lszanto Posted January 8, 2007 Share Posted January 8, 2007 I have made a few improvements to the site like a search box when you are logged in, and a way to sort the names when viewing them. The new changes can be downloaded here: http://foar.sitesled.com/addyonline.zip or viewed here www.lszanto.com/addyonline/ and the username is admin and password is now pass. Mods or admins please delete the old thread.Enjoy. Link to comment https://forums.phpfreaks.com/topic/33284-address-database-20/ Share on other sites More sharing options...
neylitalo Posted January 8, 2007 Share Posted January 8, 2007 Just giving it a casual once-over, I have one suggestion: Don't make me pick how to sort them before you show me the addresses. Show me the list sorted normally, and then have links to change the sort method. The rule of web design I'm invoking here: Fewer clicks is better. Link to comment https://forums.phpfreaks.com/topic/33284-address-database-20/#findComment-155499 Share on other sites More sharing options...
lszanto Posted January 8, 2007 Author Share Posted January 8, 2007 Yeah I'm gonna make a select or something for that I just wasn't sure what to do for that at first, thanks. Link to comment https://forums.phpfreaks.com/topic/33284-address-database-20/#findComment-155504 Share on other sites More sharing options...
HuggieBear Posted January 8, 2007 Share Posted January 8, 2007 I'm quite partial to a 'logout' button, something that I couldn't see on your site.Huggie Link to comment https://forums.phpfreaks.com/topic/33284-address-database-20/#findComment-155719 Share on other sites More sharing options...
Philip Posted January 8, 2007 Share Posted January 8, 2007 Yeah, agreed with HuggieBear. You have a login/admin login whenever I'm already logged in... Link to comment https://forums.phpfreaks.com/topic/33284-address-database-20/#findComment-156064 Share on other sites More sharing options...
Daniel0 Posted January 8, 2007 Share Posted January 8, 2007 You might want to generate the menu items depending on your user status/login status. Link to comment https://forums.phpfreaks.com/topic/33284-address-database-20/#findComment-156148 Share on other sites More sharing options...
corbin Posted January 9, 2007 Share Posted January 9, 2007 [quote author=neylitalo link=topic=121451.msg499455#msg499455 date=1168225117]Just giving it a casual once-over, I have one suggestion: Don't make me pick how to sort them before you show me the addresses. Show me the list sorted normally, and then have links to change the sort method. The rule of web design I'm invoking here: Fewer clicks is better.[/quote][quote author=Daniel0 link=topic=121451.msg500110#msg500110 date=1168296754]You might want to generate the menu items depending on your user status/login status.[/quote]My first two thoughts exactly lol...I like how you can change the style, but it's based on sessions so if you wanted to change the style and not have to do it every time it could get old fast... Maybe add a column in the admin table to store the style sheet?[code=php:0]$sql = "UPDATE data SET name='$name', email='$email', home='$home', mobile='$mobile', address='$address' WHERE name='$update'";[/code]Some people have very common names and this could become a problem. I think that you should update based on the id field to avoid someone changing John Smith's info and another John Smith changing too.Also, like I suggested in the other forum, I personally think that you should use $_POST instead of $_GET, but I can't think of any problems $_GET might make, so I guess that's just personal preference.I can't really blame you for this one since it wouldn't make sense to add weird script to your own site, but I suggest you replace <'s and >'s with their respective < and > to avoid things like <script>alert("hi");</script> or just an accidental <> that would cause problems in the html.Once again mainly one of my personal things, but I tend to avoid links like[code=php:0]die("New passwords did not match, please go <a href=\"javascript: history.go(-1);\" >back</a> and try again.");[/code]that rely on solely JS, and I try to use links like[code=php:0]die("New passwords did not match, please go <a href=\"{$_SERVER['HTTP_REFERER']}\" onClick=\"history.go(-1); return false;\">back</a> and try again.");[/code]That allows the link to work even if JS is not enabled, which is rare now days, but still a possibility.That's about all I got for now :p. Link to comment https://forums.phpfreaks.com/topic/33284-address-database-20/#findComment-156280 Share on other sites More sharing options...
lszanto Posted January 9, 2007 Author Share Posted January 9, 2007 Thanks for all the suggestions guys, I'll be sure to fix this stuff when I get the time. Link to comment https://forums.phpfreaks.com/topic/33284-address-database-20/#findComment-156478 Share on other sites More sharing options...
WorldInChaos Posted January 10, 2007 Share Posted January 10, 2007 When you try to edit names, at least make it not case-sensitive. It would be even better if you showed a list of names, and then I got to click on which one I wanted to edit.I like the idea of listing the names regardless when you click view, and controlling the display later.In general, I agree with what everyone said about logging out, admin interface, etc...Just my opinion.Steve Link to comment https://forums.phpfreaks.com/topic/33284-address-database-20/#findComment-157702 Share on other sites More sharing options...
ted_chou12 Posted January 12, 2007 Share Posted January 12, 2007 hey, this is awesome, but there is some problem with either the css or my browser, because the logo dont show properly, is too big... Link to comment https://forums.phpfreaks.com/topic/33284-address-database-20/#findComment-158989 Share on other sites More sharing options...
gazever Posted January 15, 2007 Share Posted January 15, 2007 The search is case sensitive, i tried searching for tony, no results found, I searched Tony, it found the result, great little script. Link to comment https://forums.phpfreaks.com/topic/33284-address-database-20/#findComment-161029 Share on other sites More sharing options...
bob_the _builder Posted January 16, 2007 Share Posted January 16, 2007 Hi,Just for some ideas to help maybe make your address book a little more user friendly:[url=http://www.fusiondesignz.co.nz/address_book/]Address Book[/url]I made it yonks ago as a first project while learning php/mysql. Link to comment https://forums.phpfreaks.com/topic/33284-address-database-20/#findComment-161593 Share on other sites More sharing options...
HuggieBear Posted January 16, 2007 Share Posted January 16, 2007 If you're doing this as a little project to help you learn php, then might I suggest an import/export feature?This will give you an insight into parsing content, such as CSV files, maybe some regular expression work. The export feature could include some XML work too :)I use something similar to import the contacts that I export from my mobile phone.RegardsHuggie Link to comment https://forums.phpfreaks.com/topic/33284-address-database-20/#findComment-161846 Share on other sites More sharing options...
Daniel0 Posted January 16, 2007 Share Posted January 16, 2007 Another thing: Don't show the password in plaintext when providing wrong credentials. There might be other people in the room or looking at the monitor. Link to comment https://forums.phpfreaks.com/topic/33284-address-database-20/#findComment-162020 Share on other sites More sharing options...
OOP Posted January 17, 2007 Share Posted January 17, 2007 I had a quick look at the application, and here are my commentsThe site is not shown correctly in IE...the logo image is repated twice.If you are going to let users login and add their addresses, then you should filter HTML.validation for all field should be done, for example, in the phone, you should accept only number.That's all for now Link to comment https://forums.phpfreaks.com/topic/33284-address-database-20/#findComment-162716 Share on other sites More sharing options...
AXiSS Posted January 21, 2007 Share Posted January 21, 2007 Logo is repeated on the Y-Axis in IE7. Link to comment https://forums.phpfreaks.com/topic/33284-address-database-20/#findComment-165660 Share on other sites More sharing options...
Aeglos Posted January 22, 2007 Share Posted January 22, 2007 Well, since I always read the forum I guess I should finally post something remotely helpfull...The site is in good tracks but really... check your validation. It's a TOP concern before adding new functionality.I got around the "<script>" check by not declaring the javascript and using an onMouseOver event handler (Check the ASDF link... inside the big fat table) instead... ;D a not so friendly onLoad handler and your page goes kaput.And well... I kinda feel guilty since the view adress page is now really messed with my table tampering :P I even got marquees, Forms and CSS in (after a few tries I remembered to use ":" instead of "=").So htmlentities is your friend here and/or some alphanumeric REGEXP.Looking forward for the next version!Cheers.Edit.Lol, did a search for the word "now", two results popped up: "Unknown" and "now" (second one submited by me... entry contains a "malicious" submit buton). So, I clicked on "now" and took me to the "now" profile page. My "ClickMe" malicous button of DooM was there, and upon clicking it, I stumbled to a page which displayed "You should not be on this page." :DOn further inspection, that happens when there is no GET argument passed to the search and profiles pages. Consider redirecting them to the default search and directory listing views instead.Edit nº2.Incidentaly I now found out that while playing with the "Back" button on my browser I re-posted some fields... that should NOT happen... I realised thay you are passing every single form argument through GET to the addadress.php page... why? POST is already there, why pass the arguments through GET?? Only adds more complexity and potential security holes.Also alows to skip any direct on the fly javascript validating on the form fields, since a user could simply populate the browser adress with malicious code. Link to comment https://forums.phpfreaks.com/topic/33284-address-database-20/#findComment-166194 Share on other sites More sharing options...
Recommended Posts