AStrangerWCandy Posted October 14, 2009 Share Posted October 14, 2009 Link: http://www.thebuddyfolder.com Basically it's a social networking site coded in PHP with help from these forums Rather then what MySpace/Facebook do, which is connecting users by real life times, Buddy Folder allows users to list the usernames they use in MMORPGs, Instant Messengers, Skype, Forums etc... and then allows others to search and friend them based on that info. Tested mainly in IE8 and Chrome. Would definitely appreciate any feedback. Especially those of you who create profiles and mess around with features. PHPFreaks is available to list your username under the communities section to get you started Link to comment https://forums.phpfreaks.com/topic/177697-check-out-my-social-networking-site/ Share on other sites More sharing options...
Coreye Posted October 14, 2009 Share Posted October 14, 2009 Cross Site Scripting (XSS): You can submit "code in the user variable for profiles. http://www.thebuddyfolder.com/profile.php?user="><marquee><h1>test Cross Site Scripting (XSS): You can submit ">code when adding picture captions. http://www.thebuddyfolder.com/viewgallery.php?user=testing&cid=30&pid=34 SQL Error when sending PMs that include a '. Could not send the message: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\'','0')' at line 1 You can view profiles don't exist: http://www.thebuddyfolder.com/profile.php?user=1gygahjgajhgu615gajhg The pagination for search doesn't work. It doesn't keep the search variable in the URL. Link to comment https://forums.phpfreaks.com/topic/177697-check-out-my-social-networking-site/#findComment-936980 Share on other sites More sharing options...
AStrangerWCandy Posted October 14, 2009 Author Share Posted October 14, 2009 Good catches, tyvm Don't think they should be too hard to correct Link to comment https://forums.phpfreaks.com/topic/177697-check-out-my-social-networking-site/#findComment-936986 Share on other sites More sharing options...
AStrangerWCandy Posted October 14, 2009 Author Share Posted October 14, 2009 Coreye was that including a ' in the subject or in the body or both on the PM error? Link to comment https://forums.phpfreaks.com/topic/177697-check-out-my-social-networking-site/#findComment-936994 Share on other sites More sharing options...
Coreye Posted October 14, 2009 Share Posted October 14, 2009 Coreye was that including a ' in the subject or in the body or both on the PM error? Just the the title. Cross Site Scripting (XSS): You can submit ">code when creating a photo category. Link to comment https://forums.phpfreaks.com/topic/177697-check-out-my-social-networking-site/#findComment-936996 Share on other sites More sharing options...
AStrangerWCandy Posted October 15, 2009 Author Share Posted October 15, 2009 Hey Coreye I think I have allllll of those fixed If you have time could you give it a once over again? Link to comment https://forums.phpfreaks.com/topic/177697-check-out-my-social-networking-site/#findComment-937222 Share on other sites More sharing options...
Coreye Posted October 15, 2009 Share Posted October 15, 2009 Cross Site Scripting (XSS): http://www.thebuddyfolder.com/search.php?go=search&pageno=<h1>test Link to comment https://forums.phpfreaks.com/topic/177697-check-out-my-social-networking-site/#findComment-937244 Share on other sites More sharing options...
darkfreaks Posted November 16, 2009 Share Posted November 16, 2009 Just a suggestion to the OP but you could upgrade to Red hat Server Edition 5 which comes standard with SSL 3.0 and PHP 5.6 which is more up to date. if you don't have access to the servers , try contacting your web host see if they have a package or upgrade plan which includes an updated version of red hat. also some of the files in /polls have blind SQL injection in them when you have super global variables like script_uri/php_self etc please make sure you filter them with htmlspecialchars() Link to comment https://forums.phpfreaks.com/topic/177697-check-out-my-social-networking-site/#findComment-958253 Share on other sites More sharing options...
johnsmith Posted December 2, 2009 Share Posted December 2, 2009 I did make a social networking site like yours here sim so dep But after 2 months, hackers got my server and make everything mess up. finally i decided to close it and use myspace as well. Link to comment https://forums.phpfreaks.com/topic/177697-check-out-my-social-networking-site/#findComment-969577 Share on other sites More sharing options...
Adam Posted December 14, 2009 Share Posted December 14, 2009 Getting a 404 error. Link to comment https://forums.phpfreaks.com/topic/177697-check-out-my-social-networking-site/#findComment-977349 Share on other sites More sharing options...
Orionsbelter Posted April 13, 2010 Share Posted April 13, 2010 Same Link to comment https://forums.phpfreaks.com/topic/177697-check-out-my-social-networking-site/#findComment-1041218 Share on other sites More sharing options...
Recommended Posts