Facebook - Clone

[jake2624]

I's was bored so decided to start a FB clone for learning purposes mostly check it out so far tell me what ya think .

 

http://facepalmz.comli.com

 

So far have upload photos, edit info, post on your own and others walls... more to come.

NOTE: All accounts will be automatically activated no need to email activate it quiet yet in time. (Done for convenience)

[RobertP]

first thing i noticed is that when i go to /profile.php and there is no id set, it should default to my id, example /profile.php?id=17

 

xss -> /profile.php?id=17

 

open directory http://facepalmz.comli.com/memberFiles/

 

http://facepalmz.comli.com/search.php not displaying anything

 

[Maq]

Do you have a test account?

[jake2624]

first thing i noticed is that when i go to /profile.php and there is no id set, it should default to my id, example /profile.php?id=17

 

xss -> /profile.php?id=17

 

open directory http://facepalmz.comli.com/memberFiles/

 

http://facepalmz.comli.com/search.php not displaying anything

 

There Fixed all of those problems, except search.php ? i dont get what u mean it doesn't work it works perfectly fine? if you dont enter anyone's name itl show random first 30 results... but if it doesn't have that name in database it wont show anyone in the results list.

[kicken]

Your account type field seems a bit pointless having only one value.

 

Your password field limitation (letters or numbers only, no spaces no symbols) is also rather silly.  There is no good reason to limit a person's password options.  All it does is drive your users nuts when they have to craft a new password to fit your rules.

 

The page you get after registering should use the same template as the home page, and provide some links to get back to the home page or to a login screen.

 

You have 'Freinds' in multiple places.  The proper spelling is 'Friends'

 

Your site relies on JS more than it really needs too, such as your redirect after editing info:

<script type="text/javascript">
<!--
window.location = "info.php?id=18"
//-->
</script>

 

There's no need to use JS for that.  A header() redirect or meta tag would work better.

 

Your wall posts seem to be filtered for xss only after they are posted.  Click the wall link on the side to reload the page (or view the page as a visitor) and there is no filtering and xss is possible.  http://facepalmz.comli.com/profile.php?id=18 click the Click me! link.

 

Your search should show something indicating no results when nothing is found, not just a blank page.  Blank page usually makes people think it's broken.  Also, put it in the same template.

 

Trying to pull up a profile for a non-existent member should show some kind of an error page, not a profile page with missing info:

/info.php?id=393747

/profile.php?id=393747

/photos.php?id=393747 - Results in PHP error messages, disclosing information about your server.

 

[maddigger00009]

cool Facebook copy you need games

[ZulfadlyAshBurn]

Warning: mkdir() [function.mkdir]: File exists in /home/a9900645/public_html/join_form.php on line 52

 

There's an error while making dir

[cosmic_sniper]

It seems that you designed your page for widescreen display. Though relatively few, there are still square monitors (like the one I'm using now). For such sites user experience should be put in the core of the design (I've learned from a Facebook developer.). Scrolling sideways is a bit inconvenient and may cause "one link to go down then another follows" (from The Social Network)

 

So the bottom line is adjust page width to accommodate square monitors.

[johnmalkin]

you have good idea, nice creation,

if it's going on than surely growth very well,