Address Database 2.0

[lszanto]

I have made a few improvements to the site like a search box when you are logged in, and a way to sort the names when viewing them. The new changes can be downloaded here: http://foar.sitesled.com/addyonline.zip or viewed here www.lszanto.com/addyonline/ and the username is admin and password is now pass. Mods or admins please delete the old thread.

Enjoy.

[neylitalo]

Just giving it a casual once-over, I have one suggestion: Don't make me pick how to sort them before you show me the addresses. Show me the list sorted normally, and then have links to change the sort method.

The rule of web design I'm invoking here: Fewer clicks is better.

[lszanto]

Yeah I'm gonna make a select or something for that I just wasn't sure what to do for that at first, thanks.

[HuggieBear]

I'm quite partial to a 'logout' button, something that I couldn't see on your site.

Huggie

[Philip]

Yeah, agreed with HuggieBear. You have a login/admin login whenever I'm already logged in...

[Daniel0]

You might want to generate the menu items depending on your user status/login status.

[corbin]

[quote author=neylitalo link=topic=121451.msg499455#msg499455 date=1168225117]
Just giving it a casual once-over, I have one suggestion: Don't make me pick how to sort them before you show me the addresses. Show me the list sorted normally, and then have links to change the sort method.

The rule of web design I'm invoking here: Fewer clicks is better.
[/quote][quote author=Daniel0 link=topic=121451.msg500110#msg500110 date=1168296754]
You might want to generate the menu items depending on your user status/login status.
[/quote]

My first two thoughts exactly lol...

I like how you can change the style, but it's based on sessions so if you wanted to change the style and not have to do it every time it could get old fast... Maybe add a column in the admin table to store the style sheet?

[code=php:0]
$sql = "UPDATE data SET name='$name', email='$email', home='$home', mobile='$mobile', address='$address' WHERE name='$update'";
[/code]

Some people have very common names and this could become a problem.  I think that you should update based on the id field to avoid someone changing John Smith's info and another John Smith changing too.

Also, like I suggested in the other forum, I personally think that you should use $_POST instead of $_GET, but I can't think of any problems $_GET might make, so I guess that's just personal preference.

I can't really blame you for this one since it wouldn't make sense to add weird script to your own site, but I suggest you replace <'s and >'s with their respective &lt; and &gt; to avoid things like <script>alert("hi");</script> or just an accidental <> that would cause problems in the html.

Once again mainly one of my personal things, but I tend to avoid links like
[code=php:0]
die("New passwords did not match, please go <a href=\"javascript: history.go(-1);\" >back</a> and try again.");
[/code]
that rely on solely JS, and I try to use links like
[code=php:0]
die("New passwords did not match, please go <a href=\"{$_SERVER['HTTP_REFERER']}\" onClick=\"history.go(-1); return false;\">back</a> and try again.");
[/code]
That allows the link to work even if JS is not enabled, which is rare now days, but still a possibility.

That's about all I got for now :p.

[lszanto]

Thanks for all the suggestions guys, I'll be sure to fix this stuff when I get the time.

[WorldInChaos]

When you try to edit names, at least make it not case-sensitive.  It would be even better if you showed a list of names, and then I got to click on which one I wanted to edit.

I like the idea of listing the names regardless when you click view, and controlling the display later.
In general, I agree with what everyone said about logging out, admin interface, etc...

Just my opinion.
Steve

[ted_chou12]

hey, this is awesome, but there is some problem with either the css or my browser, because the logo dont show properly, is too big...

[gazever]

The search is case sensitive, i tried searching for tony, no results found, I searched Tony, it found the result, great little script.

[bob_the _builder]

Hi,

Just for some ideas to help maybe make your address book a little more user friendly:

[url=http://www.fusiondesignz.co.nz/address_book/]Address Book[/url]

I made it yonks ago as a first project while learning php/mysql.

[HuggieBear]

If you're doing this as a little project to help you learn php, then might I suggest an import/export feature?

This will give you an insight into parsing content, such as CSV files, maybe some regular expression work.  The export feature could include some XML work too :)

I use something similar to import the contacts that I export from my mobile phone.

Regards
Huggie

[Daniel0]

Another thing: Don't show the password in plaintext when providing wrong credentials. There might be other people in the room or looking at the monitor.

[OOP]

I had a quick look at the application, and here are my comments

The site is not shown correctly in IE...the logo image is repated twice.
If you are going to let users login and add their addresses, then you should filter HTML.
validation for all field should be done, for example, in the phone, you should accept only number.

That's all for now

[AXiSS]

Logo is repeated on the Y-Axis in IE7.

[Aeglos]

Well, since I always read the forum I guess I should finally post something remotely helpfull...

The site is in good tracks but really... check your validation. It's a TOP concern before adding new functionality.
I got around the "<script>" check by not declaring the javascript and using an onMouseOver event handler (Check the ASDF link... inside the big fat table) instead...  ;D a not so friendly onLoad handler and your page goes kaput.

And well... I kinda feel guilty since the view adress page is now really messed with my table tampering  :P I even got marquees, Forms and CSS in (after a few tries I remembered to use ":" instead of "=").

So htmlentities is your friend here and/or some alphanumeric REGEXP.

Looking forward for the next version!
Cheers.

Edit.

Lol, did a search for the word "now", two results popped up: "Unknown" and "now" (second one submited by me... entry contains a "malicious" submit buton). So, I clicked on "now" and took me to the "now" profile page. My "ClickMe" malicous button of DooM was there, and upon clicking it, I stumbled to a page which displayed "You should not be on this page."  :D
On further inspection, that happens when there is no GET argument passed to the search and profiles pages. Consider redirecting them to the default search and directory listing views instead.

Edit nº2.

Incidentaly I now found out that while playing with the "Back" button on my browser I re-posted some fields... that should NOT happen... I realised thay you are passing every single form argument through GET to the addadress.php page... why? POST is already there, why pass the arguments through GET?? Only adds more complexity and potential security holes.
Also alows to skip any direct on the fly javascript validating on the form fields, since a user could simply populate the browser adress with malicious code.