Jump to content

Tutorials Site


.Darkman

Recommended Posts

Hello Everybody,

 

Visit my new tutorials index site at http://clevertutorials.com

 

This is the first site that i am coding in PHP. I think it has come out good.

 

I have used script.aculo.us AJAX framework at some places.

 

It is still not complete. I will add some more features too later. This is the basic thing that i wanted to have.

 

The design is from http://styleshout.com

 

I submitted one tutorial just for testing purposes. Feel free to submit some more if you like.

 

I'm mainly looking for some comments on my PHP coding.

 

 

Thanks,

Link to post
Share on other sites

well that was not that impressive, you havent made the style yourself, and you havent even made the tutorial yourself... your actually just redirecting.. why dont you put up a database and let people actually add their own tutorials... for all i know the site contains only one file except the gfx files.. and that's the index file...

 

IMO: 2/10

Link to post
Share on other sites

Your idea is pretty good. But users don't like it much. Whoever has the ability to write a tutorial, would mostly have their own site. so they wouldn't been submitting it on my site.

 

Check out my other site http://templora.com

 

It is a site with a much wider scope. But there aren't too many tutorials there.

But check out sites like http://good-tutorials.com and http://tutorialized.com

They have lots of tutorials.

 

Thats the reason i chose to be just an index. :)

Link to post
Share on other sites

do you have many friends who know their way around PHP, JavaScript, Photoshop, HTML etc? if so... why dont you try to get together and make your own tutorials?

 

I know from my own experience.. when I come to a index tutorial site I sometimes get confused... hehe... reason for that is i start out on one page and end up on another site...

 

but gotta admit... i like the way sub categories change after what main cat you select...

Link to post
Share on other sites
do you have many friends who know their way around PHP, JavaScript, Photoshop, HTML etc? if so... why dont you try to get together and make your own tutorials?

Hmm... No.

I'm from southern part of India. And not everybody here shows interest in computers. So none of my friends can do. In fact, i have only one friend who can help at times. In this site, he'll help me in submitting more and more tutorials.

 

I know from my own experience.. when I come to a index tutorial site I sometimes get confused... hehe... reason for that is i start out on one page and end up on another site...

Lol...

In CleverTutorials all external links are opened in new window. So you'll not get confused i guess.

Link to post
Share on other sites

Your idea is pretty good. But users don't like it much. Whoever has the ability to write a tutorial, would mostly have their own site. so they wouldn't been submitting it on my site.

 

Therein lies part of your problem. At first glance, I would have no idea that I was going to be redirected to a third-party site. As a visitor, I wouldn't like that much since there is no warning or even credit given to the individual sites the tutorials come from. The layout looks good, but it's not really original. I think that you've done a pretty good job overall, but it's hard to say without seeing the result of my submission ;)

 

I tried to put some different types of things in to see what I could get away with, and I was able to submit some different characters and things that could leave you XSS vulnerable, but I didn't go that far.

Link to post
Share on other sites

forgive me for my stupidity but how on earth can anyone do that?

 

Chat, any page that you go to that has the dynamic element to it is written in some sort of scripting language (such as PHP). The problem is that they are server side, so by the time the page reaches your browser, you can't see anything of it left. Therein lies the difference between server side scripting languages and client side ones (such as javascript). While he's asking for a critique on the site, we can examine how well he handles things in his code without ever actually seeing the code directly.

 

For instance, there is an includes file on his site I located, but if you view the PHP files inside that folder directly, you simply see a blank page: http://clevertutorials.com/includes.

 

Hope this helps the understanding a bit.

Link to post
Share on other sites

i was not aware of this unrestricted includes folder.

 

anyway, i can't seem to access the raw php still. i tried saving the file but my silly library computer is messing me around. can you paste the php code in this thread?

Link to post
Share on other sites

anyway, i can't seem to access the raw php still. i tried saving the file but my silly library computer is messing me around.

 

That's just it. Because it is PHP, you cannot access the raw code through a browser. You would have to have the author share the code with you (like you've asked).

Link to post
Share on other sites
I think that you've done a pretty good job overall, but it's hard to say without seeing the result of my submission Wink

 

I tried to put some different types of things in to see what I could get away with, and I was able to submit some different characters and things that could leave you XSS vulnerable, but I didn't go that far.

Oh ! Thanks for pointing me out.

I thought of cleaning up the text off tags. But then i ignored it because i'll be able to accept or reject tutorials before they show on their site.

 

For eg, i looked at your submission. I deleted it.

 

So do you say that i should strip the Description off tags ?

 

 

Thanks,

Link to post
Share on other sites

For eg, i looked at your submission. I deleted it.

 

So do you say that i should strip the Description off tags ?

 

It's totally up to you, but here's the thing: if the javascript I entered into the description actually showed a popup when you reviewed my submission, if I were mean, I could have taken that to the next level and used the javascript that would run to send your PHPSESSID to myself. If I have that, I could have then used your cookie to log in as you (hypothetically). While I'm oversimplifying things for the sake of argument here, the threat is very real. Any time you have client script running that you did not right (especially in an admin panel), it can be very dangerous.

Link to post
Share on other sites

For eg, i looked at your submission. I deleted it.

 

So do you say that i should strip the Description off tags ?

 

It's totally up to you, but here's the thing: if the javascript I entered into the description actually showed a popup when you reviewed my submission, if I were mean, I could have taken that to the next level and used the javascript that would run to send your PHPSESSID to myself. If I have that, I could have then used your cookie to log in as you (hypothetically). While I'm oversimplifying things for the sake of argument here, the threat is very real. Any time you have client script running that you did not right (especially in an admin panel), it can be very dangerous.

 

Very True.

So, will it be okay if use the following code before submitting information into the database,

$description = strip_tags($description);

 

 

Link to post
Share on other sites

Very True.

So, will it be okay if use the following code before submitting information into the database,

$description = strip_tags($description);

 

Yes, however, you may wish to give your submitters some limited HTML to spice up the descriptions. If so, just use the optional second parameter with strip_tags():

<?php
$description = strip_tags($description, "b i u strong em");
?>

 

Good luck!

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.