nyxIn Gallery Manager v1.01 - Requesting Feedback & Testers

Coding Critique is the place to post source code for peer review by other members of DevNetwork. Any kind of code can be posted. Code posted does not have to be limited to PHP. All members are invited to contribute constructive criticism with the goal of improving the code. Posted code should include some background information about it and what areas you specifically would like help with.

Popular code excerpts may be moved to "Code Snippets" by the moderators.

Moderator: General Moderators

Post Reply
nine7ySix
Forum Newbie
Posts: 3
Joined: Fri Jan 27, 2012 3:27 am

nyxIn Gallery Manager v1.01 - Requesting Feedback & Testers

Post by nine7ySix »

Latest Version: 1.01

nyxIn a gallery manager designed to integrate into your existing environment instead of being a site on its own.
It makes use of the php require function in order to blend into the user's website.

It is initiated by placing

Code: Select all

<?php require("nyxIn/index.php"); ?>
into the content <div>, or wherever the user wants the gallery to appear.

Changelog
v1.01
- Changed all mysql_ functions to mysqli functions
- Used bcrypt to encrypt user passwords
- Escapes all data

v1.00
- First stable version of nyxIn released

Requirements
- PHP w/ SESSIONS started
- An active MySQL connection

Features
- Extremely easy set up
- Blends right into your website (uses your existing CSS)
- Auto thumbnail creation
- Custom number of columns
- Ability to change thumbnails
- Simple menus
- Easy gallery management
- Password lock galleries
- Batch moving of images

I was hoping to get feedback on this project and intend to continue updating it.
I have the code posted on my website at fuzzicode.com.
I have also uploaded several screenshots.

The page containing the script is http://fuzzicode.com/scripts/nyxIn.

All comments, questions, compliments, suggestions are appreciated.

Thanks!
Last edited by nine7ySix on Fri Jan 27, 2012 10:38 am, edited 2 times in total.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: nyxIn Gallery Manager v1.00 - Requesting Feedback

Post by Celauran »

I poked through the code quickly and noticed a few things I feel warrant attention:
You're using old mysql_ functions rather than mysqli or PDO
I spotted a number of unescaped queries.
You're using md5 to hash passwords.
nine7ySix
Forum Newbie
Posts: 3
Joined: Fri Jan 27, 2012 3:27 am

Re: nyxIn Gallery Manager v1.00 - Requesting Feedback

Post by nine7ySix »

Celauran wrote:I poked through the code quickly and noticed a few things I feel warrant attention:
You're using old mysql_ functions rather than mysqli or PDO
I spotted a number of unescaped queries.
You're using md5 to hash passwords.
Version 1.00 is basically a first "working" version of nyxIn.

I am too used to mysql_ functions, but I'll start changing them to mysqli functions.

Also, I was using md5 temporarily, what should be a better way of storing passwords?
I was thinking of salting passwords, then hashing them.

Thanks for your reply though, I really appreciate it.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: nyxIn Gallery Manager v1.00 - Requesting Feedback

Post by Celauran »

nine7ySix wrote:Also, I was using md5 temporarily, what should be a better way of storing passwords?
I was thinking of salting passwords, then hashing them.
use bcrypt()
nine7ySix
Forum Newbie
Posts: 3
Joined: Fri Jan 27, 2012 3:27 am

Re: nyxIn Gallery Manager v1.00 - Requesting Feedback

Post by nine7ySix »

Celauran wrote:
nine7ySix wrote:Also, I was using md5 temporarily, what should be a better way of storing passwords?
I was thinking of salting passwords, then hashing them.
use bcrypt()
Hey, I just updated it.
If you have the time, could I trouble you to test it?
If you don't want to, it's fine.

Thanks
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: nyxIn Gallery Manager v1.01 - Requesting Feedback & Test

Post by Celauran »

Comments as I'm installing it:

1. Get rid of the .DS_Store files in the download package.

2. Entering the admin password on the install page should use input type="password"
2b. Might want to make a password_confirm field

3. The install page prompts me for 'MySQLi Variable' with no explanation as to what this might mean or how it is to be used. Consider providing a default value. EDIT: Actually, see #5 below.

4. Continuing with the install, I get the following error:

Code: Select all

Warning: fopen(nyxIn/vars.php): failed to open stream: Permission denied in /var/www/sandbox/nyxIn/install.php on line 67
There's no mention in the README file that Apache requires write permission.

5. After adding write permission to /nyxIn, vars.php is created. Now I get this error:

Code: Select all

Notice: Undefined variable: mysqli in /var/www/sandbox/nyxIn/vars.php on line 3
This from using the $mysqli you suggested in #3 above. Poking through the code, I realize that you want the variable I use for my pre-existing MySQLi object. This is potentially a huge problem. Establish your own DB connection.

6. I finally seem to have it installed properly. Now I realize that I can login as admin with only the username. It accepts any password, including none at all. Turns out nyxCrypt() returns the exact same string regardless of the input passed to it, which is also what's stored in the DB as my password despite my having entered something entirely different during install.

I'm heading off to lunch now, but hopefully the above was of some help.
Post Reply