for a Call of Duty 2 gaming team that plays on the Xbox 360. These guys wanted a flashy header, forums, and a simple site with info about the team and a way to contact them. I'm 90% done and a lot of this last 10% is going to be small changes. I'd like to get as much feedback as possible before I wrap this project up.
The site includes a back end for simple editing. They can add/remove users from the team roster, which automatically updates the "recipient" drop down in the contact section. They can add news to the front page, topics to the front page, and events to the calendar. I'm paticularly proud of the back but obviously I cant hand out the login. so here's a screenshot.
Last edited by houston on Thu Jun 29, 2006 3:54 pm, edited 2 times in total.
I like the header - looks nice, but the whole site is too dark. It's hard to read. I would brighten up the text or do something to contrast the text from the background a little bit. I'll look at it a little more when i get home, but that's all I have for now.
i was wondering for the longest time how you validated your <span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span>. SO making my design guy use this
MrPotatoes wrote:oh sweet! i'm totally using that.
i was wondering for the longest time how you validated your <span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span>. SO making my design guy use this
not sure what you mean
One last question, and I hope I'm not shooting myself in the foot by asking this here.. I'm not too sure of the security of my back end. If someone would be so kind as to just take a look at how I've coded it I would be very appreciative.
Probably just need to take a look at user input areas. If you want to post some of your code that deals with user input, I'd be happy to take a look at it! Just post it in php code.
I'm more worried about locking people out of the pages that pertain to the functions of deleting and adding things to the database.
Right now the security on those pages is nothing but a condition that looks for a variable passed to it by a link hidden in the main members page. If the variable isn't exactly right it redirect you elsewhere.
houston wrote:Right now the security on those pages is nothing but a condition that looks for a variable passed to it by a link hidden in the main members page. If the variable isn't exactly right it redirect you elsewhere.
Ouch. The usual way to validate a login is to check for the existence of a session variable. e.g. $_SESSION['userid'] = $user;
Not a whole lot to 'em. Basically the concept is this:
Session info is stored in a text file on your server (usually above the root dir in a folder called tmp or something on a shared server). PHP is so awesome, you don't even have to worry about reading/writing the file, you simply call session_start() at the beginning every page, and then assign values by doing:
you should make your contact page validate information before sending it. It would also be nice to get some sort of confirmation. Not confirming that the message has been sent is VERY confusing to some people. They don't know if it was sent or not. If you aren't validating the information being sent with your form, you are in danger of mail header injection. This is a big deal. Even very small sites are often exploited to send SPAM in this way. I would take care of that ASAP. That is all I have for you though. Site looks nice other than being too dark.