Friendr Posted June 23, 2011 Share Posted June 23, 2011 Hi everybody, We recently launched our new website http://www.friendr.co.uk and we're after some feedback from the web savvy, We appreciate any comments, even the negative! Thanks all! Quote Link to comment Share on other sites More sharing options...
PaulTheProgrammer Posted June 23, 2011 Share Posted June 23, 2011 Nice look but a HUGE flaw. You use an e-mail actiavation system to prevent spam users. I or anyone with a small amount of knowledge can create a tiny script that will create millions of fake users. At the momment you do this; Sign up page or box -> fill details in -> validate and submit -> send e-mail -> Wait for user to click link in e-mail -> everything works But the way you do it is really really bad. For example; I signed up with email@email.com and managed to active my account with http://www.friendr.co.uk/activateuser.php?email=email@email.com You need checksums to stop it. If you require a demo then I'll happily help. All the best PaulTheProgrammer Quote Link to comment Share on other sites More sharing options...
Friendr Posted June 23, 2011 Author Share Posted June 23, 2011 Ahh thanks for pointing that out Paul, I was a bit skeptical when building the email activation in all honesty as im still learning php and was unsure on what best practices there are. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.