Jump to content

Code Review, Beta Testing and Help needed with new site


r3wt

Recommended Posts

I'm building a trade site for virtual currencies like bitcoin and such.

 

i need a bit of help as well as some general feedback on the site(be forwarned, it looks pretty crappy in non webkit browsers like firefox and ie. i probably should be developing for those browsers as well, but i feel like they are inferior and will be forgotten soon enough.

 

this being said, here is the link to the site

 

https://openex.pw

 

testusers:

 

test123 | 12345678 TraderBob | 12345678 test2 | password test5 | password

 

help i need:

 

Chat:

 

I need a way to autoscroll the window down, but unfortunately i haven't been able to get it to work. code always seems to break.

$(document).ready(function() {
		//load messages
		$('#messages').load('ajaxLOAD.php');
		
		
		$('#ajaxPOST').submit(function() {
			$.post('ajaxPOST.php', $('#ajaxPOST').serialize(), function(data){
			//clear the message field
			$('#message').val('');
			//reload messages
			$('#messages').delay(1000).load('ajaxLOAD.php');
			
			});
			return false; 
		});
		
	
	});

Logout.php

 

This was working before i built the chat, but since i find that logging out no longer redirects back to the homepage. 

if (isUserLoggedIn()) {
	$loggedInUser->userLogOut();
	echo"<p class='notify-green' id='notify'>You are now logged out.</p>";
	header('Refresh: 2; url=https://openex.pw');
}else{
	header( 'Location: index.php');
	die();
	}
Link to comment
Share on other sites

Ok, i fixed both issues by adding alerts to my javascript. which showed i had errors in the code.

 

i was able to get the scroll to work, however it doesn't scroll all the way down. the last message is cut off everytime.

 

my code

$(document).ready(function() {
//load messages
$('#messages').load('ajaxLOAD.php').scrollTop($("#messages")[0].scrollHeight);




$('#ajaxPOST').submit(function() {
$.post('ajaxPOST.php', $('#ajaxPOST').serialize(), function(data){
//clear the message field
$('#message').val('');
//reload messages
$('#messages').delay(1000).load('ajaxLOAD.php').scrollTop($("#messages")[0].scrollHeight);


});
return false; 
});




});
Link to comment
Share on other sites

you must be using firefox. long story short, i have 3 domains with ssl running on the same box, and firefox insists on placing www infront of the url which due to some odd anomaly in SNI on Nginx redirects from one domain to the other. 

 

i've posted about the problem on server fault, and really haven't gotten an answer. you can access the site in chrome though.

 

i imagine the security cert issue will dissaper once each sites on its own ip.

 

my post from stack exchange if you are curious

 

http://serverfault.com/questions/555903/nginx-vhosts-with-ssl/555907?noredirect=1#comment643856_555907

Edited by r3wt
Link to comment
Share on other sites

The chat room is vulnerable to XSS.

 

Ov2Yz4V.png

 

When submitting a support ticket you get this error:

Warning: Cannot modify header information - headers already sent by (output started at /home/wwwroot/www.openex.pw/index.php:228) in /home/wwwroot/www.openex.pw/pages/newticket.php on line 23
Edited by Coreye
Link to comment
Share on other sites

fixed the chat(i think)

 

filter with regex(jquery)

$('#message').keypress(function(event){
    var char = String.fromCharCode(event.which)
    var txt = $(this).val()

    if (! txt.match(/^[^A-Za-z0-9+#\-\.]+$/)){
        $(this).val(txt.replace(char, ''));
    }
	});

server side

error_reporting(E_ALL);
ini_set("display_errors", 1);
require_once('models/config.php');

include 'models/chat.config.php';

if (strlen($_POST['message']) < 10) {

die();
}else{

		
		//define color of usernames.
$id = $loggedInUser->user_id;		
$username = $loggedInUser->display_username;
if(!isUserAdmin($id)) {
			$color = "#000000";
			}else{
			$color = "#005798";
			}
$color_ = $db->real_escape_string(strip_tags(($color)));
$user = $db->real_escape_string(strip_tags(($username))); 
$message = $db->real_escape_string(strip_tags(($_POST['message'])));


$db->Query("INSERT INTO messages (color, username, message) VALUES ('$color_','$user','$message')");
}

Did i do good coreye?

Edited by r3wt
Link to comment
Share on other sites

  • 2 months later...
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.