New Members Section

[JackoliciousLegs]

I've released the MM Members section version 1.0 Super SUPER Alpha.
Please report known bugs here. I'm working on it slowly

Features:
-Unique login
-Ability to customize your information
-Admin panel
-MM logo designated for paid members
-Ability to have an infinute number of cars (for those of you who have pooloads)
-Ability to upload one image per car
-Ability to view everyone's UPDATED info realtime

Known bugs
1. no appostrophes allowed yet
2. IE Only: If you upload a picture over another, it will work, but you need to refresh the page for it to show up.

Hope you guys like it. I think it was worth the wait

EDIT:
TODO LIST:
1. Last modified
2. Icon for pictures by username
3. Officer positions

[Chris]

woo hoo!!!

[JohnC]

I've released the MM Members section version 1.0 Super SUPER Alpha.
Please report known bugs here. I'm working on it slowly

I do like it. Nice work Jack.

Formatting of the member pages is a bit strange in Safari (long mod lines don't wrap, thus widening the whole layout), but it looked fine in Firefox. Other than that - no issues so far.

[ScottyB]

looks AWESOME Jack

[JackoliciousLegs]

Formatting of the member pages is a bit strange in Safari (long mod lines don't wrap, thus widening the whole layout), but it looked fine in Firefox. Other than that - no issues so far.

Right now I'm using pre tags to deal with database output so I don't have to put in br tags at the end of every line. There's got to be a better way and I'm looking into it.

edit: phpbb parses every piece of form input for hard returns and inserts BRs. Ugh.... i guess I'll do that.

[BLINGMW]

some very minor formatting errors in Opera, but better than most sites show up! :wink: Good work!

[JohnC]

Formatting of the member pages is a bit strange in Safari (long mod lines don't wrap, thus widening the whole layout), but it looked fine in Firefox. Other than that - no issues so far.

Right now I'm using pre tags to deal with database output so I don't have to put in br tags at the end of every line. There's got to be a better way and I'm looking into it.

Why are you bothering with pre at all? Run the db output through htmlspecialchars() and be done with it - let the wrapping happen naturally within the td tags... or use the white-space property applied to your 'thetext' css class, lots of options there.

I'm curious as to why you're doing things the way you are simply because I'm having to get back into the layout and design game after a few years - most of my experience is backend data manipulation and then a lot of random low-level stuff that has nothing to do with web apps :roll:

[JackoliciousLegs]

didn't know about htmlspecialchars() ... implementing
edit: that doesn't handle line breaks

[JohnC]

didn't know about htmlspecialchars() ... implementing
edit: that doesn't handle line breaks

Thats correct, it doesn't. What it does do is turn all of the potential nasties into HTML-safe strings like & and " and < and >, etc...

As for the line breaks, are you trying to preserve line breaks from people's entries into the database, or just control the wrapping at a specific character width?

[JackoliciousLegs]

I'm not trying to preserve at a specific width. I just figure I have three options:
1. Output directly to browser and lose hard returns that the user entered
2. Use PRE but cut it off at a certain number of chars
3. Write a function that inserts "<BR>" after every line break in a mysql response

If someone has a quick fix let me know... other wise 3 is the way i'm going

[Mike]

and i thought i was a loser...

[JackoliciousLegs]

found it.

[JohnC]

I'm not trying to preserve at a specific width. I just figure I have three options:
1. Output directly to browser and lose hard returns that the user entered
2. Use PRE but cut it off at a certain number of chars
3. Write a function that inserts "<BR>" after every line break in a mysql response

If someone has a quick fix let me know... other wise 3 is the way i'm going

nl2br() might work...

[JackoliciousLegs]

oh, another thing... passwords are hashed i.e. I can't see them so don't worry

[white_2kgt]

oh, another thing... passwords are hashed i.e. I can't see them so don't worry

You need to hash, add salt, and hash again. I can crack MD5 single hash on my P4 in 1hr. Add a field to the DB (3 chars is enough) that will store the salt. Generate salt at random.

So, say they enter sEcReT when they create the account you would,
$randChars = gen3RandChars();
$hash = md5( "sEcReT" );
$hash .= $randChars;
$hash = md5( $hash );
savePassword( $username, $hash, $randChars );

Then when they login you,
$testPW = md5( $enteredPassword );
$testPW .= $randChars;
$testPW = md5( $testPW );
if( strcmp( $testPW, $hash ) ) $valid = true;
else $valid = false;

etc...

Since you are NOT using SSL for the login, may I suggest that you do the first Hash in javascript that way you are not sending the user's PW via clear text. Then you add the salt, hash and compare. The majority of your users are at JMU, on the same network. Do you have ANY idea how easy it is to sniff a network like that? You are CS, you should. Oh, they are using switches hu, well even switches can be sniffed, all you have to do is MAC flood the switch and it will default to fail open mode where all packets will be sent to all ports, just like a hub, drop the NIC in promiscuous mode and sniff away for that plain text password...


For the single quote problem, make sure magic quotes is turned off in php.ini then use the functions john suggested. Then read this
<!-- m --><a class="postlink" href="http://www.webmasterstop.com/tutorials/php-magic-quotes.shtml">http://www.webmasterstop.com/tutorials/ ... otes.shtml</a><!-- m -->
and do what is says.

--chad

[ViPER1313]

I can crack MD5 single hash on my P4 in 1hr.

I can do it in 50min on my Athlon :lol: .

[JackoliciousLegs]

addslashes are coming.
i won't discuss the security of the site here but there are many easy ways into systems like this.

[white_2kgt]

addslashes are coming.
i won't discuss the security of the site here but there are many easy ways into systems like this.

Then why add more holes?

I can crack MD5 single hash on my P4 in 1hr.

I can do it in 50min on my Athlon :lol: .

Bullshit You don't have my program.

--chad

[.RJ]

and i thought i was a loser...

Damn, me too.

[JohnC]

I think you should just remove all security measures... Think of all the fun that could be had!!!