Page 1 of 1

Do you like my website ?

Posted: Sat Mar 24, 2012 2:51 pm
by daniellematy
Hey, iv recently made a image hosting website http://www.picwizz.com

Its really simple and you can host pictures to forums, ebay etc

Please give me feedback and start using it :P

Re: Do you like my website ?

Posted: Sun Mar 25, 2012 4:23 pm
by social_experiment
You should create a landing page explaining a bit more about the site and it's uses. If you didn't explain it's purpose i wouldn't have know what it was for; displays ok in IE9

Re: Do you like my website ?

Posted: Mon Mar 26, 2012 3:07 pm
by AbraCadaver
I only looked at the main page, but you should check all pages:

http://validator.w3.org/check?uri=http% ... ne&group=0

Re: Do you like my website ?

Posted: Fri Mar 30, 2012 4:25 pm
by greyhoundcode
Once a file is selected it is almost impossible to see the filename in the file input area.

The background is white #ffffff and the color is #f4f7fb ... could you increase the contrast a little? First time round I thought I had made a mistake and clicked Cancel instead of Open on the file requester.

Re: Do you like my website ?

Posted: Fri Mar 30, 2012 4:30 pm
by daniellematy
ok, thanks ill change that now :)

Re: Do you like my website ?

Posted: Sat Mar 31, 2012 10:44 am
by lisarose90
its a wonderful website i really like your website. thanks for share

Re: Do you like my website ?

Posted: Sat Mar 31, 2012 10:58 am
by daniellematy
thank you, glad you like it :D

Re: Do you like my website ?

Posted: Sun Apr 01, 2012 1:25 pm
by Bubi
There are a few coding issues I ran across:
First, you can upload any file, and the file check runs AFTER you uploaded the file. Check the file extension before starting uploading. That'll save you bandwidth.
Also, if going to http://www.picwizz.com/uploaded directly,

Code: Select all

Notice: Undefined index: file in /home/daniel/public_html/uploaded.php on line 34
Check if there was a file uploaded, and if not, redirect to index.php

My respect for the ambitious plan never to delete a file, and for no size limit.

Re: Do you like my website ?

Posted: Sun Apr 01, 2012 1:31 pm
by daniellematy
Yeah I have been Workington on these issues today. Try now I think I have sorted everything out :)

Re: Do you like my website ?

Posted: Sun Apr 01, 2012 4:04 pm
by Bubi
You write on your page there is no limit, but your script times out after around 10 seconds. For uploading files you may increase that time limit - 10 seconds with a 1mbps upload rate are around 1MB, which is easily exceeded even with smartphone cameras. Increase the max_execution_time in your php preferences.
Additionally, I'd would set a file size limit nevertheless, people could upload illegal software, just with renaming the ending to jpg...

Which gets me to another point: Error Handling

#1:
If you upload a simple binary file it gets uploaded, and checked afterwards. A simple check like:

Code: Select all

$allowed_filext = array(".gif", ".jpg", ".png", "jpeg");
$filext = substr($path, -4 );

If (in_array($filext, $allowed_filext)) {
{
//do your file uploading
}
else
{
//here comes your error, like "Your image has no .gif, .jpg, .png or .jpeg ending"
}
assuming $path as the to-be-uploaded-filepath; would check if the extension matches the predefined ones.

#2:
If you upload a file which isn't a picture (but has a gif/jpg/png/jpeg ending), you get loads of error messages.
If the upload is done, check if the uploaded file is a valid image. If not, print an error message, and delete the file.


php.net is always an interesting read:
http://us2.php.net/manual/en/features.f ... method.php
http://us2.php.net/manual/en/features.f ... tfalls.php

Re: Do you like my website ?

Posted: Sun Apr 01, 2012 4:10 pm
by daniellematy
thanks but people can upload files with .jpg on the end. Iv added code which will check for that. Also it doesnt time out after 10 seconds. iv upload mutliple pictures at once and it uploads fine. i will change the time out limit in the php.ini file , and also change the size limit :)

Re: Do you like my website ?

Posted: Sun Apr 01, 2012 4:13 pm
by social_experiment
Just a word on file extension checking: just because it says .gif doesn't mean it's a .gif; rather go for a MIME type check. Have a look at these two urls for a better understanding
http://www.scanit.be/uploads/php-file-upload.pdf
viewtopic.php?f=34&t=125329&hilit=+File+uploads
You mention only .jpg extensions are valid; so enforce it: create a new file name and add the extension yourself

Re: Do you like my website ?

Posted: Mon Apr 09, 2012 4:29 pm
by greyhoundcode
If someone accidentally uploads a file that isn't really an image file (but does have a file extension such as .jpg) then a number of errors occur and are displayed, exposing some amount of information about your server's directory structure, etc. Generally speaking it's a good idea to turn off the display of errors, at least in a "live" environment.

Re: Do you like my website ?

Posted: Fri Apr 13, 2012 5:08 am
by daniellematy
thank you :)