My first web site
ok so I started to work on my first web site. Having done this for quite a short period of time, and doing php just couple of days, it wasn't that easy… :) The css isn't fully mine (consulted a book and couple of web pages), but I'm constantly re-defining it and trying to make it 'mine':)
I still have to finish quite a few things, styles for forms and guestbook, there will be right column for the blog page, home page needs a little work, and the corners of the head image have little different colour then background. And lastly search, which probably will be the biggest struggle.
Also later on, I'd like to add 'anti-spam' feature for the guestbook, so you would have to wait after like 2-3 posts say 30 minutes(settin $_SESSION['post'] and then just adding for each post), just can't work out how to manage the session, so it expires after the defined time…
I tried to keep it simple, layout is typical bloggy thing, and there's just one image used.
I would appreciate any criticism regarding to design, and of course go nuts testing the security:) Also the admin username and pass are hardcoded, so don't bother with injections :) If anybody was willing to check my source, since my php skills aren't the greatest (started to learn 3 days ago:)), to just sort of point out the biggest mistakes, which concepts are wrong etc, I'd really appreciate it. So just gimme shout and I can send it to you…
Anyway now I'm gonna stop babbling, and here you go ;)
http://clone.100webspace.net/slaw/index.php
EDIT:Totally forgot, despite having 'valid XHTML' image:), there are couple of html errors in the essay page, that I can't get rid of without messing up the layout, so if you could have a look at that:)
I took a quick look on the website…
First of all, fix the php code in the guest book! If I try the null byte as an input or try to inject JavaScript, it redirects me to http://localhost/slaw/index.php?page=guest
Don't put a link for the admin section…
Host on freehostia.com , it is good and banner free…
The design needs some enhancements… Try to make your page wider…
moshbat wrote: That is … Awful.
C'mon I know it's not exactly a 'winner' I am able of self criticism, but what I'm looking for isn't 'wow your site is great' or 'it sucks', but rather where I went wrong, and what exactly is awful:)
Shit, n1 forgot about that
system_meltdown wrote: Should add this:
<script type="text/javascript"> void(document.getElementsByTagName("div")[0].style.display="none"); </script>
Ok thanks for that
454447415244 wrote: I took a quick look on the website…
First of all, fix the php code in the guest book! If I try the null byte as an input or try to inject JavaScript, it redirects me to http://localhost/slaw/index.php?page=guest
Don't put a link for the admin section…
Host on freehostia.com , it is good and banner free…
The design needs some enhancements… Try to make your page wider…
Well especially the js validation sucks, since even if it returns check false, it still processes it to the post.php :( The admin link was there just teporarily, so I can move little faster, doesn't make that much different, since the folder is called /admin/ (gonna change it later:))
Thanks for the web hosting tip.
And the 'desing' :) is done on 10inch lappy, so I didn't exactly have the right measures
So far so good, any suggestions, I think I might change the colour scheme to something little more 'live', like blueish combination…
moshbat wrote: Design. Awful. Able to view files within a directory. Awful.
Well no comment on the first one, ain't gonna argue or defend, it's not great, but I consider it 'not all bad' for a first attempt :) For the latter though, I should restrict this by .htaccess, since if I just change rights, the scripts won't be able to read the files either right?
clone4 wrote: Also later on, I'd like to add 'anti-spam' feature for the guestbook, so you would have to wait after like 2-3 posts say 30 minutes(settin $_SESSION['post'] and then just adding for each post), just can't work out how to manage the session, so it expires after the defined time…
Using sessions for an anti-spam feature wouldn't be too great, as session cookies can just be cleared, so it wouldn't be ultra-effective.
system_meltdown wrote: [quote]clone4 wrote: Also later on, I'd like to add 'anti-spam' feature for the guestbook, so you would have to wait after like 2-3 posts say 30 minutes(settin $_SESSION['post'] and then just adding for each post), just can't work out how to manage the session, so it expires after the defined time…
Using sessions for an anti-spam feature wouldn't be too great, as session cookies can just be cleared, so it wouldn't be ultra-effective.[/quote]
Well then I can only think of something ip based, but for that you have proxy… Any alternatives ?
@mosh: thx, done that :)
moshbat wrote: I would simply use IP-database… As for proxies, how many are you willing to go through to post a load of spam? I mean, to make another post, you have to change to another proxy… Even with a script it's a pain in the arse. Anyway, you could just use a feature that would disable any further posts for… say, 30 seconds after something has been posted.
Not a bad idea, but still this isn't issue right now, I'm brushing up my PS skills and trying to refine the layout a little, get little better graphics there and get interesting colour scheme that's the issue :) I'm gonna leave the site on for now, because I work with the local version, and as soon as I will get some significant improvement, I will change it on the domain
moshbat wrote: Design. Awful. Able to view files within a directory. Awful.
I agree, but since you're not being in the slightest bit constructive about it perhaps we could see your portfolio of web design? And to think, I thought admins were here to be helpful, not to sit on their throne and just talk about how awful everyone's work is.
With that said, yeah you need to work on your design skills. What software do you use to design it? I know a lot of people will tell you that you shouldn't use programs like dreamweaver, but they can be excellent for at least doing a layout, and can give you much more capabilities than you could with notepad, and it cuts down on time very heavily. I'd recommend you download dreamweaver and start looking up tutorials; I'd be more than happy to help you with it.
Ok rehosted http://clone4.freehostia.com/
couldn't be arsed for now to upload the whole thing, so only index is there, since I've changed only the design. I started to brush up on my long time unused PS skills and tried to fashion something, nothing too 'final' but sort of first draft of header and footer(btw tutorial helped:)).
Oh and I know, little too blue :)
edit:almost forgot something again, I made the images quite big(because of unused resolution there), so they load a while, but don't worry learned from that mistake, and now making them smaller :)
slpctrl wrote: With that said, yeah you need to work on your design skills. What software do you use to design it? I know a lot of people will tell you that you shouldn't use programs like dreamweaver, but they can be excellent for at least doing a layout, and can give you much more capabilities than you could with notepad, and it cuts down on time very heavily. I'd recommend you download dreamweaver and start looking up tutorials; I'd be more than happy to help you with it.
Thanks, I will try to give it another shot and we will see, the first design was just rushed thing, 5 minutes in ps and done, I was just really happy to finally have my own design. So now I can focus on the quality. and DW produces really shit code, alrady worked with it before. I will hit you up though, in case I needed any help, if you don't mind
moshbat wrote: By the way: I did "design" pen 2 to look shit. Gives the impression of… A skiddie, methinks.
:D:D:D
anyway again update, I played around with font sizes, positions, familiies etc, and still playing, now looking into table formating for the guestbook. Also I was trying to update with the guestbook, so it would show only number of posts in several pages, but no success so far. Also not sure about the main patter, I tried different shadings styles etc., but this one looks the best so far. I would also like to add some images to make more alive.
shit and mysql yet to be configured:)
slpctrl wrote: I agree, but since you're not being in the slightest bit constructive about it perhaps we could see your portfolio of web design? And to think, I thought admins were here to be helpful, not to sit on their throne and just talk about how awful everyone's work is.
Exactly. You make me sick.
Yea define, who the hell are you to speak up? You only have one post and are obviously not qualified to have an opinion. Admins are always right in what they do and say and to defy them is a crime…
Seriously, though, mosh, I gotta agree with slp and define on this one. I didn't say anything originally because you did turn around and help him out, but criticism is only helpful if it proves something. 'Fuck you's and 'You suck's might make a point, but they don't help improve anything, do they? (no)
clone4's site may have been atrocious, but it was his first try and he's obviously working on it. I must say that it has improved since his first post and that some of it had to do with your help. I doubt he would have noticed the holes that you did and some idiot would have exploited it. Everyone overlooks something and needs an outsider's opinion. If they're scared to ask for it, then who really wins?
Firstly I'd say to anybody who is flaming mosh for his 'harsh' criticism to gtfo. He may have been lacking some specifics at the beginning, but that single first post helped me to get back to earth and realize, that well the desing was bloody awful, and made me to do something with it. Secondly as said previously he helped to fix some security issues I would most likely would've overlooked until the very finish of the website, so basically so far he has been the most useful person in this thread.
on topic: thanks mosh I cleaned the pattern myself, trying to soften the seams, and also toned it down a little, so it's more readable with the white font. Besides that, soon I should be finally finishing guestbook, and after that I can start to add further functions etc. (changes including the new background NOT uploaded yet);)
also thanks to everybody who actually brought something useful to this thread…
Really clone? Really? What helped you more:
That is … Awful. or when he actually went through and gave you real advice? Wouldn't it have been easier if he just told you what was wrong with the layout without you having to ask for it a second time? Anyway, I've got nothing against mosh. As a matter of fact, most of what he does entertains me. I just hate to see a thread go to waste because of mindless retorts.
That being said, I have to admit that the background image still makes my eyes bleed. It's too… bright and color change-y. I'm more of a fan of solid, darker colors. Using a site with a bright colors as the background is like staring at a lightbulb and I hate staring at lightbulbs. I'd also suggest making the links to the different areas of the site smaller because the guestbook one goes off the image.
Futility wrote: Really clone? Really? What helped you more: [quote]That is … Awful. or when he actually went through and gave you real advice? Wouldn't it have been easier if he just told you what was wrong with the layout without you having to ask for it a second time? Anyway, I've got nothing against mosh. As a matter of fact, most of what he does entertains me. I just hate to see a thread go to waste because of mindless retorts. [/quote]
Nope, what I meant that that helped me to get real, and realize how much it really sucks. And as you can see, there isn't much left from the original design…
That being said, I have to admit that the background image still makes my eyes bleed. It's too… bright and color change-y. I'm more of a fan of solid, darker colors. Using a site with a bright colors as the background is like staring at a lightbulb and I hate staring at lightbulbs. I'd also suggest making the links to the different areas of the site smaller because the guestbook one goes off the image.
:D ok toned down a little more and blurred, for me it's now quite comfortable to read the text. What browsers are you using, because that is one of the biggest issues, it's about cross-browser as my ass, so far tried only mozilla and chrome, and that worked (too scared to open it up in IE). Fixed unsorted lists and couple of little bugs in styles, and added (very very) rough idea how the guestbook could look like ;)
ok just a quick update, the general draft is coming to a finish, almost all the dynamic content is coded. Now I'm able to add/edit/remove blog entries, as well as delete guestbook entries. I also coded very simple search, for now only going through the essays database and spitting out the links that contain searched term, gonna extend it on blog later on, as well as sorting result by relevancy (oh and also added funky highlighting of the searched term) the whole thing is still buggy though and isn't really ready for implementation :) I moved a little with the guestbook design, but it still needs some(read a lot of) work.
Ok so check it out here: http://clone4.freehostia.com/slaw/ Still appreciate any suggestions, opinions and of course pen testing, because I haven't had energy for that and I'm still picking up coding in php :) If anybody wants to test out the admin functions just give me a pm, and I will send you user/pass (would've posted it here, but want to avoid some troll/retard to take it and mess things up)
454447415244 wrote: Use javascript and php to limit the characters allowed on the guest book for the name and for the text, it is creating an error after posting and also defacing the page look… Also, break the text input into lines with carriage returns…
I think there is limit in php for the textarea, but no error, and so far only checks for presence of both fields are in place. Thank for mentioning the other things, had them on my to do list, but somewhere at the very vey deep bottom :) Also I was thinking about it and there might be couple of null byte and even sql injections in the new functions, but I'm really tired, so going to fix it tmrow.
edit:just limited the number of chars, I know it still spits out error message about the header, but I have to redo whole block of coditionals for that…
Also fix this: http://clone4.freehostia.com/slaw/index.php?page=blog&date=/
I most often hate to be harsh, but the colors doesn't go well together att_all. Like the skyblue middle part to the grey background? It would be better of with a white background.
Also, in the guesbook, try adding a ORDER BY id DESC to the Guesbook query, that way the newest post makes it to the top.
Besides that, good site (Y)
Edit: Also fix search function, only thing i managed to do so far is generate errors with a wildcard and get three essays with a ^.
Although, besides from this i must say it's pretty neat for a first website!