Jump to content

Help Testing Music Site

Ions

By Ions
in Beta Test Your Stuff!

 Share

Recommended Posts

Ions Newbie

Ions

Posted
Posted

Hey!

 

I'm making a site that allows musicians to network/share media etc. It's not finished yet, but any help testing it at this point would be greatly appreciated. The site is located at:

 

http://meetlikemusicians.com

 

The username and password for the domain are:

 

Username: test

Password: test

 

Thanks in advance for any and all help in testing.

 

- Ions

Link to comment
https://forums.phpfreaks.com/topic/94144-help-testing-music-site/
Share on other sites
Ions Newbie

Ions

Posted
  • Author
Posted

Hello!

 

Thanks for the help people! I've made some modifications and am ready for anyone willing to do some more testing. Again the info is as follows:

 

http://meetlikemusicians.com

 

The username and password for the domain are:

 

Username: test

Password: test

 

Thanks again,

 

- Ions

MikeL Newbie

MikeL

Posted
Posted

Its pretty fancy i think... oh no.. I'm gonna say it... ok... i'm sorry i'm saying this. I live in the US and I know that most places don't do this, but I also know that most americans are idiots. The date thing. americans do it month day year. which is retarded... but we do. same with inches and feet. stupid. but i would say that maybe you should change the months to names instead of numbers... it would clear up some idiot-ness. its a sad fact but UI is all about the lowest common denominator.

 

the site is really cool though. email me when it goes live, or if you need testers. i'm down.

Ions Newbie

Ions

Posted
  • Author
Posted

Its pretty fancy i think... oh no.. I'm gonna say it... ok... i'm sorry i'm saying this. I live in the US and I know that most places don't do this, but I also know that most americans are idiots. The date thing. americans do it month day year. which is retarded... but we do. same with inches and feet. stupid. but i would say that maybe you should change the months to names instead of numbers... it would clear up some idiot-ness. its a sad fact but UI is all about the lowest common denominator.

 

the site is really cool though. email me when it goes live, or if you need testers. i'm down.

 

Thanks for the suggestion. I'll make the adjustment. As for testing, feel free to register and test the functions in the members area etc. That goes for anyone interested. I'd appreciate any testing anyone is willing to do. -  :)

Ions Newbie

Ions

Posted
  • Author
Posted

Cross Site scripting (XSS):

You can submit ">code when registering still.

 

I'm not sure what you mean. I saw that Javascript was inserted but all of the tags were stripped out, which means that XSS will not work. Worst case scenario is that I may have "> characters in a profile. Am I missing something?

Coreye Member

Coreye

Posted
Posted

Cross Site scripting (XSS):

You can submit ">code when registering still.

 

I'm not sure what you mean. I saw that Javascript was inserted but all of the tags were stripped out, which means that XSS will not work. Worst case scenario is that I may have "> characters in a profile. Am I missing something?

 

Register and put ' "><marquee><h1>Corey ' into the fields. Don't fill in your birth date so it errors. The code will execute on your page.

deadonarrival Member

deadonarrival

Posted
Posted

Looks nice -> I've had a poke around and can't see any obvious errors. No good at testing for xss etc.

 

Some basic useability ideas

1) Make the date of birth the other way up. You'll get more teenagers on your site then oaps, better to have it go 2008-1900 then 1900-2008

2) Make the user enter a country first, then populate the "state" box for some of the most common countries, if the country doesnt have a set list of states, have the text box.

 

Your captcha on register script won't stop very many bots. I'd think of changing that.

 

- Your first name must consist of letters only.

What about Anne-Marie

Marie Rose

Even !xobile (yes, an actual name - african origin I think)

- Your last name must consist of letters only.

How about poor Irish Patrick O'Donnel?

Ions Newbie

Ions

Posted
  • Author
Posted

Looks nice -> I've had a poke around and can't see any obvious errors. No good at testing for xss etc.

 

Some basic useability ideas

1) Make the date of birth the other way up. You'll get more teenagers on your site then oaps, better to have it go 2008-1900 then 1900-2008

2) Make the user enter a country first, then populate the "state" box for some of the most common countries, if the country doesnt have a set list of states, have the text box.

 

Your captcha on register script won't stop very many bots. I'd think of changing that.

 

- Your first name must consist of letters only.

What about Anne-Marie

Marie Rose

Even !xobile (yes, an actual name - african origin I think)

- Your last name must consist of letters only.

How about poor Irish Patrick O'Donnel?

 

Thanks DOA! - :)

 

1. I'll be changing the order of the birth year.

2. I'm actually in the process of changing the location information so that it will auto-populate as you suggested.

3. I'll take a look at the captcha image and make it a little trickier. -  ;)

4. Good suggestions with regard to the first and last names, however I'm going to remove those fields from the registration form altogether.

 

Thanks again!

 

- Ions

 

deadonarrival Member

deadonarrival

Posted
Posted

4. Good suggestions with regard to the first and last names, however I'm going to remove those fields from the registration form altogether.

 

Fair enough.

Out of interest, why do you need a zip/postal code?

 

As you probably noticed (and hence why you're removing the need for the user's name) - too many registration forms require information the site doesn't ever actually use. I can see why you might want their country and state/city - to let artists network, but you're unlikely to have to mail them anything, and you don't take the rest of their address anyway.

 

Also, do you really NEED their gender? I can't see anywhere you split people by male/female, and I'm sure people can tell from the name "Hayley" or "Roger" what sex the artist is.

Ions Newbie

Ions

Posted
  • Author
Posted

Yeah, I don't see any need for first/last names at this point.

 

I need the zip/postal code for the proximity search that exists in the members area (soon to exist in the public area). Also, the location info is used for maps/distance calculations on the 'comparison' box in the members area profiles.

 

As for the gender issue - it's just for my own info.

 

 

Ions Newbie

Ions

Posted
  • Author
Posted

FIXED:

 

Cross Site scripting (XSS):

You can submit ">code when registering still.

 

I'm not sure what you mean. I saw that Javascript was inserted but all of the tags were stripped out, which means that XSS will not work. Worst case scenario is that I may have "> characters in a profile. Am I missing something?

 

Register and put ' "><marquee><h1>Corey ' into the fields. Don't fill in your birth date so it errors. The code will execute on your page.

  • 3 months later...
darkfreaks Advanced Member

darkfreaks

Posted
Posted

Password type input with autocomplete

 

The impact of this vulnerability

Possible sensitive information disclosure

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications.

To disable autocomplete, you may use a code similar to:

<INPUT TYPE="password" AUTOCOMPLETE="off">

 

Vulnerability description

It seemes that user credentials are sent to / in clear text.

This vulnerability affects /.

The impact of this vulnerability

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection

How to fix this vulnerability

Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection.

 

 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.