Free Dating Site

[Accurax]

Ok, I've been pestering you all around these forums over the last few months.... and i have learned an enormous amount from you all... thank you so much for that.

 

An now V1.0 of my site is finished ... Its a totally free dating site coded in php and mysql, and im looking for feedback in the following area's.

 

• Usability
  
• Functionality and missing functionality
  
• Missing features
  
• Security
  
• Design and style
  

 

Any and all help with this will be rewarded with magic sausages for all concerned.

 

The url is :: www.uklovebug.co.uk

 

Thanks 

 

Accurax

 

 

[agentsteal]

Cross Site Scripting:

There is Cross Site Scripting if the Expect header contains code.

 

Cross Site Scripting:

There is Cross Site Scripting if your username contains code.

 

Drop Down Menu:

If you edit the drop down menu on http://www.uklovebug.co.uk/rate_me.php you can submit arbitrary values.

 

User Enumeration:

http://www.uklovebug.co.uk/~root

[legohead6]

on the rate me page the rating goes off the page, make it stay in your mean colum..

[Accurax]

Fantastic... just the sort of feedback i need... i'll get that fixed on monday morning, thanks gusy  =)

 

Anyonefound anything else?

[Accurax]

When you register, it doesn't filter tags. I registered as <marquee> and multiple pages are moving.

 

Yes i should strip tags for registration, i forgot about that.

 

What do you mean by "multiple pages are moving" ?... im not sure i understand..

 

 

[redbullmarky]

can you provide a test account username/password for those of us that are happy to test but not register...

[Accurax]

test account is : jono_man and password : jono

 

Anyone who does want to test the registration scripts etc, feel free to register and if u post here with your username i shall remove your email address from the database

[V34]

Hey, I was messing around on your site, hopefully to find some bugs.

Hope it's OK with you.

 

I found 3 bugs.

It's not really something, just visible error messages.

 

http://www.uklovebug.co.uk/search/view_profile.php If you havn't set user_name an error message occur.

http://www.uklovebug.co.uk/communication/outbox.php Same here

If you try to upload a defect image, an error message occur.

[Accurax]

no i dont mind at all V34, in fact i'm very gratefull.

 

Id appreciate it if some people could look into the "invitation" system and see if they can hack it and report back, this script basically increases your maximimum allowed messages for every person you invite, thus hopefully creating backlinks and new members... i really need this to be secure, so any security holes you find will be greatly appreciated.

 

Also... with the rating system.... would i be able to fix the offline hack by passing the path into a database and checking that it is = ../rating/rateupdate ... and not http://www.uklovebug.co.uk/rateings/rateupdate  etc etc ?

 

I just did a little checking, and it looks as though, even thoguh you can "fix" the ratings by running the script from your local machine, you cant get your image to appear as "top rated" by doing so ?... not sure how I managed to acheive this, i dont have my script handy and its a while since i wrote it, but im pretty certain i didnt do it on purpose...... very odd

[policosmos]

Big time CSS problems in IE6.  The main body div (from the looks of it) seems to get squeezed out of its proper float position.