has to be on or off before loading the database class. Debug mode loads a different database class. If you haven't loaded the database you have no session/user info to decide if they can use debug mode. vBulletin's design would have to be fundamentally changed to do this.

Well, any suggestion posted now is no longer for 3.x, since 3.7 is the last considered 3.x feature release. ANything new to 3.x (like 3.8) is to complement the 3.6/3.7 feature base.

Suggestions posted now are meant for 4.x basically.

Usually your IP will change every couple of days (unless you click to connect everytime).
Not if you're like me and never turn off your computer.

$ uptime
10:36:28 up 9 days, 22:48, 10 users, load average: 0.32, 0.31, 0.22
I upgraded my RAM recently, otherwise that would usually be more like a month or two. So the IP check works great for me.

Even if I turn my computer off, my router stays on. I can have the same IP for several months.

Even if I turn my computer off, my router stays on. I can have the same IP for several months.
Same here, but if the ISP decides to switch you can't do anything. You will loose the connection and come back, and if the DHCP there or here sets a different one, router on or off, you end up with the same ip but no internet, or the new ip and internet.

Using the router with static and telling them which one you want helps you get it for months in a row yeah, which I like a lot :)

A cookie with a md5 salt of useragent and licence key in a 'debug_mode' cookie would work.

Though, im not sure if the licence key is defined early enough. Maybe a config variable of random characters or some such.