[56k warning] Critique my site

JavaScript and client side scripting.

Moderator: General Moderators

houston
Forum Newbie
Posts: 17
Joined: Tue Jun 27, 2006 6:41 pm

[56k warning] Critique my site

Post by houston »

http://fatalprescription.com

for a Call of Duty 2 gaming team that plays on the Xbox 360. These guys wanted a flashy header, forums, and a simple site with info about the team and a way to contact them. I'm 90% done and a lot of this last 10% is going to be small changes. I'd like to get as much feedback as possible before I wrap this project up.

The site includes a back end for simple editing. They can add/remove users from the team roster, which automatically updates the "recipient" drop down in the contact section. They can add news to the front page, topics to the front page, and events to the calendar. I'm paticularly proud of the back but obviously I cant hand out the login. so here's a screenshot.

Image
Last edited by houston on Thu Jun 29, 2006 3:54 pm, edited 2 times in total.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Can you prepend your post title with '[56K WARN] - '? A 218K image in enough to kill some people's browsers.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

html doesn't validate - http://validator.w3.org/check?verbose=1 ... ion.com%2F
can't validate css because xthml doesn't validate
not a real big deal, but section 508 failed too - http://www.contentquality.com/mynewtest ... ion.com%2F

I like the header - looks nice, but the whole site is too dark. It's hard to read. I would brighten up the text or do something to contrast the text from the background a little bit. I'll look at it a little more when i get home, but that's all I have for now.
houston
Forum Newbie
Posts: 17
Joined: Tue Jun 27, 2006 6:41 pm

Post by houston »

ive been working on validation for the past few hours, I never release non validating work
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

houston wrote:ive been working on validation for the past few hours, I never release non validating work
Oh good! We like to promote validation here at Dev net!!
I really will go through the whole site when I get home, I promise!
User avatar
MrPotatoes
Forum Regular
Posts: 617
Joined: Wed May 24, 2006 6:42 am

Post by MrPotatoes »

oh sweet! i'm totally using that.

i was wondering for the longest time how you validated your <span style='color:blue' title='I&#39;m naughty, are you naughty?'>smurf</span>. SO making my design guy use this
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

http://fatalprescription.com/roster.php is outputting raw php code.

Code: Select all

<tr>
					<td bgcolor='#232323' bgcolor='<?php echo #290606; ?>' width='300'><div align='center'>Scamm</div></td>

					<td bgcolor='#232323' bgcolor='<?php echo #290606; ?>' width='200'><div align='center'>4-13-06</div></td>
					<td bgcolor='#232323' bgcolor='<?php echo #290606; ?>' width='200'><div align='center'>Honorary Member</div></td>
				</tr>
houston
Forum Newbie
Posts: 17
Joined: Tue Jun 27, 2006 6:41 pm

Post by houston »

astions wrote:http://fatalprescription.com/roster.php is outputting raw php code.

Code: Select all

<tr>
					<td bgcolor='#232323' bgcolor='<?php echo #290606; ?>' width='300'><div align='center'>Scamm</div></td>

					<td bgcolor='#232323' bgcolor='<?php echo #290606; ?>' width='200'><div align='center'>4-13-06</div></td>
					<td bgcolor='#232323' bgcolor='<?php echo #290606; ?>' width='200'><div align='center'>Honorary Member</div></td>
				</tr>
thank you very much, I'll clean that up
MrPotatoes wrote:oh sweet! i'm totally using that.

i was wondering for the longest time how you validated your <span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span>. SO making my design guy use this
not sure what you mean

One last question, and I hope I'm not shooting myself in the foot by asking this here.. I'm not too sure of the security of my back end. If someone would be so kind as to just take a look at how I've coded it I would be very appreciative.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

Probably just need to take a look at user input areas. If you want to post some of your code that deals with user input, I'd be happy to take a look at it! :D Just post it in php code.
houston
Forum Newbie
Posts: 17
Joined: Tue Jun 27, 2006 6:41 pm

Post by houston »

I'm more worried about locking people out of the pages that pertain to the functions of deleting and adding things to the database.

Right now the security on those pages is nothing but a condition that looks for a variable passed to it by a link hidden in the main members page. If the variable isn't exactly right it redirect you elsewhere.


Here's a link

http://fatalprescription.com/members.php

see if you can get in
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

houston wrote:Right now the security on those pages is nothing but a condition that looks for a variable passed to it by a link hidden in the main members page. If the variable isn't exactly right it redirect you elsewhere.
Ouch. The usual way to validate a login is to check for the existence of a session variable. e.g. $_SESSION['userid'] = $user;
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

You're not passing security information through the url are you? That's BAD.... :(
houston
Forum Newbie
Posts: 17
Joined: Tue Jun 27, 2006 6:41 pm

Post by houston »

ill have to look around for some tutorials on sessions, because ive never attempted one before
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

Not a whole lot to 'em. Basically the concept is this:

Session info is stored in a text file on your server (usually above the root dir in a folder called tmp or something on a shared server). PHP is so awesome, you don't even have to worry about reading/writing the file, you simply call session_start() at the beginning every page, and then assign values by doing:

Code: Select all

$_SESSION['var_name'] = "value";
PHP will automatically assign a session id, and store this in a cookie, or pass it through the URL if cookies are not enabled.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

you should make your contact page validate information before sending it. It would also be nice to get some sort of confirmation. Not confirming that the message has been sent is VERY confusing to some people. They don't know if it was sent or not. If you aren't validating the information being sent with your form, you are in danger of mail header injection. This is a big deal. Even very small sites are often exploited to send SPAM in this way. I would take care of that ASAP. That is all I have for you though. Site looks nice other than being too dark.
Post Reply