Bravo List
Page 2 of 9 1 2 3 4 5 6 Last »
Show 40 post(s) from this thread on one page

Bravo List (http://www.bvlist.com/index.php)
-   OpenTracker (http://www.bvlist.com/forumdisplay.php?f=125)
-   -   OpenTracker - a new tracker source! (http://www.bvlist.com/showthread.php?t=8077)

Optix 24th June 2012 19:35
Demo.

LeeHowarth 24th June 2012 19:35
Looks cool, i like the design nice and basic...

on the demo i came across a notice error, mysql error

Code:
Notice: Undefined index: group in /var/opentracker.nu/demo/library/Acl.php on line 76  Notice: Query fel in /var/opentracker.nu/demo/library/DB.php on line 79 MYSQL_ERROR -
Database error: Invalid SQL: SELECT * FROM tracker_forum_categories  WHERE category_group <=  ORDER BY category_sort ASC
MYSQL Error: 1064 (You have an error in your SQL syntax; check  the manual that corresponds to your MySQL server version for the right  syntax to use near 'ORDER BY category_sort ASC' at line 4)
This page is unavailable at the moment. Please try again.
And sanitize user input for avatar url because i shouldnt be able to enter the logout url as the avatar pic, on a module like the forums if it shows users avatars then everyone could be logged out...

unkn0wn 24th June 2012 19:40
looks very nice mate, id shag it ;):ok:

Wuild 24th June 2012 19:43
Quote:
Originally Posted by djhowarth (Post 35410)
Looks cool, i like the design nice and basic...

on the demo i came across a notice error, mysql error

Code:
Notice: Undefined index: group in /var/opentracker.nu/demo/library/Acl.php on line 76  Notice: Query fel in /var/opentracker.nu/demo/library/DB.php on line 79 MYSQL_ERROR -
Database error: Invalid SQL: SELECT * FROM tracker_forum_categories  WHERE category_group <=  ORDER BY category_sort ASC
MYSQL Error: 1064 (You have an error in your SQL syntax; check  the manual that corresponds to your MySQL server version for the right  syntax to use near 'ORDER BY category_sort ASC' at line 4)
This page is unavailable at the moment. Please try again.
And sanitize user input for avatar url because i shouldnt be able to enter the logout url as the avatar pic, on a module like the forums if it shows users avatars then everyone could be logged out...

Thanks for the input, i will have a look at it.
The system is in heavy development right now.
Not all the security features nor other shit is there yet.
Keep in mind that we are developing everything from scratch :)

Bump:
Quote:
Originally Posted by Optix (Post 35409)
Demo.
i dont see how Zend would make a different since you'r the one creating all the forms.

kizze 24th June 2012 19:54
Do not forget to make an account on our forum, where you can make suggestions or just talk to us!

djzoulox 24th June 2012 20:05
kizze if you notice you site runs faster with out facebook stuff to :P or 3rd party
stuff looks like a nice source though clean theme etc :drink:

Wuild 24th June 2012 20:16
Quote:
Originally Posted by djzoulox (Post 35414)
kizze if you notice you site runs faster with out facebook stuff to :P or 3rd party
stuff looks like a nice source though clean theme etc :drink:
Its a matter of opinion ;)

Bigjoos 24th June 2012 20:24
Quote:
Originally Posted by djhowarth (Post 35410)
Looks cool, i like the design nice and basic...

on the demo i came across a notice error, mysql error

Code:
Notice: Undefined index: group in /var/opentracker.nu/demo/library/Acl.php on line 76  Notice: Query fel in /var/opentracker.nu/demo/library/DB.php on line 79 MYSQL_ERROR -
Database error: Invalid SQL: SELECT * FROM tracker_forum_categories  WHERE category_group <=  ORDER BY category_sort ASC
MYSQL Error: 1064 (You have an error in your SQL syntax; check  the manual that corresponds to your MySQL server version for the right  syntax to use near 'ORDER BY category_sort ASC' at line 4)
This page is unavailable at the moment. Please try again.
And sanitize user input for avatar url because i shouldnt be able to enter the logout url as the avatar pic, on a module like the forums if it shows users avatars then everyone could be logged out...
Aye like djhowarth says - You will never ever trust any user input on a site no matter if its users or staff, to do otherwise is suicide, you ensure all user supplied data is sanitized at $_POST or $_GET ect, you force numeric values to be numeric only, you also sanitize every single mysql query be it a SELECT or UPDATE or INSERT, follow those golden rules and you will have no problem, if you do not have such experience use a framework like suggested although i prefer to manually secure my work, that way i know whats coming in and what wont be.

Wuild 24th June 2012 20:31
Quote:
Originally Posted by Bigjoos (Post 35416)
Aye like djhowarth says - You will never ever trust any user input on a site no matter if its users or staff, to do otherwise is suicide, you ensure all user supplied data is sanitized at $_POST or $_GET ect, you force numeric values to be numeric only, you also sanitize every single mysql query be it a SELECT or UPDATE or INSERT, follow those golden rules and you will have no problem, if you do not have such experience use a framework like suggested although i prefer to manually secure my work, that way i know whats coming in and what wont be.
All mysql insertions and updates ect are sanitized automaticly thrue my mysql class.

in this case it did not check the url ect, but when updated in the user field it is sanitized. i could upload a copy of my mysql class and you'll see for your self.

djzoulox 24th June 2012 20:43
Quote:
Originally Posted by Wuild (Post 35415)
Its a matter of opinion ;)
well i don't think it looks that bad, all sources comes with major work and error's i think , that's why were all here to help thoes who can help ,
and also as you guys stated it is in developement , it's gonna be cool to see who will run a major site with this new script .

but wish you all good luck with your source :drink:


All times are GMT +2. The time now is 20:42.
Page 2 of 9 1 2 3 4 5 6 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.