Jump to content


Photo

Code Review, Beta Testing and Help needed with new site

php jquery mysql cron

  • This topic is locked This topic is locked
12 replies to this topic

#1 r3wt

r3wt
  • Members
  • PipPipPip
  • Advanced Member
  • 44 posts

Posted 21 November 2013 - 01:18 PM

*
POPULAR

I'm building a trade site for virtual currencies like bitcoin and such.

 

i need a bit of help as well as some general feedback on the site(be forwarned, it looks pretty crappy in non webkit browsers like firefox and ie. i probably should be developing for those browsers as well, but i feel like they are inferior and will be forgotten soon enough.

 

this being said, here is the link to the site

 

https://openex.pw

 

testusers:

 

test123 | 12345678 TraderBob | 12345678 test2 | password test5 | password

 

help i need:

 

Chat:

 

I need a way to autoscroll the window down, but unfortunately i haven't been able to get it to work. code always seems to break.

$(document).ready(function() {
		//load messages
		$('#messages').load('ajaxLOAD.php');
		
		
		$('#ajaxPOST').submit(function() {
			$.post('ajaxPOST.php', $('#ajaxPOST').serialize(), function(data){
			//clear the message field
			$('#message').val('');
			//reload messages
			$('#messages').delay(1000).load('ajaxLOAD.php');
			
			});
			return false; 
		});
		
	
	});

Logout.php

 

This was working before i built the chat, but since i find that logging out no longer redirects back to the homepage. 

if (isUserLoggedIn()) {
	$loggedInUser->userLogOut();
	echo"<p class='notify-green' id='notify'>You are now logged out.</p>";
	header('Refresh: 2; url=https://openex.pw');
}else{
	header( 'Location: index.php');
	die();
	}


#2 r3wt

r3wt
  • Members
  • PipPipPip
  • Advanced Member
  • 44 posts

Posted 21 November 2013 - 05:29 PM

Ok, i fixed both issues by adding alerts to my javascript. which showed i had errors in the code.

 

i was able to get the scroll to work, however it doesn't scroll all the way down. the last message is cut off everytime.

 

my code

$(document).ready(function() {
//load messages
$('#messages').load('ajaxLOAD.php').scrollTop($("#messages")[0].scrollHeight);




$('#ajaxPOST').submit(function() {
$.post('ajaxPOST.php', $('#ajaxPOST').serialize(), function(data){
//clear the message field
$('#message').val('');
//reload messages
$('#messages').delay(1000).load('ajaxLOAD.php').scrollTop($("#messages")[0].scrollHeight);


});
return false; 
});




});


#3 MDCode

MDCode
  • Members
  • PipPipPip
  • Advanced Member
  • 645 posts

Posted 21 November 2013 - 05:33 PM

I'm confused. Is this a beta test request, or a JQuery help request?

You site just redirects to a page that only displays the URL.

#4 r3wt

r3wt
  • Members
  • PipPipPip
  • Advanced Member
  • 44 posts

Posted 21 November 2013 - 06:33 PM

you must be using firefox. long story short, i have 3 domains with ssl running on the same box, and firefox insists on placing www infront of the url which due to some odd anomaly in SNI on Nginx redirects from one domain to the other. 

 

i've posted about the problem on server fault, and really haven't gotten an answer. you can access the site in chrome though.

 

i imagine the security cert issue will dissaper once each sites on its own ip.

 

my post from stack exchange if you are curious

 

http://serverfault.c...nt643856_555907


Edited by r3wt, 21 November 2013 - 06:38 PM.


#5 MDCode

MDCode
  • Members
  • PipPipPip
  • Advanced Member
  • 645 posts

Posted 21 November 2013 - 07:31 PM

It happened with my iPhone and android tablet. I don't have desktop access atm.

#6 r3wt

r3wt
  • Members
  • PipPipPip
  • Advanced Member
  • 44 posts

Posted 22 November 2013 - 06:06 AM

mobile users are automatically redirected to the mobile site, which isn't finished yet(and won't be until i finish the base code of the main site.)



#7 Coreye

Coreye
  • Members
  • PipPipPip
  • PHPHelpCenter.com
  • 539 posts
  • LocationFlorida

Posted 24 November 2013 - 06:20 AM

The chat room is vulnerable to XSS.

 

Ov2Yz4V.png

 

When submitting a support ticket you get this error:

Warning: Cannot modify header information - headers already sent by (output started at /home/wwwroot/www.openex.pw/index.php:228) in /home/wwwroot/www.openex.pw/pages/newticket.php on line 23

Edited by Coreye, 24 November 2013 - 06:25 AM.

PHP Help Center - PHP Help and Security Testing.  :)


#8 Coreye

Coreye
  • Members
  • PipPipPip
  • PHPHelpCenter.com
  • 539 posts
  • LocationFlorida

Posted 24 November 2013 - 06:39 AM

You can edit the POST data and talk as any username you'd like.

 

RV7sbJs.png


PHP Help Center - PHP Help and Security Testing.  :)


#9 r3wt

r3wt
  • Members
  • PipPipPip
  • Advanced Member
  • 44 posts

Posted 24 November 2013 - 06:39 AM

thanks Coreye. i added a striptagcall prior to my db->escape. would you care to try something a bit more advanced? would you suggest using formkeys?



#10 r3wt

r3wt
  • Members
  • PipPipPip
  • Advanced Member
  • 44 posts

Posted 24 November 2013 - 06:41 AM

ok coreye, i will move the user data to the ajax post. 



#11 r3wt

r3wt
  • Members
  • PipPipPip
  • Advanced Member
  • 44 posts

Posted 24 November 2013 - 06:43 AM

oh this is embarrasing. my sql variables have the same name

Warning: mysql_result(): Unable to jump to row 0 on MySQL result index 26 in /home/wwwroot/www.openex.pw/index.php on line 260


#12 r3wt

r3wt
  • Members
  • PipPipPip
  • Advanced Member
  • 44 posts

Posted 24 November 2013 - 07:25 AM

fixed the chat(i think)

 

filter with regex(jquery)

$('#message').keypress(function(event){
    var char = String.fromCharCode(event.which)
    var txt = $(this).val()

    if (! txt.match(/^[^A-Za-z0-9+#\-\.]+$/)){
        $(this).val(txt.replace(char, ''));
    }
	});

server side

error_reporting(E_ALL);
ini_set("display_errors", 1);
require_once('models/config.php');

include 'models/chat.config.php';

if (strlen($_POST['message']) < 10) {

die();
}else{

		
		//define color of usernames.
$id = $loggedInUser->user_id;		
$username = $loggedInUser->display_username;
if(!isUserAdmin($id)) {
			$color = "#000000";
			}else{
			$color = "#005798";
			}
$color_ = $db->real_escape_string(strip_tags(($color)));
$user = $db->real_escape_string(strip_tags(($username))); 
$message = $db->real_escape_string(strip_tags(($_POST['message'])));


$db->Query("INSERT INTO messages (color, username, message) VALUES ('$color_','$user','$message')");
}

Did i do good coreye?


Edited by r3wt, 24 November 2013 - 07:38 AM.


#13 r3wt

r3wt
  • Members
  • PipPipPip
  • Advanced Member
  • 44 posts

Posted 13 February 2014 - 06:14 AM

bump for the latest release

 

 

https://openex.pw/

 

looking to hire someone to code review. site is in a live beta mode but i've written way out side of my experience level here. i'd love to have a second opinion. thanks


Edited by r3wt, 13 February 2014 - 06:15 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users