I DIDNT USE SECURITY FOR NOW
here is my first script ever
it is simple
NEWS SCRIPT or ARTICLES SCRIPT

i used php and html no ps or somehting to design it
it is a test to see if i can code a articles website
here is the link to check it => http://webtutotest.freehostia.com/news/home.php

and to enter to the admin control panel from here =>
username = 123
password = 123
http://webtutotest.freehostia.com/news/admin_cp.php

rate the programmation
any suggesions plz

u critisize me , u are my friend

Hello there webtuto.

Apart from what is outputted to the front-end it is rather hard to review the script in to much depth. The lack of security is a rather large hole however in the general development as, without security, a script is a prime target for all sorts of attacks.

A few questions/advice about registration;

1. A major flaw that often crops up in new registration scripts in the lack of user input validation - by this I mean the expectation that the user is going to put in exactly what you want them too. For instance, with the 'Email' field, what if they don't put in a real email that follows name@domain or put in something completely different altogether! It's very important to check that the input information is valid.
2. It's always advisory to make sure your 'password' fields are set as type=password otherwise anyone looking over the shoulder knows exactly how to get in a make some havoc! Also users are much less willing to give passwords away to sites which don't hide them.
3. It's very important to tell the user what to do and what's going on - once I registered I was sent back to the login screen; does this mean I was successful? Did the system crash? I have no idea! Make sure to update the user as to what's going on throughout.
4. Database injections can be nasty stuff and without escaping your Db input alot you could be facing some major issues. Always make sure to addslashes() and if you don't want HTML outputting when you come to retrieve it use either strip_tags() or htmlentities() depending on the desired effect. Personally I go down the route of making a parsing class for all my Database Ins/Outs and $_GET's.

Just some small points that should hopefully help - generally it seems like a good work in progress so keep it up and if you want some further help post up some code and I'll take a look. (:

__________________
YouNeek - Bit of a nutty one!
HappySlapCulture | MadCoffeeHouse | LedburyRd | CoffeeBean

Your redirects didn't work for me unfortunately - when I tried to register I got a webpage (http://webtutotest.freehostia.com/news/reg2.php) with the following on it:

Using IE7.

Alan

You might wanna make an index file:
Index of /news

about ur suggestions youneek ,

1 - i didnt pay attention to security in this script and about email i dont know how to do what u said

2-yeah will i just forgot it is fixed now

3-yes im gonna use them later when i finish everything in that script

thanks dude for the help and critisize
------------------------------------------------
Alan @ CIT
will it works for me and others maybe !!! i didnt get that problem well im using firefox
------------------------------------------------
WinSrev
well yes :d

Sorry i havnt looked at your script fully yet, i will do when i get sum time.

I think there is an option witin IE7 to enable META REFRESH this could explain why it wasnt working for Alan. I believe it can be enabled/disabled in the Internet Security settings. I havnt got IE7 atm as i am on linux so i cant test this thoery, failing that its most likly to be another 'random feature' of IE7.

Why not use:

instead of using the refresh, or did you want to have a short delay before the redirect?

__________________

i didnt use header bcz when i use it , it gaves me an error :s

if its the classic 'headers already sent' error,then use an output buffer like so:

Just remember that inorder for anything to get back to the browser you must call:
ob_flush(); so that the buffer is flushed to the browser.

That should stop that error as it keeps all output in a temp 'buffer' so that when you flush it everything get sent at the same time thus solving the 'Headers already sent' error.

Hope that helps

__________________

thanks im gonna remember that in my next projects thanks :d

I had the 'header already sent' error message several times on my pages. I found that if I wrote my includes/requires after the "header('Location....') then it worked.

For example, I had:
<?php
require("config.php");
require("userheader.php");
requrie("usernav.php");

*some more code*

header('Location: home1.php');
?>

If I put the 2nd and 3rd requires at the end of the php code (after the whole script) then I didn't receive any errors. That's what I found anyway :)

yeah, php.net on headers says you cant have output of anykind on the site and then a header, i belive this includes white space. So to get it to work your statment has to be one of the first things you do without using echo, print or just plain html.

ewlll
:)



OR putting
at the top of your pages or in your config and include it to all your pages boom perfect ;).

__________________
PHP/XHTML Freelancer:
Cleanscript.com v3 - Programming starting at just $5 act now!