lushnews - Php News System

[lszanto]

Yep, as some people know I've been working on this for quite a while and its finally completed enough to go online, I still have to make a few changes for themes and stuff but here it is for now.

 

Click on the links for screen shots.

Main System Page

Add News Page

Stylesheet Page

 

Actual system:

http://lszanto.hosttds.com/lushnews.zip

 

Errors since this has gone up:

-Editing users.

 

I would love it if some people just downloaded it and tried to see how it goes and if you do please leave some feedback.

[redbullmarky]

have you got a test installation of it actually running?

[lszanto]

Yes but last time I let people in they just changed passwords and screwed it up for everybody.

[john010117]

Then let them register themselves.

[lszanto]

Ok a demo is up now, http://www.lszanto.hosttds.com/lushdemo and the username is demo and password is lushdemo. Feel free to add news, edit news, comment and delete stuff.

[gabeg]

Lots of errors if I change the theme path to something random

http://www.lszanto.hosttds.com/lushdemo/view_news.php

 

Maybe add some sort of check to make sure the theme path is pointing to a valid directory?

[lszanto]

Haven't really thought of that but its a good idea, I'll add some functions to check for that and also some chmod checks.

[jellis]

Instead of passing $_POST variables around the place, can you implement a $_SESSION with the required data, or even use $_GET variables?

 

I don't know what the variable was used for, but going from the pages back to the index of the login area advised me that I was submitting $_POST data again.

 

It's just annoying.

[lszanto]

I've now added a function to check for the text.css file in the theme and it also checks if it is writable, I'm working on the var sending now.

[lszanto]

Ok the vars should be fixed now, I have a separate home page and login page.

[ShogunWarrior]

LOTS OF EDITS ADDED!

 

Firstly, I was very surprised by the screenshots because they actually look nice.

 

Here's a few things I noticed:

• On install page "undefined index step"
  
• On most pages there is a warning "undefined index action"
  
• Adding comments wasnt working. It said comment added, but didnt appear. (Refreshed etc)
  
• All passwords such be stored as MD5 or SHA-1 hashes of the plaintext password.
  
• I'd store the news date as a DATETIME or INT timestamp so you can sort by date and more.
  
• I'd store a date for each comment aswell.
  

 

I think the undefined index problems are simply due to you checking $_POST or $_GET without knowing if those indexes are available. I'd just add some intermediate functions like get_action() or check if those indexes are empty. (Depening on your error reporting level you may not see those warnings) I usually recommend E_ALL to have the most valid code.

 

I like the layout, it's a good start. A "light" coloured version might be a good idea, it seems a bit dark after a while.

Adding more features etc. would be great and generally refining the code a bit and checking for security holes/possible errors etc.

[lszanto]

I'm working on the new passwords at the moment but unless ajax is disabled you should be able to add the comments and as you can see on the demo they are working. I'm thinking you have the downloaded version as that is not as up to date as the demo, do you? And also comments are stored with dates.

[gabeg]

You should check for duplicate postings. If I keep clicking the add news submit button, eve if it says added news, it continues to add to the database.

[ShogunWarrior]

gabeg has a good idea there. A solid way to do it is to insert a hidden field like <input type="hidden" name="payload" value="48388293" /> and the value could be the current time in miliseconds

I'm working on the new passwords at the moment but unless ajax is disabled you should be able to add the comments and as you can see on the demo they are working. I'm thinking you have the downloaded version as that is not as up to date as the demo, do you? And also comments are stored with dates.

 

You should probably update the downloaded version so, or remove it. Otherwise mine, and others' comments are a bit redundant.

[lszanto]

Sorry, the .zip is updated now so you shouldn't get most of those errors but I was thinking about limiting duplicate posts but I was just thinking what if for some stupid reason somebody wanted to post something twice or even three times and if you accidentally posted something twice its not hard to delete.

[gabeg]

Sorry, the .zip is updated now so you shouldn't get most of those errors but I was thinking about limiting duplicate posts but I was just thinking what if for some stupid reason somebody wanted to post something twice or even three times and if you accidentally posted something twice its not hard to delete.

Limit the duplicate post to 10 seconds, if someone posts it twice in 10 seconds give an error, or ask them to confirm that they want to post it again. In most cases, it'll be an accident.

[lszanto]

Ohok I understand now, I'll try and add that next time I'm working on it.