JFUsersystem - Version 0.1.0 - Development (PHP/MySQL)

[RastaLulz]

Thread Overview:

Well, as of recent, I've decided to improve on my PHP skills, and I'm quite proud of what I've coded from scratch in the past three days.

Suggestions, and ideas for this project are highly welcomed, as I want to expand my knowledge in PHP, and MySQL. Also tips (on security, etc), etc are also welcomed.

Features:

• Login
• Registration
• Profiles
  
  • Commenting
  • Current status (Twitter-like I suppose)
  
  
• Members
  
  • Shows all registered members
  
  
• Edit Password
• Edit Account
• Logout
• User only pages

Demo Site:
JFUsersystem BETA - fight teh power

If you encounter any bugs during the demo please report them here, aswell as security flaws.

Follow the project:
http://foskett.ws/usersystem

Current Bugs:

1. When leaveing a comment, the date does not always save.

[MentaL]

[Parker]

On the Edit Profile page it has MSN twice, bottom one should be Skype.

Looks good missing profile picture upload or is that just for admins? because I can imagine a whole list ninja's wouldn't go to well :P

[RastaLulz]

On the Edit Profile page it has MSN twice, bottom one should be Skype.

Fixed, I was copy and pasting all the forms, and missed that one.

Looks good missing profile picture upload or is that just for admins? because I can imagine a whole list ninja's wouldn't go to well :P

Images have to be uploaded via an external site, and entered in the edit account form, until I figure out how to code the upload script.

[Parker]

Doesn't look like there's any restrictions on what you can put as your avatar in terms of file formats.

[RastaLulz]

Doesn't look like there's any restrictions on what you can put as your avatar in terms of file formats.

Nope, only thing that's being filtered is HTML, using:

PHP Code:

strip_tags(); 


Do you recommend using anything else?

[Parker]

Not sure why you would use strip_tags? unless your like having

PHP Code:

strip_tags("{$row['image']}", "every single tag here"); 


if statement with getimagesize, check filetype and headers etc would be more suitable?

[RastaLulz]

Not sure why you would use strip_tags? unless your like having

PHP Code:

strip_tags("{$row['image']}", "every single tag here"); 


I use strip_tags(); for every piece of data that is entered via the $_POST method to the MySQL database.

if statement with getimagesize, check filetype and headers etc would be more suitable?

Ah, yes, I see what you mean, I'll look into that - thank you.

[Masius]

A few advices, if you haven't done this yet;
http://foskett.ws/foskettcms/img/editaccount.png
On that image I see you're using the HTML <br> tag in order to produce a new line.
You should use the nl2br function. Usually while pressing enter on a form field that has data being sent to the database, that enter is saved as line break on the database, but when reading it's just straight text. Using the nl2br function you can identify those line breaks. So, when getting the data from the database , use it , it's very handy.
An extra, if you wish your users to use some sort of text decoration (bold, italic, etc), you should start up with BBCode. I'm not very experienced on using it, but when I do, I simply set 2 arrays (one with the HTML code, the other with the BB version) and use the str_replace function. You can find other ways tho ;)

Good luck!

[s-p-n]

I made 2 test accounts and can't seem to login to either of them.. Also, do you have an admin account we can use to test the demo?

Like username: admin, Password: demo

And for user-side testing, user: user, pass: demo?

[RastaLulz]

A few advices, if you haven't done this yet;
http://foskett.ws/foskettcms/img/editaccount.png
On that image I see you're using the HTML <br> tag in order to produce a new line.
You should use the nl2br function. Usually while pressing enter on a form field that has data being sent to the database, that enter is saved as line break on the database, but when reading it's just straight text. Using the nl2br function you can identify those line breaks. So, when getting the data from the database , use it , it's very handy.

That function has been put into affect, but thank you for the good eye.

The picture you're looking at is from version 0.0.4.

An extra, if you wish your users to use some sort of text decoration (bold, italic, etc), you should start up with BBCode. I'm not very experienced on using it, but when I do, I simply set 2 arrays (one with the HTML code, the other with the BB version) and use the str_replace function. You can find other ways tho ;)

Thank-you, I was thinking of implementing something like that. Kind of how PHP a word censor script works. It takes the word, and replaces it with something else.

EDIT:
Okay, I coded a basic bbcode script with the help of a tutorial:

PHP Code:

<?php
function censor($string)
{
 if ($string) 
 {
 $bbcodearray = array("[b]", "[/b]");
 $replacearray = array("<strong>", "</strong>");
 $newstring = str_ireplace($bbcodearray, $replacearray, $string);
 return $newstring;
 }
}
if($_POST['submit']) 
{
echo censor($_POST['text']);
}
?>

<form method='POST'>
<textarea name='text'></textarea><br />
<input type='submit' name='submit' value='Submit'>
</form>

I still have to work on it a bit, and then I'll implement it into the site.

I made 2 test accounts and can't seem to login to either of them..

I found out the problem, for some reasons the varchar in the database was set to max 10 chars. It's set to 30 now, and later I'll set all the fields to a max length.

Also, do you have an admin account we can use to test the demo?

Like username: admin, Password: demo

And for user-side testing, user: user, pass: demo?

At the moment, it wouldn't even be worth making an admin account, as I have barely coded anything for the Admin CP. But once it's somewhat worthy of showing, I'll make an admin account for everyone.

[s-p-n]

BB code is over-rated.. Get a WYSIWYG editor ;)

[RastaLulz]

BB code is over-rated.. Get a WYSIWYG editor ;)

Where would I get this? I've googled it before, and had no luck on finding a WYSIWYG editor script.

[s-p-n]

I use FCKeditor, though there are many others to choose from.

There's tinyMCE, Hoteditor, nicedit, etc..

Yahoo has one.. Stay away from it because it crashed my browser once -.-

You might also search "Rich Text Editor" or something or another.

[Masius]

I've been using tinyMCE :p It has a pretty simple design which I like it. Tho I always start with BBCode in order to test out my security, I later add the WYSIWYG editor. Must.. start.. developing... WYSIWYG stuff..