roopurt18 Posted March 9, 2007 Share Posted March 9, 2007 We're gearing up to release the newest feature of our homebuilder software and I figured it would be nice to have some actual beta testing. This environment has almost all of the software's regular features available, although the one I'd like to have tested is subcontractor options bidding. I'll give a brief background of what subcontractor options bidding is. Every homebuilder contracts certain portions of development to contractors who specialize in particular trades, such as drywall, flooring, cabinets, etc. Every house also has options (or upgrades) available to potential home buyers. Housing projects (typically) are broken up into phases of development, where each phase consists of house lots. Sometimes the homebuilder knows which lots will contain which floor plans, sometimes they don't. Option prices can change depending on the plan the option is in; i.e. a flooring option will generally cost more in a plan with more square footage. Thus, before every phase begins development, the homebuilder holds options bidding where the subs bid on the cost of all the options available in that phase that pertain to their trade. The old bidding method: The homebuilder would print a form for a particular trade, let's say drywall. On this form would be every option that is affected by that trade. They mail (or fax) this form (which can be several pages) to every drywall contractor. The contractors fill the form out by bidding on the cost of each option in each plan and send the form back to the homebuilder. The homebuilders then usually enter these into spreadsheets for cost analysis and then update our server software system with who is awarded the bids. They have to do this for dozens of trades and as many as a hundred contractors; it is a very lengthy and tedious process. The new method: I've built a system where the subs can enter their bids online. The homebuilder can view the bidding process (by logging in as the admin) in real time with cost analysis built right into the system. The homebuilders can award the bids directly from their interface as well and will eventually be able to export that data into our other software system. The site is driven by PHP, MySQL, and Javascript. In particular, the bidding system uses AJAX. It's irrelevant if this system doesn't work on any non-windows OS since our server software only runs on windows. I've done my testing with WinXP, IE 7 and FF 2. I'm mostly concerned with bugs / problems directly related to the options bidding process. If anyone discovers any major security holes, I'd appreciate a description of the problem via PM. You're more than welcome to point out any other problems with the site, although many I'm already aware of (such as invalid markup, CSS, legacy functions not working, etc.). Right, now have at it: http://www.ibswebview.com/wv/beta/ Link to comment https://forums.phpfreaks.com/topic/42024-homebuilder-software/ Share on other sites More sharing options...
mattd8752 Posted March 9, 2007 Share Posted March 9, 2007 Looks pretty good. I think you should add the ability to request an account. And a menu bar while your are not logged in. Link to comment https://forums.phpfreaks.com/topic/42024-homebuilder-software/#findComment-203810 Share on other sites More sharing options...
roopurt18 Posted March 9, 2007 Author Share Posted March 9, 2007 Looks pretty good. I think you should add the ability to request an account. And a menu bar while your are not logged in. It's not apparent, but each of our clients has a separate URL. Account setup is actually done in our server software, so the only people that really come across the site are those that already have accounts and know what it's used for. Hence the reason there isn't any sort of navigation when not logged in either. Link to comment https://forums.phpfreaks.com/topic/42024-homebuilder-software/#findComment-203897 Share on other sites More sharing options...
roopurt18 Posted March 10, 2007 Author Share Posted March 10, 2007 I've added a partially finished documentation link into the top-right area of the review options bidding page for the admin. Link to comment https://forums.phpfreaks.com/topic/42024-homebuilder-software/#findComment-203977 Share on other sites More sharing options...
roopurt18 Posted March 12, 2007 Author Share Posted March 12, 2007 Anyone else? Or is this just too much to deal with? Link to comment https://forums.phpfreaks.com/topic/42024-homebuilder-software/#findComment-205621 Share on other sites More sharing options...
rcorlew Posted March 26, 2007 Share Posted March 26, 2007 That's really quite a system you have there, I would only recomend rewriting the whole thing all over again just to make sure you remeber how. Just kidding, it took a minute to figure out how to get around, but once I overcame that it was very intuitive. Link to comment https://forums.phpfreaks.com/topic/42024-homebuilder-software/#findComment-215142 Share on other sites More sharing options...
agentsteal Posted March 26, 2007 Share Posted March 26, 2007 Cross Site Scripting: http://www.ibswebview.com/phpinfo.php?<script>alert('vulnerable')</script> Full Path Disclosure: http://www.ibswebview.com/phpinfo.php User Enumeration: http://www.ibswebview.com/~root Link to comment https://forums.phpfreaks.com/topic/42024-homebuilder-software/#findComment-215655 Share on other sites More sharing options...
roopurt18 Posted March 27, 2007 Author Share Posted March 27, 2007 Just curious, how did you find the phpinfo.php script? Link to comment https://forums.phpfreaks.com/topic/42024-homebuilder-software/#findComment-215844 Share on other sites More sharing options...
roopurt18 Posted March 27, 2007 Author Share Posted March 27, 2007 So it was a guess, I just wanted to make sure you weren't browsing the directory structure. Thanks for the heads up. Link to comment https://forums.phpfreaks.com/topic/42024-homebuilder-software/#findComment-216135 Share on other sites More sharing options...
Recommended Posts