7 Replies - 3509 Views - Last Post: 30 September 2012 - 01:44 PM

#1 adn258  Icon User is offline

  • D.I.C Addict

Reputation: 11
  • View blog
  • Posts: 753
  • Joined: 31-August 11

Suggestions For My Site And My Idea?

Posted 26 September 2012 - 01:05 AM

So here was my idea I'm finally telling people on my site http://www.reviewsomeone.com

I have coded everything thus far myself and I'd like to think since I don't have any PHP experience up until I started this about a month ago, and I had very little javascript experience etc. only experience with software programming I feel I'm at least learning something.

There are sites that allow you to rate business, professors, Medical doctors etc...I was thinking people love to talk about people (like it or not) what about a site to review and comment on ANYONE. Your Ex GF that you're mad at, your boss etc. etc.

So I created this site with that idea. The pages have only been up about 5 days and I've only added a few people for testing mostly. Anyone can add anyone it still needs a lot of work. In any case the site does work it appears and all that jazz but I'd LOVE your opnions?

Do you think this is a good idea? What can be done to not only improve the site but the idea? I was also thinking of adding a forum to the site which would be separate registration using something like PHPBB which would allow users to rant and chat. Is this a good idea even though it was not the core idea of my site? Any thoughts are welcome? Thanks guys you are always awesome.

Is This A Good Question/Topic? 0
  • +

Replies To: Suggestions For My Site And My Idea?

#2 raghav.naganathan  Icon User is offline

  • Perfectly Squared ;)
  • member icon

Reputation: 408
  • View blog
  • Posts: 1,440
  • Joined: 14-September 12

Re: Suggestions For My Site And My Idea?

Posted 26 September 2012 - 02:26 AM

View Postadn258, on 26 September 2012 - 01:35 PM, said:

So here was my idea I'm finally telling people on my site http://www.reviewsomeone.com

I have coded everything thus far myself and I'd like to think since I don't have any PHP experience up until I started this about a month ago, and I had very little javascript experience etc. only experience with software programming I feel I'm at least learning something.

There are sites that allow you to rate business, professors, Medical doctors etc...I was thinking people love to talk about people (like it or not) what about a site to review and comment on ANYONE. Your Ex GF that you're mad at, your boss etc. etc.

So I created this site with that idea. The pages have only been up about 5 days and I've only added a few people for testing mostly. Anyone can add anyone it still needs a lot of work. In any case the site does work it appears and all that jazz but I'd LOVE your opnions?

Do you think this is a good idea? What can be done to not only improve the site but the idea? I was also thinking of adding a forum to the site which would be separate registration using something like PHPBB which would allow users to rant and chat. Is this a good idea even though it was not the core idea of my site? Any thoughts are welcome? Thanks guys you are always awesome.


First of all, congrats on creating this page successfully. Considering the part where you said you have very little knowledge of PHP, I guess you got to be commended for the brilliant work that you have done coz it sure is not easy to create a website without having much knowledge about PHP and probably ASP.Net.

Here are a few suggestions I would like to give you.

1.I noticed that in the main page, along with user login and password, there is no separate link for new user registration(although it is present in one of the tabs present above). It would be good form practice to actually give the link for new registration in the place of user login and password so that it is more user friendly and users need not have the necessity to search for the registration.

2.Make sure you guard against SQL injection by using parameterised queries in your code and not inline SQL for your database.

Well, apart from this, a really good job done. Congratz :)

regards,
Raghav
Was This Post Helpful? 1
  • +
  • -

#3 adn258  Icon User is offline

  • D.I.C Addict

Reputation: 11
  • View blog
  • Posts: 753
  • Joined: 31-August 11

Re: Suggestions For My Site And My Idea?

Posted 26 September 2012 - 11:01 AM

I really appreciate your support raghav. Do you think adding a forum might be a good idea?
Was This Post Helpful? 0
  • +
  • -

#4 raghav.naganathan  Icon User is offline

  • Perfectly Squared ;)
  • member icon

Reputation: 408
  • View blog
  • Posts: 1,440
  • Joined: 14-September 12

Re: Suggestions For My Site And My Idea?

Posted 26 September 2012 - 09:22 PM

View Postadn258, on 26 September 2012 - 11:31 PM, said:

I really appreciate your support raghav. Do you think adding a forum might be a good idea?


Well, you could think of that as well. Although I wouldn't recommend it at the moment, you could implement it a bit later.

regards,
Raghav
Was This Post Helpful? 0
  • +
  • -

#5 Slice  Icon User is offline

  • sudo pacman -S moneyz


Reputation: 239
  • View blog
  • Posts: 693
  • Joined: 24-November 08

Re: Suggestions For My Site And My Idea?

Posted 29 September 2012 - 02:40 PM

A few things:

1) The links at the top change to bold when hovered, which then moves the entire line along (and sometimes onto a new line) which feels kind of buggy.
2) A captcha to login? Usually only used when registering user accounts to stop automated bots registering. If the user has successfully registered with the capture on registration, then they don't really need re-testing every time they log in.
3) When someone fails to log in, you use a $_GET for the error message. I can write anything I want on your home page then send someone that link, and they will think it's your site putting that there. (example)

Not too sure about the idea of the site either. Is it basically just to bitch about people, or can you say nice things about someone?
Was This Post Helpful? 1
  • +
  • -

#6 adn258  Icon User is offline

  • D.I.C Addict

Reputation: 11
  • View blog
  • Posts: 753
  • Joined: 31-August 11

Re: Suggestions For My Site And My Idea?

Posted 29 September 2012 - 10:37 PM

View PostSlice, on 29 September 2012 - 02:40 PM, said:

A few things:

1) The links at the top change to bold when hovered, which then moves the entire line along (and sometimes onto a new line) which feels kind of buggy.
2) A captcha to login? Usually only used when registering user accounts to stop automated bots registering. If the user has successfully registered with the capture on registration, then they don't really need re-testing every time they log in.
3) When someone fails to log in, you use a $_GET for the error message. I can write anything I want on your home page then send someone that link, and they will think it's your site putting that there. (example)

Not too sure about the idea of the site either. Is it basically just to bitch about people, or can you say nice things about someone?


First off yes people can write anything they want about someone nice or bad. Second I'm wondering why is that bad about the GET statement on the homepage? I'm aware people can do this but the get is secure with htmlentities to prevent XSS so who cares if someone can do that I'm not seeing where that is a security risk please do explain friend? THEN LET'S SAY I SHOULD CHANGE THAT!

How is the best way to relay error messages to users since I can't use post this way? I could just relay messages based on errors in the script used for the action but I don't like doing that (maybe I should anyway)? Advice Thanks man

This post has been edited by adn258: 29 September 2012 - 11:08 PM

Was This Post Helpful? 0
  • +
  • -

#7 Slice  Icon User is offline

  • sudo pacman -S moneyz


Reputation: 239
  • View blog
  • Posts: 693
  • Joined: 24-November 08

Re: Suggestions For My Site And My Idea?

Posted 30 September 2012 - 10:13 AM

When I'm dealing with errors in php, I normally use the session super array or a similar $_GET method.

Session array method:

<?php
session_start();

//some code that would produce an error
if($password != $confirmpassword)
{
    $_SESSION['errors'] = true;
    $_SESSION['error_message'] = "Both passwords need to match!";
}

if($_SESSION['errors'])
{
    header("location: index.php");//or somewhere to display error
    exit();
}
?>



Then on index.php
<?php
session_start();

if(isset($_SESSION['errors']))
{
    echo $_SESSION['error_message'];
}

//display rest of page code, message will appear at the top of the page

?>



Probably not the most elegant way of doing it, but it keeps all the error messaging in house.

$_GET method:

Using a $_GET variable like you did but not displaying anything from the URL.

say we have www.foo.com/bar.php?Msg=1

<?php

if(isset($_GET['Msg']))
{
    if($_GET['Msg'] == "1") // '1' can mean wrong user pass combo
    {
        echo "Your username or password is incorrect. Please try again.";
    }
    if($_GET['Msg'] == "2") // '2' can mean no permission
    {
        echo "Sorry, but you do not have permission to access this page.";
    }
}
?>



Now if someone were to manually type www.foo.com/bar.php?Msg=5, nothing would happen and there would be no error message displayed.

If you are escaping everything correctly then it shouldn't be a security risk in its current state. The main problem is that first impressions of a website are very important. A lot of your users won't understand how $_GET methods work, and will just assume that the huge red text will have been put there by the website owner rather than someone messing about sending it them in the link.

My main thought when making a website is that a user shouldn't be able to change anything unless I specifically want them to be able to do so.

Hope this helps :)
Was This Post Helpful? 1
  • +
  • -

#8 adn258  Icon User is offline

  • D.I.C Addict

Reputation: 11
  • View blog
  • Posts: 753
  • Joined: 31-August 11

Re: Suggestions For My Site And My Idea?

Posted 30 September 2012 - 01:44 PM

View PostSlice, on 30 September 2012 - 10:13 AM, said:

When I'm dealing with errors in php, I normally use the session super array or a similar $_GET method.

Session array method:

<?php
session_start();

//some code that would produce an error
if($password != $confirmpassword)
{
    $_SESSION['errors'] = true;
    $_SESSION['error_message'] = "Both passwords need to match!";
}

if($_SESSION['errors'])
{
    header("location: index.php");//or somewhere to display error
    exit();
}
?>



Then on index.php
<?php
session_start();

if(isset($_SESSION['errors']))
{
    echo $_SESSION['error_message'];
}

//display rest of page code, message will appear at the top of the page

?>



Probably not the most elegant way of doing it, but it keeps all the error messaging in house.

$_GET method:

Using a $_GET variable like you did but not displaying anything from the URL.

say we have www.foo.com/bar.php?Msg=1

<?php

if(isset($_GET['Msg']))
{
    if($_GET['Msg'] == "1") // '1' can mean wrong user pass combo
    {
        echo "Your username or password is incorrect. Please try again.";
    }
    if($_GET['Msg'] == "2") // '2' can mean no permission
    {
        echo "Sorry, but you do not have permission to access this page.";
    }
}
?>



Now if someone were to manually type www.foo.com/bar.php?Msg=5, nothing would happen and there would be no error message displayed.

If you are escaping everything correctly then it shouldn't be a security risk in its current state. The main problem is that first impressions of a website are very important. A lot of your users won't understand how $_GET methods work, and will just assume that the huge red text will have been put there by the website owner rather than someone messing about sending it them in the link.

My main thought when making a website is that a user shouldn't be able to change anything unless I specifically want them to be able to do so.

Hope this helps :)


Good suggestions and fair enough. I have use sessions a some places like you show above in my code for sure it's something I will probably work on changing.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1