BreakingLight Posted February 16, 2011 Posted February 16, 2011 Well this is kind of a social networking feature inspired by facebooks wall. Its pretty simple just something where users can post and comment nothing special just gives them something else to do and its pretty fun. Still working on adding a few things to it ill update it as i add stuff. Hope you enjoy! SQL: You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. thewall.php You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Updated with some security :) Quote
Djkanna Posted February 16, 2011 Posted February 16, 2011 I've literally just had to do something like this. XD What about the liking of wall posts? :P Quote
SilvaTungDevil Posted February 16, 2011 Posted February 16, 2011 Good Mod but unfortunately you need to do a bit more work to it, the security is non existant. Secure your $_POST and $_GET variables. You are allowing a lot of room for the potential hacker to exploit your site but its a good start, well done Quote
BreakingLight Posted February 16, 2011 Author Posted February 16, 2011 Yes security was next step lol and Dj my girlfriend said not to add that cause it was gay >.> i had to stay on good terms. Quote
Equinox Posted February 16, 2011 Posted February 16, 2011 Yes security was next step lol and Dj my girlfriend said not to add that cause it was gay >.> i had to stay on good terms. There are no girls on the Internet. Now you must do one of two things 1) Cover your ears and close your eyes and repeat; "You're a figment of my imagination" until she eventually leaves 2) Tell her than when she learns to code, her input may become of some meaning to you. You can thank me later Quote
rulerofzu Posted February 16, 2011 Posted February 16, 2011 Yes security was next step lol and Dj my girlfriend said not to add that cause it was gay >.> i had to stay on good terms. There are no girls on the Internet. Now you must do one of two things 1) Cover your ears and close your eyes and repeat; "You're a figment of my imagination" until she eventually leaves 2) Tell her than when she learns to code, her input may become of some meaning to you. You can thank me later Tut tut EQ I expected more from you... 3) Go bring me a beer(soft drink for those underaged). 8o Quote
Danny696 Posted February 16, 2011 Posted February 16, 2011 Girl, Girlfriend, whats that then :S Anyway, why would security be, well, as you put it "Gay Quote
Equinox Posted February 16, 2011 Posted February 16, 2011 I didn't wanna go too far, otherwise someone would of started to cry and the whole thread would of been deleted :( Nice idea, btw. But yeah, I'd definitely look into securing and optimising, and the ability to "like" as said by Mr.Kanna Quote
Diesl Posted February 16, 2011 Posted February 16, 2011 Yes security was next step lol and Dj my girlfriend said not to add that cause it was gay >.> i had to stay on good terms. If you're going to release a mod, it would be better if you released it with all the necessary elements that make it a good quality mod. - basic security (users may have their own security functions but you don't sanitize inputs at all) - filtering (you're not checking for unwanted/empty input) - optimizing your queries - grammar check? (line 105 and 161 for example) - time of wall post/comment post? - closing all of your <tr> tags The idea itself is good, but could be done better if you spent more time and care with it. Also, you may want to look into giving the user privacy options. It's a big deal with social media platforms like facebook, I'm sure that sometime down the road, you would face it with this mod. Quote
Maniak Posted February 17, 2011 Posted February 17, 2011 I was thinking of basing my Announcements around the Facebook style Wall Post System.. But I do have a question; why not secure it as you code it.. I.e. when you do your queries add the mres and strip_tags() at the same time; it'll save you a lot more time as you won't have to go back and do it... BTW: mres and stript_tags() have been used as an example and you should use the best form of Security for the $_POST/$_GET.. Quote
BreakingLight Posted February 17, 2011 Author Posted February 17, 2011 Added security. And i didnt say security was gay Danny i said the like was according to her ;). I had to be on the good side it was valentines day. Anyways Updated it and added htmlentities for the Post and intval for the GET simple. So wala. Take it or leave it its free >.> Quote
SlimyStud Posted February 17, 2011 Posted February 17, 2011 Still vulnerable. Invalid HTML, terrible PHP & inefficient SQL. All signs of a bad modification yet you sell modifications that are most likely at this same standard ... wow. Anyway, thank you for releasing this mod to the community even if it could damage a few games. =) Quote
Zan Posted February 17, 2011 Posted February 17, 2011 Wooh..This is a good mod...maybe we can add alot of features to it and make it good Quote
Oo-Savage-oO Posted February 17, 2011 Posted February 17, 2011 What a coincidence I was just about to make this mod. I was wondering how to do it when I came across this. Quote
Maniak Posted February 17, 2011 Posted February 17, 2011 I'll give this a quick re-code later, and also, I would recommend stripslashes() on the out put as you'll get a \ before any ' or ".. Another thing is your $_GET['action'] hasn't been secured.. A simple line like: $_GET['action'] = isset($_GET['action']) && is_string($_GET['action']) ? strtolower(trim($_GET['action'])) : false; would do the trick :) Quote
SlimyStud Posted February 17, 2011 Posted February 17, 2011 $_GET['action'] is put straight into a switch() statement, it doesn't need to be sanitized / checked. Quote
Maniak Posted February 17, 2011 Posted February 17, 2011 I prefer to secure ALL $_POST and $_GET.. I guess it is just the way I do things, even if it is slight overkill xD Quote
rulerofzu Posted February 17, 2011 Posted February 17, 2011 You mean thats how its shown on here how to do things. Go read about switch and then decide for yourself if you should do that line or not. I bet you choose not too for the same reason stated by Slimy. Here is a question for you......why so intent on securing the output. If the input is secured the output will be what? Quote
Equinox Posted February 17, 2011 Posted February 17, 2011 I'll give this a quick re-code later, and also, I would recommend stripslashes() on the out put as you'll get a \ before any ' or ".. Another thing is your $_GET['action'] hasn't been secured.. A simple line like: $_GET['action'] = isset($_GET['action']) && is_string($_GET['action']) ? strtolower(trim($_GET['action'])) : false; would do the trick :) Why? Not needed. EDIT: Was beaten to it. I had the page up to post for a few hours, just forgot it was here. XD Quote
Maniak Posted February 17, 2011 Posted February 17, 2011 No, Zu.. I actually do that.. I only use stripslashes on the output to remove the backslashes as I stated in the other post.. Go read it, you obviously didn't read it in the 1st place to put that irrelevant post!... Quote
Maniak Posted February 17, 2011 Posted February 17, 2011 I am sure this is supposed to be a Community based Forum.. Yeah I may not be the best Coder around, but I am sure you all have your imperfections whilst coding.. You do things which others may see as irrelevant, yet because you're more well known around here people don't question it.. Yet because I am not a known coder, and I am not as experienced as some of you guys, you decide to take the piss outta me and I have seen some others have the piss taken out of! It's people like you who make people not want to carry on Developing rather than spur them on and excel in a Language by explaining to them why it is irrelevant to use it! Quote
Equinox Posted February 17, 2011 Posted February 17, 2011 I never took the piss? You assume because I make use of correct English grammar that I'm being sarcastic or something else? You think because I appended a full-stop that I mean something other than what I said. I want to see the re-code, am I not allowed with this being a community based forum and all? Being known has nothing to do with it, everyone will get called on their mistakes. Quote
Diesl Posted February 17, 2011 Posted February 17, 2011 Here is a question for you......why so intent on securing the output. If the input is secured the output will be what? I think this is best answered with this quote: "You cannot always be sure that the data in the database is sanitized data. You cannot guarantee that it came from the sources we anticipated the data to come from. There is a chance that the data ended up in the database through a path where you have not placed your input sanitizer. What if a user directly edited the database to add some data? What if there are loopholes in your sanitizer? What if the data was placed by an SQL injection attack against your database? All these points tell us that we need to sanitize user data where it is being used – that is in the output stage." http://www.diovo.com/2008/09/sanitizing-user-data-how-and-where-to-do-it/ Quote
Maniak Posted February 17, 2011 Posted February 17, 2011 When did I ever say that it was to do with your Grammar? (I would like to think I use the correct Grammar and Spelling).. I interpreted it as you being Sarcastic, yes... And also, if you're a well known member, other People look up to you.. But anyway, I am probably sounding like a right tosser with my Posts... But I am just having one of them "off days" which is why I am taking things wrong.. I apologize.. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.