Jump to content
r3wt

Code Review, Beta Testing and Help needed with new site

Recommended Posts

Ok, i fixed both issues by adding alerts to my javascript. which showed i had errors in the code.

 

i was able to get the scroll to work, however it doesn't scroll all the way down. the last message is cut off everytime.

 

my code

$(document).ready(function() {
//load messages
$('#messages').load('ajaxLOAD.php').scrollTop($("#messages")[0].scrollHeight);




$('#ajaxPOST').submit(function() {
$.post('ajaxPOST.php', $('#ajaxPOST').serialize(), function(data){
//clear the message field
$('#message').val('');
//reload messages
$('#messages').delay(1000).load('ajaxLOAD.php').scrollTop($("#messages")[0].scrollHeight);


});
return false; 
});




});
  • Like 2

Share this post


Link to post
Share on other sites

I'm confused. Is this a beta test request, or a JQuery help request?

 

You site just redirects to a page that only displays the URL.

Share this post


Link to post
Share on other sites

you must be using firefox. long story short, i have 3 domains with ssl running on the same box, and firefox insists on placing www infront of the url which due to some odd anomaly in SNI on Nginx redirects from one domain to the other. 

 

i've posted about the problem on server fault, and really haven't gotten an answer. you can access the site in chrome though.

 

i imagine the security cert issue will dissaper once each sites on its own ip.

 

my post from stack exchange if you are curious

 

http://serverfault.com/questions/555903/nginx-vhosts-with-ssl/555907?noredirect=1#comment643856_555907

Edited by r3wt

Share this post


Link to post
Share on other sites

It happened with my iPhone and android tablet. I don't have desktop access atm.

Share this post


Link to post
Share on other sites

mobile users are automatically redirected to the mobile site, which isn't finished yet(and won't be until i finish the base code of the main site.)

Share this post


Link to post
Share on other sites

The chat room is vulnerable to XSS.

 

Ov2Yz4V.png

 

When submitting a support ticket you get this error:

Warning: Cannot modify header information - headers already sent by (output started at /home/wwwroot/www.openex.pw/index.php:228) in /home/wwwroot/www.openex.pw/pages/newticket.php on line 23
Edited by Coreye

Share this post


Link to post
Share on other sites

You can edit the POST data and talk as any username you'd like.

 

RV7sbJs.png

Share this post


Link to post
Share on other sites

thanks Coreye. i added a striptagcall prior to my db->escape. would you care to try something a bit more advanced? would you suggest using formkeys?

Share this post


Link to post
Share on other sites

oh this is embarrasing. my sql variables have the same name

Warning: mysql_result(): Unable to jump to row 0 on MySQL result index 26 in /home/wwwroot/www.openex.pw/index.php on line 260

Share this post


Link to post
Share on other sites

fixed the chat(i think)

 

filter with regex(jquery)

$('#message').keypress(function(event){
    var char = String.fromCharCode(event.which)
    var txt = $(this).val()

    if (! txt.match(/^[^A-Za-z0-9+#\-\.]+$/)){
        $(this).val(txt.replace(char, ''));
    }
	});

server side

error_reporting(E_ALL);
ini_set("display_errors", 1);
require_once('models/config.php');

include 'models/chat.config.php';

if (strlen($_POST['message']) < 10) {

die();
}else{

		
		//define color of usernames.
$id = $loggedInUser->user_id;		
$username = $loggedInUser->display_username;
if(!isUserAdmin($id)) {
			$color = "#000000";
			}else{
			$color = "#005798";
			}
$color_ = $db->real_escape_string(strip_tags(($color)));
$user = $db->real_escape_string(strip_tags(($username))); 
$message = $db->real_escape_string(strip_tags(($_POST['message'])));


$db->Query("INSERT INTO messages (color, username, message) VALUES ('$color_','$user','$message')");
}

Did i do good coreye?

Edited by r3wt

Share this post


Link to post
Share on other sites

bump for the latest release

 

 

https://openex.pw/

 

looking to hire someone to code review. site is in a live beta mode but i've written way out side of my experience level here. i'd love to have a second opinion. thanks

Edited by r3wt

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.