Page 1 of 2
[56k warning] Critique my site
Posted: Thu Jun 29, 2006 3:36 pm
by houston
http://fatalprescription.com
for a Call of Duty 2 gaming team that plays on the Xbox 360. These guys wanted a flashy header, forums, and a simple site with info about the team and a way to contact them. I'm 90% done and a lot of this last 10% is going to be small changes. I'd like to get as much feedback as possible before I wrap this project up.
The site includes a back end for simple editing. They can add/remove users from the team roster, which automatically updates the "recipient" drop down in the contact section. They can add news to the front page, topics to the front page, and events to the calendar. I'm paticularly proud of the back but obviously I cant hand out the login. so here's a screenshot.

Posted: Thu Jun 29, 2006 3:46 pm
by RobertGonzalez
Can you prepend your post title with '[56K WARN] - '? A 218K image in enough to kill some people's browsers.
Posted: Thu Jun 29, 2006 3:52 pm
by Luke
html doesn't validate -
http://validator.w3.org/check?verbose=1 ... ion.com%2F
can't validate css because xthml doesn't validate
not a real big deal, but section 508 failed too -
http://www.contentquality.com/mynewtest ... ion.com%2F
I like the header - looks nice, but the whole site is too dark. It's hard to read. I would brighten up the text or do something to contrast the text from the background a little bit. I'll look at it a little more when i get home, but that's all I have for now.
Posted: Thu Jun 29, 2006 3:56 pm
by houston
ive been working on validation for the past few hours, I never release non validating work
Posted: Thu Jun 29, 2006 4:03 pm
by Luke
houston wrote:ive been working on validation for the past few hours, I never release non validating work
Oh good! We like to promote validation here at Dev net!!
I really will go through the whole site when I get home, I promise!
Posted: Thu Jun 29, 2006 4:26 pm
by MrPotatoes
oh sweet! i'm totally using that.
i was wondering for the longest time how you validated your <span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span>. SO making my design guy use this
Posted: Thu Jun 29, 2006 4:31 pm
by Benjamin
http://fatalprescription.com/roster.php is outputting raw php code.
Code: Select all
<tr>
<td bgcolor='#232323' bgcolor='<?php echo #290606; ?>' width='300'><div align='center'>Scamm</div></td>
<td bgcolor='#232323' bgcolor='<?php echo #290606; ?>' width='200'><div align='center'>4-13-06</div></td>
<td bgcolor='#232323' bgcolor='<?php echo #290606; ?>' width='200'><div align='center'>Honorary Member</div></td>
</tr>
Posted: Thu Jun 29, 2006 4:42 pm
by houston
astions wrote:http://fatalprescription.com/roster.php is outputting raw php code.
Code: Select all
<tr>
<td bgcolor='#232323' bgcolor='<?php echo #290606; ?>' width='300'><div align='center'>Scamm</div></td>
<td bgcolor='#232323' bgcolor='<?php echo #290606; ?>' width='200'><div align='center'>4-13-06</div></td>
<td bgcolor='#232323' bgcolor='<?php echo #290606; ?>' width='200'><div align='center'>Honorary Member</div></td>
</tr>
thank you very much, I'll clean that up
MrPotatoes wrote:oh sweet! i'm totally using that.
i was wondering for the longest time how you validated your <span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span>. SO making my design guy use this
not sure what you mean
One last question, and I hope I'm not shooting myself in the foot by asking this here.. I'm not too sure of the security of my back end. If someone would be so kind as to just take a look at how I've coded it I would be very appreciative.
Posted: Thu Jun 29, 2006 4:48 pm
by Luke
Probably just need to take a look at user input areas. If you want to post some of your code that deals with user input, I'd be happy to take a look at it!

Just post it in php code.
Posted: Thu Jun 29, 2006 5:04 pm
by houston
I'm more worried about locking people out of the pages that pertain to the functions of deleting and adding things to the database.
Right now the security on those pages is nothing but a condition that looks for a variable passed to it by a link hidden in the main members page. If the variable isn't exactly right it redirect you elsewhere.
Here's a link
http://fatalprescription.com/members.php
see if you can get in
Posted: Thu Jun 29, 2006 6:12 pm
by Chris Corbyn
houston wrote:Right now the security on those pages is nothing but a condition that looks for a variable passed to it by a link hidden in the main members page. If the variable isn't exactly right it redirect you elsewhere.
Ouch. The usual way to validate a login is to check for the existence of a session variable. e.g. $_SESSION['userid'] = $user;
Posted: Thu Jun 29, 2006 6:38 pm
by Luke
You're not passing security information through the url are you? That's BAD....

Posted: Thu Jun 29, 2006 8:56 pm
by houston
ill have to look around for some tutorials on sessions, because ive never attempted one before
Posted: Fri Jun 30, 2006 12:32 am
by Luke
Not a whole lot to 'em. Basically the concept is this:
Session info is stored in a text file on your server (usually above the root dir in a folder called tmp or something on a shared server). PHP is so awesome, you don't even have to worry about reading/writing the file, you simply call session_start() at the beginning every page, and then assign values by doing:
PHP will automatically assign a session id, and store this in a cookie, or pass it through the URL if cookies are not enabled.
Posted: Fri Jun 30, 2006 12:40 am
by Luke
you should make your contact page validate information before sending it. It would also be nice to get some sort of confirmation. Not confirming that the message has been sent is VERY confusing to some people. They don't know if it was sent or not. If you aren't validating the information being sent with your form, you are in danger of
mail header injection. This is a big deal. Even very small sites are often exploited to send SPAM in this way. I would take care of that ASAP. That is all I have for you though. Site looks nice other than being too dark.