Code Review, Beta Testing and Help needed with new site

[r3wt]

I'm building a trade site for virtual currencies like bitcoin and such.

 

i need a bit of help as well as some general feedback on the site(be forwarned, it looks pretty crappy in non webkit browsers like firefox and ie. i probably should be developing for those browsers as well, but i feel like they are inferior and will be forgotten soon enough.

 

this being said, here is the link to the site

 

https://openex.pw

 

testusers:

 

test123 | 12345678 TraderBob | 12345678 test2 | password test5 | password

 

help i need:

 

Chat:

 

I need a way to autoscroll the window down, but unfortunately i haven't been able to get it to work. code always seems to break.

$(document).ready(function() {
		//load messages
		$('#messages').load('ajaxLOAD.php');
		
		
		$('#ajaxPOST').submit(function() {
			$.post('ajaxPOST.php', $('#ajaxPOST').serialize(), function(data){
			//clear the message field
			$('#message').val('');
			//reload messages
			$('#messages').delay(1000).load('ajaxLOAD.php');
			
			});
			return false; 
		});
		
	
	});

Logout.php

 

This was working before i built the chat, but since i find that logging out no longer redirects back to the homepage. 

if (isUserLoggedIn()) {
	$loggedInUser->userLogOut();
	echo"<p class='notify-green' id='notify'>You are now logged out.</p>";
	header('Refresh: 2; url=https://openex.pw');
}else{
	header( 'Location: index.php');
	die();
	}

[r3wt]

Ok, i fixed both issues by adding alerts to my javascript. which showed i had errors in the code.

 

i was able to get the scroll to work, however it doesn't scroll all the way down. the last message is cut off everytime.

 

my code

$(document).ready(function() {
//load messages
$('#messages').load('ajaxLOAD.php').scrollTop($("#messages")[0].scrollHeight);




$('#ajaxPOST').submit(function() {
$.post('ajaxPOST.php', $('#ajaxPOST').serialize(), function(data){
//clear the message field
$('#message').val('');
//reload messages
$('#messages').delay(1000).load('ajaxLOAD.php').scrollTop($("#messages")[0].scrollHeight);


});
return false; 
});




});

[MDCode]

I'm confused. Is this a beta test request, or a JQuery help request?

 

You site just redirects to a page that only displays the URL.

[r3wt]

you must be using firefox. long story short, i have 3 domains with ssl running on the same box, and firefox insists on placing www infront of the url which due to some odd anomaly in SNI on Nginx redirects from one domain to the other. 

 

i've posted about the problem on server fault, and really haven't gotten an answer. you can access the site in chrome though.

 

i imagine the security cert issue will dissaper once each sites on its own ip.

 

my post from stack exchange if you are curious

 

http://serverfault.com/questions/555903/nginx-vhosts-with-ssl/555907?noredirect=1#comment643856_555907

Edited November 21, 2013 by r3wt

[MDCode]

It happened with my iPhone and android tablet. I don't have desktop access atm.

[r3wt]

mobile users are automatically redirected to the mobile site, which isn't finished yet(and won't be until i finish the base code of the main site.)

[Coreye]

The chat room is vulnerable to XSS.

 

 

When submitting a support ticket you get this error:

Warning: Cannot modify header information - headers already sent by (output started at /home/wwwroot/www.openex.pw/index.php:228) in /home/wwwroot/www.openex.pw/pages/newticket.php on line 23

Edited November 24, 2013 by Coreye

[Coreye]

You can edit the POST data and talk as any username you'd like.

 

[r3wt]

thanks Coreye. i added a striptagcall prior to my db->escape. would you care to try something a bit more advanced? would you suggest using formkeys?

[r3wt]

ok coreye, i will move the user data to the ajax post. 

[r3wt]

oh this is embarrasing. my sql variables have the same name

Warning: mysql_result(): Unable to jump to row 0 on MySQL result index 26 in /home/wwwroot/www.openex.pw/index.php on line 260

[r3wt]

fixed the chat(i think)

 

filter with regex(jquery)

$('#message').keypress(function(event){
    var char = String.fromCharCode(event.which)
    var txt = $(this).val()

    if (! txt.match(/^[^A-Za-z0-9+#\-\.]+$/)){
        $(this).val(txt.replace(char, ''));
    }
	});

server side

error_reporting(E_ALL);
ini_set("display_errors", 1);
require_once('models/config.php');

include 'models/chat.config.php';

if (strlen($_POST['message']) < 10) {

die();
}else{

		
		//define color of usernames.
$id = $loggedInUser->user_id;		
$username = $loggedInUser->display_username;
if(!isUserAdmin($id)) {
			$color = "#000000";
			}else{
			$color = "#005798";
			}
$color_ = $db->real_escape_string(strip_tags(($color)));
$user = $db->real_escape_string(strip_tags(($username))); 
$message = $db->real_escape_string(strip_tags(($_POST['message'])));


$db->Query("INSERT INTO messages (color, username, message) VALUES ('$color_','$user','$message')");
}

Did i do good coreye?

Edited November 24, 2013 by r3wt

[r3wt]

bump for the latest release

 

 

https://openex.pw/

 

looking to hire someone to code review. site is in a live beta mode but i've written way out side of my experience level here. i'd love to have a second opinion. thanks

Edited February 13, 2014 by r3wt