Page 1 of 2

Finally done - completely DONE!

Posted: Wed Apr 05, 2006 4:01 pm
by Luke
I know I've shown this site a hundred times, but it's been a long process (lots of back-end admin stuff you don't see on the site). It's finally done. What do you all think?

http://goldnuggetmuseum.com/

Posted: Wed Apr 05, 2006 4:04 pm
by redmonkey
I'm loving the minimalistic approach.

Presumably there is supposed to be more on the page other than 'Coming Soon'?

Posted: Wed Apr 05, 2006 4:09 pm
by Ree
:lol:

Posted: Wed Apr 05, 2006 4:12 pm
by RobertGonzalez
Dude, I'm hiring you to do my next design project. There is NO way that I could ever do what you did there... :wink:

Posted: Wed Apr 05, 2006 4:24 pm
by Luke
haha :D

Posted: Wed Apr 05, 2006 4:24 pm
by patrikG
Beautiful, plus it's 100% standards compliant: http://validator.w3.org/check?uri=http% ... eum.com%2F

Posted: Wed Apr 05, 2006 5:54 pm
by hawleyjr
Out of curiosity why did you send the form warning messages through GET?

like this

Posted: Wed Apr 05, 2006 6:08 pm
by Luke
you know, I'm not really sure. Should have just send $msg=error and then had it do an if $msg == erre then post "this error message" but oh well.,

Posted: Wed Apr 05, 2006 6:11 pm
by hawleyjr
Good job on the site nonetheless.

BTW, the reason I asked is because I had a client who's site did the same and they hired be because someone sent them an email with a screenshot where someone changed the text in query string to be more of a hate message.. 8O

Posted: Wed Apr 05, 2006 6:22 pm
by redmonkey
The Ninja Space Goat wrote:you know, I'm not really sure. Should have just send $msg=error and then had it do an if $msg == erre then post "this error message" but oh well.,
Yeah especially when you don't seem to be filtering what you're displaying...

example

I didn't try to see what other nonsense I could get up to.

Also, maybe it's just me that's seeing a (more or less) blank page with 'Coming Soon' on it when I hit http://goldnuggetmuseum.com/ ? from another browser I get a blank page with two question marks which acheives nothing other than adding to the intrigue.

http://goldnuggetmuseum.com/index.php on the other hand works as intended.

Posted: Wed Apr 05, 2006 6:44 pm
by RobertGonzalez
Wowsers, there is a site there! When I went to the URL it was a blank coming soon page (I bet that was an index.html placeholder still in place...). Anyway, now I see the site.

Posted: Wed Apr 05, 2006 6:47 pm
by patrikG
the way it is, you've left the door to XSS wide, wide open - example, Session hijacking is another issue you should concern yourself with, along with SQL-injection.

This site is asking to be cracked if you don't filter anything coming from the outside (i.e. HTTP-requests: $_POST, $_GET, $_REQUEST) - for some background, read http://www.sitepoint.com/blogs/2004/03/ ... strangers/
http://www.sitepoint.com/article/php-security-blunders
http://www.sitepoint.com/article/sql-in ... tacks-safe

Handing this site over to the client as is would be very, very bad practice and, imho, irresponsible.

Re: Finally done - completely DONE!

Posted: Wed Apr 05, 2006 6:50 pm
by RobertGonzalez
The Ninja Space Goat wrote:I know I've shown this site a hundred times, but it's been a long process (lots of back-end admin stuff you don't see on the site). It's finally done. What do you all think?

http://goldnuggetmuseum.com/
Hey Ninja, just so you know, when you visit the link above the page shown is made up of the following code...

Code: Select all

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
 <head>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
  <title>Paradise Gold Nugget Museum - Coming Soon!</title>
  <link href="style.css" rel="stylesheet" type="text/css" />
 </head>
 <body style="margin: 0; padding: 0;">
  <div style="padding: 75px"><img src="comingsoon.gif" alt="" /></div>

  <div style="border-top: 2px solid black;border-bottom: 2px solid black; height: 204px; padding-left: 100px;"><img src="main.jpg" alt="Coming Soon" /></div>
 </body>
</html>
The site loads fine when you use http://goldnuggetmuseum.com/index.php. Do you have an index.html file on the server?

Posted: Wed Apr 05, 2006 6:57 pm
by RobertGonzalez
Another thing. You really should lock down your administration folder. It looks nice though 8). But it should probably be behind a password protected form of some sort.

EDIT: Sorry, maybe that was just your tinyMCE implementation test. Still looks nice.

Posted: Wed Apr 05, 2006 7:02 pm
by patrikG
regarding the administration folder: put it behind HTTP-Authentication - easy and secure. As everah said, I didn't even have to log in... 8O