Jump to content

First Forum...

phpSensei

By phpSensei
in Beta Test Your Stuff!

 Share

Recommended Posts

phpSensei Advanced Member

phpSensei

Posted
Posted

My forum isnt really finished but I would like to get some opinion of how it is so far. I would appreciate if you see some security holes?

 

http://obb.awardspace.com/index.php

 

NOTE: If the connection does not work, just click backspace until you see the index page, then refresh. THE SITE HOSTING SERVICE SUCKS!

Link to comment
https://forums.phpfreaks.com/topic/67165-first-forum/
Share on other sites
lightningstrike Newbie

lightningstrike

Posted
Posted

It's quite well designed. However it has very limited functionality.

 

Also when posting a message with the text

 

' OR it became \' OR (escaped) which should not be shown the user. Rather then escaping the message use

htmlentities($text,ENT_QUOTES); which will encode quotes rather then escape them.

 

I also don't believe that you have made a flood defense feature, although the web host is too slow to test that out.

 

Also at the bottom of every post near the icons i see text "dd232323" perhaps remove that  ;)

 

After posting a new topic it says refreshing and takes you to a page on local host which we clearly can't access.

 

That's about as much I've checked out so far.

Link to comment
https://forums.phpfreaks.com/topic/67165-first-forum/#findComment-336897
Share on other sites
phpSensei Advanced Member

phpSensei

Posted
  • Author
Posted

oh forgot that, I was going to fix that htmlentities thing awhile go, but forgot.

 

I also havent made a flood system at all, I will create a cookie for the last topic made by the user, then if 30 seconds havnt passed, he cant post a new topic....etc

 

ONE MORE THING! which random text after every post do you speak of? I can't seem them! Maybe you can print screen it or something....

 

 

 

THANKYOU btw.

Link to comment
https://forums.phpfreaks.com/topic/67165-first-forum/#findComment-336904
Share on other sites
lightningstrike Newbie

lightningstrike

Posted
Posted

I would personally recommend a database IP specific timed ban for flood limits but that's up to you.

 

I believe the random text I am seeing is actually a bunch of images ALT tags.

 

images/spacer.gif is not loading for me so I see it's text tag instead.

 

 

Link to comment
https://forums.phpfreaks.com/topic/67165-first-forum/#findComment-336910
Share on other sites
tommyboy123x Member

tommyboy123x

Posted
Posted

some more stylistic / usage comments:

 

- Top Posters: none
- Most Popular Member: none

 

doesnt really seem necessary on the home page.  I could see where it would be a good idea and i like the originality, but i feel this would be better suited on the members page.

 

 

http://obb.awardspace.com/index.php?page=viewtopic&forum=2&topic=5

 

notice the DD2323WHATEVER next to the buttons... nuff said

 

 

no bw filter, you have a literal "<" displayed in place of the <, same for greater than, quote, amp, and your forgetting to strip the slashes.  It seems your storing the information safely but not displaying it nicely.

 

 

Also to post a topic it was painful... and you used GET variables meaning it would easily be able to make random spam topics with a bot or something.

 

 

overall I'd be very proud of that if i were you.  Its a great accomplishment, if you will, to create a forum.

Link to comment
https://forums.phpfreaks.com/topic/67165-first-forum/#findComment-337022
Share on other sites
php_tom Newbie

php_tom

Posted
Posted

Whoa... I just replied to a post and got this:

 

Warning: mysql_real_escape_string(): Access denied for user 'ndowlat'@'82.197.131.25' (using password: NO) in /home/www/obb.awardspace.com/index.php on line 70

 

Warning: mysql_real_escape_string(): A link to the server could not be established in /home/www/obb.awardspace.com/index.php on line 70

 

Warning: mysql_real_escape_string(): Access denied for user 'ndowlat'@'82.197.131.25' (using password: NO) in /home/www/obb.awardspace.com/index.php on line 71

 

Warning: mysql_real_escape_string(): A link to the server could not be established in /home/www/obb.awardspace.com/index.php on line 71

 

Warning: mysql_real_escape_string(): Access denied for user 'ndowlat'@'82.197.131.25' (using password: NO) in /home/www/obb.awardspace.com/index.php on line 106

 

Warning: mysql_real_escape_string(): A link to the server could not be established in /home/www/obb.awardspace.com/index.php on line 106

 

Warning: mysql_real_escape_string(): Access denied for user 'ndowlat'@'82.197.131.25' (using password: NO) in /home/www/obb.awardspace.com/index.php on line 107

 

Warning: mysql_real_escape_string(): A link to the server could not be established in /home/www/obb.awardspace.com/index.php on line 107

 

Warning: mysql_query(): Access denied for user 'ndowlat'@'82.197.131.25' (using password: NO) in /home/www/obb.awardspace.com/index.php on line 111

 

Warning: mysql_query(): A link to the server could not be established in /home/www/obb.awardspace.com/index.php on line 111

 

Warning: mysql_query(): Access denied for user 'ndowlat'@'82.197.131.25' (using password: NO) in /home/www/obb.awardspace.com/index.php on line 113

 

Warning: mysql_query(): A link to the server could not be established in /home/www/obb.awardspace.com/index.php on line 113

 

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/www/obb.awardspace.com/index.php on line 113

 

Warning: mysql_query(): Access denied for user 'ndowlat'@'82.197.131.25' (using password: NO) in /home/www/obb.awardspace.com/index.php on line 117

 

Warning: mysql_query(): A link to the server could not be established in /home/www/obb.awardspace.com/index.php on line 117

 

Warning: mysql_query(): Access denied for user 'ndowlat'@'82.197.131.25' (using password: NO) in /home/www/obb.awardspace.com/index.php on line 118

 

Warning: mysql_query(): A link to the server could not be established in /home/www/obb.awardspace.com/index.php on line 118

 

Warning: mysql_query(): Access denied for user 'ndowlat'@'82.197.131.25' (using password: NO) in /home/www/obb.awardspace.com/index.php on line 120

 

Warning: mysql_query(): A link to the server could not be established in /home/www/obb.awardspace.com/index.php on line 120

 

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/www/obb.awardspace.com/index.php on line 121

 

Warning: mysql_query(): Access denied for user 'ndowlat'@'82.197.131.25' (using password: NO) in /home/www/obb.awardspace.com/index.php on line 123

 

Warning: mysql_query(): A link to the server could not be established in /home/www/obb.awardspace.com/index.php on line 123

 

You might want to fix it!

Link to comment
https://forums.phpfreaks.com/topic/67165-first-forum/#findComment-337277
Share on other sites
AbydosGater Advanced Member

AbydosGater

Posted
Posted

Dont know if this is a coding error or something that someone did but...

 

http://obb.awardspace.com/index.php?page=viewtopic&forum=2&topic=4

 

Mysql_fetch_array errors.

 

Andy

 

Btw: Nice work i really like it. Alot more work to be done but keep it up!

Link to comment
https://forums.phpfreaks.com/topic/67165-first-forum/#findComment-337661
Share on other sites
source Newbie

source

Posted
Posted

same old same old:

 

http://obb.awardspace.com/index.php?page=viewforum&forum=%22%3E%3Cmarquee%3Elolz

 

http://obb.awardspace.com/index.php?page=viewforum&forum=2&row=-1

 

http://obb.awardspace.com/index.php?page=newreply&forum=2&topic=%22%3E%3Cmarquee%3Elolz

 

http://obb.awardspace.com/index.php?page=viewforum&forum=2&sort='

 

 

Link to comment
https://forums.phpfreaks.com/topic/67165-first-forum/#findComment-337681
Share on other sites
phpSensei Advanced Member

phpSensei

Posted
  • Author
Posted

 

oh don't worry, I have a list of things not done yet, but you name some of them...

 

alot of the things are vulnerable...

Link to comment
https://forums.phpfreaks.com/topic/67165-first-forum/#findComment-337698
Share on other sites
phpSensei Advanced Member

phpSensei

Posted
  • Author
Posted

 

k, I forgot to validate the forum variable to is_numeric...

Link to comment
https://forums.phpfreaks.com/topic/67165-first-forum/#findComment-337699
Share on other sites
  • 2 weeks later...
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.