+- Madison Motorsports (https://forum.mmsports.org)
+-- Forum: Official (https://forum.mmsports.org/forumdisplay.php?fid=5)
+--- Forum: Site Suggestions/Status (https://forum.mmsports.org/forumdisplay.php?fid=15)
+--- Thread: New Members Section (/showthread.php?tid=1404)
New Members Section - JackoliciousLegs - 11-29-2004
I've released the MM Members section version 1.0 Super SUPER Alpha.
Please report known bugs here. I'm working on it slowly
Features:
-Unique login
-Ability to customize your information
-Admin panel
-MM logo designated for paid members
-Ability to have an infinute number of cars (for those of you who have pooloads)
-Ability to upload one image per car
-Ability to view everyone's UPDATED info realtime
Known bugs
1. no appostrophes allowed yet
2. IE Only: If you upload a picture over another, it will work, but you need to refresh the page for it to show up.
Hope you guys like it. I think it was worth the wait
EDIT:
TODO LIST:
1. Last modified
2. Icon for pictures by username
3. Officer positions
- Chris - 11-29-2004
woo hoo!!!
Re: New Members Section - JohnC - 11-29-2004
JackoliciousLegs Wrote:I've released the MM Members section version 1.0 Super SUPER Alpha.
Please report known bugs here. I'm working on it slowly
I do like it. Nice work Jack.
Formatting of the member pages is a bit strange in Safari (long mod lines don't wrap, thus widening the whole layout), but it looked fine in Firefox. Other than that - no issues so far.
- ScottyB - 11-29-2004
looks AWESOME Jack
Re: New Members Section - JackoliciousLegs - 11-29-2004
mongooze Wrote:Formatting of the member pages is a bit strange in Safari (long mod lines don't wrap, thus widening the whole layout), but it looked fine in Firefox. Other than that - no issues so far.Right now I'm using pre tags to deal with database output so I don't have to put in br tags at the end of every line. There's got to be a better way and I'm looking into it.
edit: phpbb parses every piece of form input for hard returns and inserts BRs. Ugh.... i guess I'll do that.
- BLINGMW - 11-29-2004
some very minor formatting errors in Opera, but better than most sites show up! :wink: Good work!
Re: New Members Section - JohnC - 11-29-2004
JackoliciousLegs Wrote:mongooze Wrote:Formatting of the member pages is a bit strange in Safari (long mod lines don't wrap, thus widening the whole layout), but it looked fine in Firefox. Other than that - no issues so far.Right now I'm using pre tags to deal with database output so I don't have to put in br tags at the end of every line. There's got to be a better way and I'm looking into it.
Why are you bothering with pre at all? Run the db output through htmlspecialchars() and be done with it - let the wrapping happen naturally within the td tags... or use the white-space property applied to your 'thetext' css class, lots of options there.
I'm curious as to why you're doing things the way you are simply because I'm having to get back into the layout and design game after a few years - most of my experience is backend data manipulation and then a lot of random low-level stuff that has nothing to do with web apps :roll:
- JackoliciousLegs - 11-29-2004
didn't know about htmlspecialchars() ... implementing
edit: that doesn't handle line breaks
- JohnC - 11-29-2004
JackoliciousLegs Wrote:didn't know about htmlspecialchars() ... implementing
edit: that doesn't handle line breaks
Thats correct, it doesn't. What it does do is turn all of the potential nasties into HTML-safe strings like & and " and < and >, etc...
As for the line breaks, are you trying to preserve line breaks from people's entries into the database, or just control the wrapping at a specific character width?
- JackoliciousLegs - 11-29-2004
I'm not trying to preserve at a specific width. I just figure I have three options:
1. Output directly to browser and lose hard returns that the user entered
2. Use PRE but cut it off at a certain number of chars
3. Write a function that inserts "<BR>" after every line break in a mysql response
If someone has a quick fix let me know... other wise 3 is the way i'm going
- Mike - 11-29-2004
and i thought i was a loser...
- JackoliciousLegs - 11-29-2004
found it.
- JohnC - 11-29-2004
JackoliciousLegs Wrote:I'm not trying to preserve at a specific width. I just figure I have three options:
1. Output directly to browser and lose hard returns that the user entered
2. Use PRE but cut it off at a certain number of chars
3. Write a function that inserts "<BR>" after every line break in a mysql response
If someone has a quick fix let me know... other wise 3 is the way i'm going
nl2br() might work...
- JackoliciousLegs - 11-30-2004
oh, another thing... passwords are hashed i.e. I can't see them so don't worry
- white_2kgt - 11-30-2004
JackoliciousLegs Wrote:oh, another thing... passwords are hashed i.e. I can't see them so don't worry
You need to hash, add salt, and hash again. I can crack MD5 single hash on my P4 in 1hr. Add a field to the DB (3 chars is enough) that will store the salt. Generate salt at random.
So, say they enter sEcReT when they create the account you would,
$randChars = gen3RandChars();
$hash = md5( "sEcReT" );
$hash .= $randChars;
$hash = md5( $hash );
savePassword( $username, $hash, $randChars );
Then when they login you,
$testPW = md5( $enteredPassword );
$testPW .= $randChars;
$testPW = md5( $testPW );
if( strcmp( $testPW, $hash ) ) $valid = true;
else $valid = false;
etc...
Since you are NOT using SSL for the login, may I suggest that you do the first Hash in javascript that way you are not sending the user's PW via clear text. Then you add the salt, hash and compare. The majority of your users are at JMU, on the same network. Do you have ANY idea how easy it is to sniff a network like that? You are CS, you should. Oh, they are using switches hu, well even switches can be sniffed, all you have to do is MAC flood the switch and it will default to fail open mode where all packets will be sent to all ports, just like a hub, drop the NIC in promiscuous mode and sniff away for that plain text password...
For the single quote problem, make sure magic quotes is turned off in php.ini then use the functions john suggested. Then read this
<!-- m --><a class="postlink" href="http://www.webmasterstop.com/tutorials/php-magic-quotes.shtml">http://www.webmasterstop.com/tutorials/ ... otes.shtml</a><!-- m -->
and do what is says.
--chad
- ViPER1313 - 11-30-2004
white_2kgt Wrote:I can crack MD5 single hash on my P4 in 1hr.
I can do it in 50min on my Athlon :lol: .
- JackoliciousLegs - 11-30-2004
addslashes are coming.
i won't discuss the security of the site here but there are many easy ways into systems like this.
- white_2kgt - 11-30-2004
JackoliciousLegs Wrote:addslashes are coming.
i won't discuss the security of the site here but there are many easy ways into systems like this.
Then why add more holes?
ViPER1313 Wrote:white_2kgt Wrote:I can crack MD5 single hash on my P4 in 1hr.
I can do it in 50min on my Athlon :lol: .
Bullshit
You don't have my program.--chad
- .RJ - 11-30-2004
MichaelJComputer Wrote:and i thought i was a loser...
Damn, me too.
- JohnC - 11-30-2004
I think you should just remove all security measures... Think of all the fun that could be had!!!