Beta testing a web site!

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
User avatar
emperor
Forum Newbie
Posts: 16
Joined: Tue Mar 02, 2004 11:20 am
Location: UK

Beta testing a web site!

Post by emperor »

I don't know whether this is the right place to post this, but I have been building a site for a friend which I have put on my own web space for beta testing. I need people who know how PHP & MySQL work to take a look and try to hack/break the site, to find bugs or security holes.

It can be found at http://www.coldknife.net/imitationoflife and it is supposed to be a site where people can buy & sell art and photography, but I have filled it with pictures of hot celebrity girls for testing purposes (I had no real art, it's the best I could do) so at least there will be some reward for your efforts.

Please direct any issues/suggestions regarding the site to me at anbolb@boltblue.com - anything at all, whether it's script errors, poorly rendered CSS or anything anything ANYTHING!!

Thanks guys!
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Despite what you said, I'm gonna post my thoughts here. Posting them publicly will help the best solution flesh out.

Keep in mind that all this stuff is in my opinion, not set in stone

First off, very clean style. I'm interested, is it CSS standard compliant?

When resized correctly, 'Imitation of Life' is broken up weird. 'Life' goes to a new line, 'of' goes right over to the right, and 'Imitation' stays on the left. My guess is you need to left justify the text, not spread it out newspaper style.

Also, try and move your GET vars into POST. It will require moving your links to buttons, but that can be hidden just fine with CSS and images.

Speaking of CSS - I'd recommend changing the look of your 'Search' button. It seems kind of drab and out of place in the midst of all that nice style.

When signing up, you don't say explicitely which fields are required. It would probably be best to put a red star or a note beside those fields that are necessary. Also, some users get annoyed when required to give too much personal info - such as town/city, country, postal code (note postal, not post). I can understand you'd want this for billing and mailing and the sort, but I personally wouldn't make that a requirement of sign up.

I can't go into it much more (I'm at work ;) ). It seems like a nice and clean site thought - good job.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
ol4pr0
Forum Regular
Posts: 926
Joined: Thu Jan 08, 2004 11:22 am
Location: ecuador

Post by ol4pr0 »

Resized problem: Not on my IE browser or my Netscape browser
pickle wrote: When signing up, you don't say explicitely which fields are required
Agree there tho ;-)
d3ad1ysp0rk
Forum Donator
Posts: 1661
Joined: Mon Oct 20, 2003 8:31 pm
Location: Maine, USA

Post by d3ad1ysp0rk »

<br />
<b>Warning</b>: mysql_result(): Unable to jump to row 0 on MySQL result index 5 in <b>/home/emperor/functions/account_functions.php</b> on line <b>28</b><br />
once registered
User avatar
redhair
Forum Contributor
Posts: 300
Joined: Fri May 30, 2003 4:36 pm
Location: 53.23N-6.57E
Contact:

Post by redhair »

LiLpunkSkateR wrote:
<br />
<b>Warning</b>: mysql_result(): Unable to jump to row 0 on MySQL result index 5 in <b>/home/emperor/functions/account_functions.php</b> on line <b>28</b><br />
once registered
ooooeee :!: Big nono...
User avatar
emperor
Forum Newbie
Posts: 16
Joined: Tue Mar 02, 2004 11:20 am
Location: UK

Post by emperor »

Thanks for the input guys, I have fixed the script error! Re the JavaScript form validation, I actually wrote the PHP validation first before putting JavaScripts in to do it, so it's fairly secure. As for query strings, I have tried to keep a lot of stuff hidden in POSTs but due to the "back" links and a few other things, I have had to leave some stuff in.

I'm going to work on the account page so that an address is optional when first joining. Thanks again for your help!
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Ok, I give up. How'd you do it? I'm trying to duplicate the effect you create with the imitationoflife logo floating overtop the stretching lake image. I've managed to get the image to stretch, but I can't for the life of me, get another image to be placed on top of it. Feel like sharing?

Update: I've managed to put the logo in the same space as the background image, but I can't put the logo overtop of the background image. I've changed the order of the image tag entry, as well as goofed with the z-index. I looked at your CSS but I can't figure out how it works for you.

Update 2: Thanks to my typo fixing - I've managed to figure it out. I realize I'm kind of talking to myself here (as no one has posted in between the three times I've edited this post), but thanks for the inspiration anyway!
Last edited by pickle on Thu Mar 11, 2004 3:48 pm, edited 1 time in total.
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

seems like it's not vulnerable to basic traversals and sql injection attacks. Though vulnerable to simple login - password enumeration. The message in case of wrong password should not be distinct from message in case of wrong email.
I haven't all necessary tools now to check if your app can be fooled somehow by changing the hidden fields, cookies, browser info etc.
Post Reply