dannyluked Posted December 22, 2009 Share Posted December 22, 2009 Hi, I have recentley made a forum! Please test it, and tell me how it looks on your browser. I'm not too bothered about the code for the moment just functionality, looks and usability. Test with; Username: test passowrd: test My forum is here: http://dannyluked.comze.com/forum Please only comment on the forum as I have another thread to comment on the rest of the site...here Quote Link to comment https://forums.phpfreaks.com/topic/186049-please-view-my-forum/ Share on other sites More sharing options...
corrupshun Posted December 23, 2009 Share Posted December 23, 2009 looks like it works well but the only problem i had was the size of the forum, kinda small. or is that the way you wanted it? Quote Link to comment https://forums.phpfreaks.com/topic/186049-please-view-my-forum/#findComment-983093 Share on other sites More sharing options...
dannyluked Posted December 23, 2009 Author Share Posted December 23, 2009 The way I wanted, sortof! I could have made it wider but I wanted it to be inside the site rather than attached (I wanted to keep the lefta nd right of the site) Thanks for the comment... Quote Link to comment https://forums.phpfreaks.com/topic/186049-please-view-my-forum/#findComment-983112 Share on other sites More sharing options...
Adam Posted December 23, 2009 Share Posted December 23, 2009 Not keen on the look, too small and basic -- looks like it would be awkward to use on a regular basis. The white pages that appear after you've done something like make a post are really.. unattractive. When you modify a post especially you're left with no link forward, and you have to click the back button twice in order to get back to the topic or even a link to the board index. Functionality wise it has all the necessities but lacks any of the more "miscellaneous" features such as formatting, attachments, notifications(?), etc, etc. You should also perhaps try to think of something unique you can add to your forum that would grab some attention - depending on what kind project this is for you. The navigation I found is quite bizarre. The forum link (although active) should still be clickable. People will probably more often than not spot that link hoping to take them back to the board index, before the actual 'board index' breadcrumb or the "Forum" link right below it (which seems odd to extend the menu down for just one link), and get frustrated if it isn't actually a link. I also couldn't find the 'modify profile' section easily. I was expecting it to be somewhere within the forum tab, as it's a forum profile, but instead was hidden away in the members page as a barely noticeable link in the top right. Not a bad effort though, just needs work. Quote Link to comment https://forums.phpfreaks.com/topic/186049-please-view-my-forum/#findComment-983113 Share on other sites More sharing options...
dannyluked Posted December 23, 2009 Author Share Posted December 23, 2009 Thanks for the good 'review'. I am next goint to be looking at introducing BBcode. This would make the forum a lot better but when looking for info about bbcode I am struggling to find some help!. I will add another profile button on the forum page right away! The forum is mainly to practice my PHP but if good enough I may use it if I go into PHP when I'm older! It is ment to be simple so that when implemented on someones site (e.g. client...) they will be able to use it even with basic computer knowledge. If they did want a complicated forum I would just install one!! I am not 100% keen on the white page messages but I dont like forwarding users straight to a page. I feel it is like someone is controlling you! Thanks for the comment again!! Quote Link to comment https://forums.phpfreaks.com/topic/186049-please-view-my-forum/#findComment-983215 Share on other sites More sharing options...
dannyluked Posted January 3, 2010 Author Share Posted January 3, 2010 UPDATE: I have now changed the navigation accordingly and I have added formatting. Please continue to review and update me on any thoughts. BBcode is now enabled also Quote Link to comment https://forums.phpfreaks.com/topic/186049-please-view-my-forum/#findComment-987707 Share on other sites More sharing options...
corrupshun Posted January 5, 2010 Share Posted January 5, 2010 alright, one thing i should say is that you should not put the ip address in the <input hidden> option, because people could edit this and pretend.. (although i didn't see the code, i just assume) oh also: the BBcode, looks good, i can't seem to xss it but i can make it looked fucked up (just a little) http://dannyluked.comze.com/forum/view_topic.php?id=38 edit: I REALLY fucked it up [img=http://'/><img src='http://dannyluked.comze.com/inc/img/Bottom.png' height='9000' width='9000] put that in it Quote Link to comment https://forums.phpfreaks.com/topic/186049-please-view-my-forum/#findComment-988573 Share on other sites More sharing options...
corrupshun Posted January 5, 2010 Share Posted January 5, 2010 sorry for double posting but couldn't find modify anymore.. So yeah i found XSS [img=http://dannyluked.comze.com/inc/img/Bottom.png' border='20' onClick=javascript:alert('XSS') width='200] Quote Link to comment https://forums.phpfreaks.com/topic/186049-please-view-my-forum/#findComment-988575 Share on other sites More sharing options...
dannyluked Posted January 5, 2010 Author Share Posted January 5, 2010 sorry for double posting but couldn't find modify anymore.. So yeah i found XSS [img=http://dannyluked.comze.com/inc/img/Bottom.png' border='20' onClick=javascript:alert('XSS') width='200] Hi, Thanks for testing. I was just wondering if you could ellaborat more on the above post! I think I have stopped the onclick functon along with some others! Quote Link to comment https://forums.phpfreaks.com/topic/186049-please-view-my-forum/#findComment-988714 Share on other sites More sharing options...
Adam Posted January 5, 2010 Share Posted January 5, 2010 He means that your BB code parser allows users to 'inject' JavaScript through the 'onclick' attribute (most likely all other event attributes too); you need to filter any XSS attempts like these out. Quote Link to comment https://forums.phpfreaks.com/topic/186049-please-view-my-forum/#findComment-988721 Share on other sites More sharing options...
corrupshun Posted January 5, 2010 Share Posted January 5, 2010 to add to MrAdam, if a random visitor was to put that in the post box, they could inject javascript into the code, they could also add more css elements to completely destroy the page. i would make it so that the user cannot type a ' in the [/img] code also filter onclick, onblur, onload, onunload, onchange, onsubmit, onmouseover, and onmouseout Quote Link to comment https://forums.phpfreaks.com/topic/186049-please-view-my-forum/#findComment-988797 Share on other sites More sharing options...
dannyluked Posted January 5, 2010 Author Share Posted January 5, 2010 to add to MrAdam, if a random visitor was to put that in the post box, they could inject javascript into the code, they could also add more css elements to completely destroy the page. i would make it so that the user cannot type a ' in the [/img] code also filter onclick, onblur, onload, onunload, onchange, onsubmit, onmouseover, and onmouseout Thanks for the reply but I cant filter ' because some websites contain the (i think!) Is there anything else I need to filter apart from the ones mentioned? Quote Link to comment https://forums.phpfreaks.com/topic/186049-please-view-my-forum/#findComment-988825 Share on other sites More sharing options...
corrupshun Posted January 5, 2010 Share Posted January 5, 2010 websites do not have ' in the url it's not allowed Quote Link to comment https://forums.phpfreaks.com/topic/186049-please-view-my-forum/#findComment-989201 Share on other sites More sharing options...
Adam Posted January 5, 2010 Share Posted January 5, 2010 websites do not have ' in the url it's not allowed Technically file names can contain a ', however it's highly unlikely you'll ever come across it. Is there anything else I need to filter apart from the ones mentioned? Personally I'd think about the parameters that are allowed, as opposed to which you need to filter out. Quote Link to comment https://forums.phpfreaks.com/topic/186049-please-view-my-forum/#findComment-989236 Share on other sites More sharing options...
corrupshun Posted January 6, 2010 Share Posted January 6, 2010 Personally I'd think about the parameters that are allowed, as opposed to which you need to filter out. Exactly. Quote Link to comment https://forums.phpfreaks.com/topic/186049-please-view-my-forum/#findComment-989633 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.