• 0

Rate, Test, Critique My Site v 2.0


Question

Well I have been working on my website for weeks now and finally got it up to public standards. I have coded it from scratch. The only thing about it atm is that the layout isn't original. I took the design and tweaked it from a forum layout but coded it in myself. I'll change that eventually but I am mostly looking for the technical side of testing. Please post if you find any bugs or exploits and thanks for looking.

http://www.elite-gen.com/

Update: Site has been majority re-hauled we new features and different layout with some security measures put in place.

Link to comment
Share on other sites

16 answers to this question

Recommended Posts

  • 0

It looks very nice! Your logo looks blury to me. I noticed you used a lot of tables. Tables aren't really popular anymore and you might get a lot of heat for that, but if it works ya, to each his own.

Link to comment
Share on other sites

  • 0

Thank you guys for pointing this out. I figured there were some loose ends I needed to patch with characters passing through. The reason I use tables is cause I haven't really studied up on tableless designs but I'll make that one of my goals for the next layout.

Link to comment
Share on other sites

  • 0

Honestly, the sooner you start to learn how to use CSS, the better.

Leads to cleaner and easier to manage code (and gets rid of the table structure).

Link to comment
Share on other sites

  • 0

I would recommend spacing the content and the tab links a little more. Having it almost flush looks ugly.

Link to comment
Share on other sites

  • 0

Round two. Site has been majority re-hauled we new features and different layout with some security measures put in place. Please comment on the current design. Note that I haven't converted the members section from table to css each so ignore that for the moment.

Link to comment
Share on other sites

  • 0

No CSS is loading here, and so page looks very late 90's...

Here's your error:

<link rel="stylesheet" type="text/css" href="css/style - .css" />

Link to comment
Share on other sites

  • 0

Thanks for the posts but I already found out that bug before looking back here. You'll want to check back now. I had a variable control which style users see but forgot to set a default for people who weren't signed up to the site. This is fixed now.

Link to comment
Share on other sites

  • 0

http://validator.w3.org/check?uri=http%3A%2F%2Fwww.elite-gen.com%2Findex.php;accept=text%2Fhtml%2C%20application%2Fxml%3Bq%3D0.9%2C%20application%2Fxhtml%2Bxml%2C%20image%2Fpng%2C%20image%2Fjpeg%2C%20image%2Fgif%2C%20image%2Fx-xbitmap%2C%20*%2F*%3Bq%3D0.1;accept-language=en-GB%2Cen%3Bq%3D0.9;accept-charset=iso-8859-1%2C%20utf-8%2C%20utf-16%2C%20*%3Bq%3D0.1

1 error :)

&lt;div id="navi"&gt; &lt;!-- Navigation --&gt;
			# &lt;a href="index.php"&gt;Home&lt;/a&gt;&lt;br /&gt;
			# &lt;a href="forum/"&gt;Forum&lt;/a&gt;&lt;br /&gt;
			# &lt;a href="index.php?page=member"&gt;Members&lt;/a&gt;&lt;br /&gt;
			# &lt;a href="index.php?page=minecraft"&gt;Minecraft&lt;/a&gt;&lt;br /&gt;
			# &lt;a href="index.php?page=contact"&gt;Contact&lt;/a&gt;&lt;br /&gt;
			   - &lt;a href="index.php?page=links"&gt;Links&lt;/a&gt;&lt;br /&gt;
			# &lt;a href="index.php?page=about"&gt;About&lt;/a&gt;&lt;br /&gt;
			   - &lt;a href="index.php?page=follow"&gt;Follow Me&lt;/a&gt;
		&lt;/div&gt;

You could use a list for this instead of faking it with nbsp and breaks.

Bold tags also... you should change this for CSS.

Link to comment
Share on other sites

  • 0

Pretty big XSS vulnerability in the "About" input (actually, every input) for the profile: http://www.elite-gen.com/index.php?page=member&user=5 always sanitise user input

Also, I hope you're not going to use tables when you do your own layout :p

following on from this point

http://www.elite-gen.com/index.php?page=%3Cform%20action=http://www.google.co.uk%3E%3Cinput%20type=submit%20value=Free_Money%20/%3E%3C/form%3E

OR

http://www.elite-gen.com/index.php?page=<iframe src=http://google.co.uk></iframe>

Link to comment
Share on other sites

  • 0

I see why it is doing this. I was using _GET foolishly to show the page title on the site. I've removed this code and will think of a more secure way. Thanks.

Looking neat and clean. You might want to work on the Navigation section, to me it is not looking good.

Link to comment
Share on other sites

  • 0

Looking neat and clean. You might want to work on the Navigation section, to me it is not looking good.

Just updated the navigation with a css list feel. It works across all style choices.

Link to comment
Share on other sites

  • 0

Your login is really insecure at the moment, you must just be checking if the EliteGen[username] cookie is set, but not confirming the EliteGen[password] cookie matches the actual hashed password for the user.

Just by changing the username cookie I can login as you and update your profile: http://www.elite-gen.com/index.php?page=member&user=1

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.