Allow me to be the first to get ripped to shreds valuable criticism
My Plaything:
Redscouse: For The Fans
Allow me to be the first to get ripped to shreds valuable criticism
My Plaything:
Redscouse: For The Fans
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'
Shame on you for not using parameterized queries.
Admin:5f88ca669a366c9c1c888ca8XXXX8b8ff787b50750d9ec03
Shame on you again, you should use bcrypt or pbkdf2
What else do you want feedback on? Design? Coding is kinda hard without any code to review
Dang! Jim :o
I was expecting feedback about the design, functionality and maybe even the content
I am using this to encrypt passwords.
[php]$encoder = crypt($password_entered, rand(1, 1000).time());
$iterations = 10;
$encrypted_password = $password_entered;
for ($i = 0; $i < $iterations; $i++) {
$encrypted_password = hash(‘tiger192,4’, $encoder . $encrypted_password);
}[/php]
Think i’m gonna change that straight away as clearly not as secure as i thought!
Jim, if you would be so kind to ‘attack’ my site (without breaking anything of course) and PM the results that would be very much appreciated.
Cheers,
Red
That is not encryption
Which btw is a good thing, you should never encrypt passwords. When storing an encrypted password an attacker will be able to decrypt it, storing a hash makes is technically impossible to decrypt as the password itself is never stored on the server.
Hashes can be brute forced though, that’s where bcrypt comes into play. While you can generate millions of MD5/tiger/sha hashes every second, you can only do a handful (2-3 if set up right) bcrypt hashes a second.
All fixed ;D
(if you find anything else, please feel free to PM me the details.)
The honours list at the top etc is getting chopped by the updating text, other than that looks good from a united fans pov
I know there are a few issues but having the time to fix them is another issue altogether as it’s only a toy.
It (the domain) actually started life as a virtual airline which was quite popular back in the 90’s and MS Flightsim. (someone from this forum actually remembers the airline and sent me a pm a couple of weeks back when he realised it was still owned by me).
Anyhow, I have pencilled in some time during the close season to re-write the whole site from the ground up as most of the current site is a mishmash of code from my library (which is rapidly becoming outdated :’( )
Check in again at the start of next season and all will be well ;D
as a sidenote, any tips on SEO (in general) is always appreciated by everyone and his dog so fire away if you would be so kind
been down that road a few times in the past…
As you can tell by the league table and scores at the top i don’t even get the time to keep it updated properly, i shall endeavour to update the scores/table today (although i probably won’t )
The code i write today is nothing like the code that drives that site (thankfully) however I will keep you in mind should I ever need an ass whooping in the PHP world
Get an automatic feed of the league table so it updates itself, get Liverpool marked up in the league table in a different color also, ie red, not bad work though overall, think I’ll create a little play thing also so we can compare notes, good practice for php not been doing it long at all, html,css on other hand are my thing
I used to have one but i didn’t like the author logo on it (was way too big for such a little widget so decided to write my own. Shamefully it only takes me around 30 seconds to update the scores and tables, I just ‘forget’ to do it
If you do build your own send me a link I’ll put it on the new site when i build it.
You can get the league data from online sources. Just find an API that offers the data and let the site fetch and parse it itself. Remember to use cache so you don’t hammer the API.
Writing a curl request, json decoding the data and parsing it to your league structure should take like 5 mins, then you never have to do those 30 second updates again.
Not a bad idea that Jim and in fact i have it half written already as currently i copy this table (manually) http://www.premierleague.com/en-gb/matchday/league-table.html?season=2013-2014&month=OCTOBER&timelineView=date&toDate=1382918399999&tableView=CURRENT_STANDINGS
then paste it into a form which formats it into a query then updates the table - it is literally a copy/paste job and it’s this 30 second part that i often don’t get around to doing… (I still haven’t updated the last 3 games!)
When i rebuild it, i will automate it as much as i possibly can. (I promise guys and gals, i do really )
At the moment it only gets a few visitors a week and at the time i built it i wasn’t really fussed whether it gained popularity or not as it was only built it to fill a parked domain and was/is a plaything for me about my beloved team.
I decided (long before posting here) i would re-write it in the close season as I aim to use it as a business tool especially now the social networking boom is here to stay!
When i posted here, I kinda expected feedback on design, content etc (forgetting i was posting on a programmers forum!) but thanks to you guys i got a lot more - which is good though and very much appreciated from you all - especially the security issues, it was the kick up the backside i needed to pull my finger out. I mean, when i posted the original question i wasn’t even using parametrised queries - Jim quickly shamed me into acting on that and i changed them over straight away!
Yes, i know i should have done it like that in the first place. :-[ 8)
Red
Yes, yes, yes - although the second one adds the uniqueness don’t ya think, keeps people guessing (if anyone ever visits that is)
You know you could always email/PM me the results in a textfile etc. That would be a little bit more helpful than just saying it’s broke… although it’s not necessary if you don’t want to, just a thought…
Massive!! So big my computer crashes when i try and open it. (nah, just kidding, i don’t actually know as i’ve never read it - no, honestly ???)
If you did that i wouldn’t hire you to fix it, that is correct.
If you didn’t do that i still wouldn’t hire you to fix it so nothing ventured nothing gained on my part, however keeping in theme with this website (php >>> HELP) I thought there was the slightest change you may have passed it over for free but hey, that’s cool it’s not like i can’t find the information myself in a couple a minutes so thanks anyway, you have been really, erm, helpful…
yep, i know this too, that would be the benchmarking class that i added during production that i didn’t bother removing when i uploaded the site, how very lazy of me…
similar to the fact we have played 28 games and the website still says 25…
It’s all relative…
Edit:
My bad, that was quite constructive in your last post, thank you, very much appreciated.
Getting a little heated in here, ps throw me something to nibble on
Nah, it’s all good over here, i asked for feedback/criticism, i just expected it to be helpful i mean anyone can tell someone something is broken.
Your team are getting relegated :o ;D
Haha I been nibbling on that for a few months ;D
I should probably get on with fixing the paypal part of my game fixed, that’s the reason I came on this forum to start with but I got side tracked lol… I just cannot be bothered I may have to pay for it fixing ha