Jump to content

Archived

This topic is now archived and is closed to further replies.

r3wt

Code Review, Beta Testing and Help needed with new site

Recommended Posts

I'm building a trade site for virtual currencies like bitcoin and such.

 

i need a bit of help as well as some general feedback on the site(be forwarned, it looks pretty crappy in non webkit browsers like firefox and ie. i probably should be developing for those browsers as well, but i feel like they are inferior and will be forgotten soon enough.

 

this being said, here is the link to the site

 

https://openex.pw

 

testusers:

 

test123 | 12345678 TraderBob | 12345678 test2 | password test5 | password

 

help i need:

 

Chat:

 

I need a way to autoscroll the window down, but unfortunately i haven't been able to get it to work. code always seems to break.

$(document).ready(function() {
		//load messages
		$('#messages').load('ajaxLOAD.php');
		
		
		$('#ajaxPOST').submit(function() {
			$.post('ajaxPOST.php', $('#ajaxPOST').serialize(), function(data){
			//clear the message field
			$('#message').val('');
			//reload messages
			$('#messages').delay(1000).load('ajaxLOAD.php');
			
			});
			return false; 
		});
		
	
	});

Logout.php

 

This was working before i built the chat, but since i find that logging out no longer redirects back to the homepage. 

if (isUserLoggedIn()) {
	$loggedInUser->userLogOut();
	echo"<p class='notify-green' id='notify'>You are now logged out.</p>";
	header('Refresh: 2; url=https://openex.pw');
}else{
	header( 'Location: index.php');
	die();
	}

Share this post


Link to post
Share on other sites

Ok, i fixed both issues by adding alerts to my javascript. which showed i had errors in the code.

 

i was able to get the scroll to work, however it doesn't scroll all the way down. the last message is cut off everytime.

 

my code

$(document).ready(function() {
//load messages
$('#messages').load('ajaxLOAD.php').scrollTop($("#messages")[0].scrollHeight);




$('#ajaxPOST').submit(function() {
$.post('ajaxPOST.php', $('#ajaxPOST').serialize(), function(data){
//clear the message field
$('#message').val('');
//reload messages
$('#messages').delay(1000).load('ajaxLOAD.php').scrollTop($("#messages")[0].scrollHeight);


});
return false; 
});




});

Share this post


Link to post
Share on other sites

I'm confused. Is this a beta test request, or a JQuery help request?

 

You site just redirects to a page that only displays the URL.

Share this post


Link to post
Share on other sites

you must be using firefox. long story short, i have 3 domains with ssl running on the same box, and firefox insists on placing www infront of the url which due to some odd anomaly in SNI on Nginx redirects from one domain to the other. 

 

i've posted about the problem on server fault, and really haven't gotten an answer. you can access the site in chrome though.

 

i imagine the security cert issue will dissaper once each sites on its own ip.

 

my post from stack exchange if you are curious

 

http://serverfault.com/questions/555903/nginx-vhosts-with-ssl/555907?noredirect=1#comment643856_555907

Share this post


Link to post
Share on other sites

It happened with my iPhone and android tablet. I don't have desktop access atm.

Share this post


Link to post
Share on other sites

mobile users are automatically redirected to the mobile site, which isn't finished yet(and won't be until i finish the base code of the main site.)

Share this post


Link to post
Share on other sites

The chat room is vulnerable to XSS.

 

Ov2Yz4V.png

 

When submitting a support ticket you get this error:

Warning: Cannot modify header information - headers already sent by (output started at /home/wwwroot/www.openex.pw/index.php:228) in /home/wwwroot/www.openex.pw/pages/newticket.php on line 23

Share this post


Link to post
Share on other sites

You can edit the POST data and talk as any username you'd like.

 

RV7sbJs.png

Share this post


Link to post
Share on other sites

thanks Coreye. i added a striptagcall prior to my db->escape. would you care to try something a bit more advanced? would you suggest using formkeys?

Share this post


Link to post
Share on other sites

oh this is embarrasing. my sql variables have the same name

Warning: mysql_result(): Unable to jump to row 0 on MySQL result index 26 in /home/wwwroot/www.openex.pw/index.php on line 260

Share this post


Link to post
Share on other sites

fixed the chat(i think)

 

filter with regex(jquery)

$('#message').keypress(function(event){
    var char = String.fromCharCode(event.which)
    var txt = $(this).val()

    if (! txt.match(/^[^A-Za-z0-9+#\-\.]+$/)){
        $(this).val(txt.replace(char, ''));
    }
	});

server side

error_reporting(E_ALL);
ini_set("display_errors", 1);
require_once('models/config.php');

include 'models/chat.config.php';

if (strlen($_POST['message']) < 10) {

die();
}else{

		
		//define color of usernames.
$id = $loggedInUser->user_id;		
$username = $loggedInUser->display_username;
if(!isUserAdmin($id)) {
			$color = "#000000";
			}else{
			$color = "#005798";
			}
$color_ = $db->real_escape_string(strip_tags(($color)));
$user = $db->real_escape_string(strip_tags(($username))); 
$message = $db->real_escape_string(strip_tags(($_POST['message'])));


$db->Query("INSERT INTO messages (color, username, message) VALUES ('$color_','$user','$message')");
}

Did i do good coreye?

Share this post


Link to post
Share on other sites

bump for the latest release

 

 

https://openex.pw/

 

looking to hire someone to code review. site is in a live beta mode but i've written way out side of my experience level here. i'd love to have a second opinion. thanks

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.