Been working on a ticketing website for a club at my college called Tech Team. Basically we fix computers for people pretty cheap to fund our growing supply of tools and hardware. I made this so we can keep track of all of our current repairs and so the people we are fixing them for can also check on them.
Haven't put it into use yet, I wanted to get some feedback from this community first. If you find some type of security flaw (hopefully I safeguarded enough) please pm it to me, and don't try to screw up my hard work :thumbup1:. The design is not final either, I just felt like I needed something to look at while I was working on it.
Looking for feedback on functionality, not the design. I know the design sucks, and I do plan on fixing it, it's just not my specialty.
index.php
Spoiler:
PHP Code:
<?php session_start();
include 'site.functions.php';
site::dbconnect();
include 'site.session.php'; include 'site.design.php'; include 'site.manage.php'; include 'site.constant.php'; include 'site.tickets.php'; jscript::header();
$query = mysql_query("UPDATE tickets SET pickup = '".$pickup."', statvirus = '".$statvirus."', statbackup = '".$statbackup."', statreimage = '".$statreimage."' WHERE tid = ".$tid); if(!$query) { echo "An error occurred while trying to update the ticket, try refreshing the page or logging out and back in."; } else { if(strlen($updatecomments) < 5) { tickets::checkticket($tid, "tickets"); } else { $query = mysql_query("INSERT INTO updates (TID, comment, time) VALUES ('".$tid."','".$updatecomments."','".$time."')"); if(!$query) { echo "An error occurred while trying to update the ticket, try refreshing the page or logging out and back in."; } else { tickets::checkticket($tid, "tickets"); } } }
} function moveticket($data, $data2) { if($data2 == "tickets") { $switch = "archive"; } elseif($data2 == "archive") { $switch = "tickets"; } $query = mysql_query("SELECT * FROM ".$switch." WHERE TID = ".$data); if(!$query) { echo "An error occurred while trying to archive this ticket, please refresh or relog and try again."; } else { $result = mysql_fetch_assoc($query);
$query = mysql_query("INSERT INTO ".$data2." (TID,brand,serial,virus,reimage,backup,comments,statvirus,statreimage,statbackup,pickup,Fname,Lname,email,phone) VALUE ('".$data."','".$brand."','".$serial."','".$virus."','".$reimage."','".$backup."','".$comments."','".$statvirus."','".$statreimage."','".$statbackup."','".$pickup."','".$fname."','".$lname."','".$email."','".$phone."')"); if(!$query) { echo "An error occurred while trying to archive this ticket, please refresh or relog and try again."; } else { $query = mysql_query("DELETE FROM ".$switch." WHERE TID = ".$data); if(!$query) { echo "An error occurred while trying to archive this ticket, please refresh or relog and try again."; } else { tickets::checkticket($data, $data2); } } } } function deleteticket($data) { if(AUTH_2) { $query = mysql_query("DELETE FROM archive WHERE TID = ".$data); if(!$query) { echo "An error occurred while trying to delete this ticket, please refresh or relog and try again."; } else { $query = mysql_query("DELETE FROM updates WHERE TID = ".$data); if(!$query) { echo "An error occurred while trying to delete this ticket, please refresh or relog and try again."; } else { tickets::checkticket(0, "tickets"); } } } } function nextticket() { $result = mysql_query("SHOW TABLE STATUS LIKE 'tickets'"); $row = mysql_fetch_array($result); $next = $row['Auto_increment']; $next = sprintf("%04d", $next); return $next; } } ?>
if(!ctype_alnum($fname) || !ctype_alnum($lname) || !ctype_alnum($sid)) { echo "<font color=red>There were invalid characters in the information you entered.</font>"; sessionhand::registerform($username,$fname,$lname,$email,$sid); } else {
if(!ctype_alnum($username) || !ctype_alnum($password) || !ctype_alnum($password1)) { echo "<font color=red>There were invalid characters in the username or password you entered.</font>"; sessionhand::registerform($username,$fname,$lname,$email,$sid); } else { if($password != $password1) { echo "<font color=red>The password(s) you entered do not match.</font>"; sessionhand::registerform($username,$fname,$lname,$email,$sid); } else { if($access != $secret) { echo "<font color=red>The access code you entered was not valid.</font>"; sessionhand::registerform($username,$fname,$lname,$email,$sid); } else { if(filter_var($email, FILTER_VALIDATE_EMAIL) == TRUE) { $query = "SELECT ID FROM users WHERE ID = '".$username."'"; $run = mysql_query($query);
class jscript { function header() { echo " <script type=\"text/javascript\"> function userDelete(uName) { if (confirm(\"Are you sure you want to delete \" + uName + \"?\")) { document.deleteuserform.submit(); } } function ticketDelete() { if (confirm(\"Are you sure you want to delete this ticket?\")) { document.deleteticketform.submit(); } } function ticketArchive() { if (confirm(\"Are you sure you want to archive this ticket?\")) { document.archiveticketform.submit(); } } </script>"; } } ?>
} function endpage() { echo "</div></div></div> <div id=\"site_footer\"> Created by: Zach Kemppel </div> </div> </div> <!--[if IE]> </div> <![endif]--> "; } function homepage() { echo "<font size=\"3\">To check the current status of your computer's repair, insert the 4 digit ticket number you received when you dropped off your computer.</font><br/>"; echo "<form action=\"index.php\" method=\"get\"> <input type=\"hidden\" name=\"page\" value=\"ticket\"> <input type=\"hidden\" name=\"option\" value=\"check\"> <input type=\"text\" name=\"tid\" maxlength=\"4\"> <input type=\"submit\" value=\"Check\"> </form>"; } } ?>
17-12-11
s-p-n
Re: Current Project (looking for feedback)
It works, find a better theme.
Are you going to release this open source?
17-12-11
zkemppel
Re: Current Project (looking for feedback)
If you're actually interested in the source then I can make a release.
19-12-11
zkemppel
Re: Current Project (looking for feedback)
Wow no real feedback? Figured this community would rip me a new one on my first showcase.
19-12-11
ETTETT
Re: Current Project (looking for feedback)
Not bad at all.
19-12-11
Ron
Re: Current Project (looking for feedback)
They don't come down on you until you release something / have a demo. :P
As a customer, I'd want to see something that looks a little more professional. Google for some free templates. You'll find a lot of great stuff.
19-12-11
Justei
Re: Current Project (looking for feedback)
Allright, let's take a look.
Well, first off I want to welcome you out of the KalOnline section and into the Coders Paradise :).
Secondly, the site looks fine, I would however try (as others have pointed out) to modify the design a little, it's not too bad atm, however try looking into the following things:
- Better color scheme.
- Try removing the boxes on the sides, don't see the purpose of them.
Other than that it's not too bad, if it works, then fine :). I would however try to remake the layout and design in general.
Oh and, we are very friendly here :) this section is far friendlier than KalOnline so dw :).
19-12-11
zkemppel
Re: Current Project (looking for feedback)
Quote:
Originally Posted by Justei
Allright, let's take a look.
Other than that it's not too bad, if it works, then fine :).:).
I put a link to it with a username/password for people to try it out. Like I said, the layout was just for me while I was working on it, I do plan on finding a better one. Thanks for the feedback.
22-12-11
Dynaxo
Re: Current Project (looking for feedback)
The idea of a ticketing system to keep track of your repairs is good.
As previously stated the layout needs some work to it, or perhaps change it all together.
If you could setup a demo so we could fully see how this works and functions, that would be great, I'm sure then I could give you some more feedback on this. Good luck.
22-12-11
TimeBomb
Re: Current Project (looking for feedback)
As Justei said, work on the layout.
1) Remove the side boxes.
2) Change the background... possibly to just a static color.
3) Move the "Hello name" and Logout buttons to the top right.
4) Use <noscript> (or similar) HTML syntax to show an error if the user has javascript disabled. Currently, if you have javascript disabled and try to create a ticket, the center of the page is empty, instead of the form.
5) Fancying up some of the CSS just a tad could go a long way. Border radiuses, shadows perhaps, some padding, etc.
22-12-11
zkemppel
Re: Current Project (looking for feedback)
Guys I get it, the template sucks lol. I'm asking for feedback on the actual system itself. I put a username and password in the first post for you all to test it out. I haven't included any type of javascript in my source, so I'll have to look into that. I appreciate the feedback, I really do, but use the login I gave to test out the ticketing system.
23-12-11
jM2.me
Re: Current Project (looking for feedback)
For background gradient try to choose base color and instead of going (*color* -> white) do something like (*color* -> darker/brigther *color*)
23-12-11
Samus.
Re: Current Project (looking for feedback)
At my internship, they use stickers instead of plain tickets. They paste them on the PC itself so it's almost impossible to loose it.
Add 2 pages; 1 with "About us" and a "Contact" page to fill the nav. It looks kinda empty now.
Quote:
Originally Posted by jM2.me
For background gradient try to choose base color and instead of going (*color* -> white) do something like (*color* -> darker/brigther *color*)
Quote:
Originally Posted by zkemppel
Guys I get it, the template sucks lol. I'm asking for feedback on the actual system itself. I put a username and password in the first post for you all to test it out. I haven't included any type of javascript in my source, so I'll have to look into that. I appreciate the feedback, I really do, but use the login I gave to test out the ticketing system.
Don't make him repeat himself, lol.
23-12-11
jM2.me
Re: Current Project (looking for feedback)
Quote:
Originally Posted by Samus.
Don't make him repeat himself, lol.
I have no idea how I missed his last post. Sorry :$:
Offtopic: pic in your signature is hilarious :lol:
23-12-11
zkemppel
Re: Current Project (looking for feedback)
Quote:
Originally Posted by Samus.
At my internship, they use stickers instead of plain tickets. They paste them on the PC itself so it's almost impossible to loose it.
Add 2 pages; 1 with "About us" and a "Contact" page to fill the nav. It looks kinda empty now.
Don't make him repeat himself, lol.
We put a post-it on each computer with ticket number. This website is so we can keep track of what we've done for each computer so far, and so the customer can track the status of the repair also. There's still plenty of pages I need to add, the "About us" page definitely being one of them.
Quote:
Originally Posted by jM2.me
I have no idea how I missed his last post. Sorry :$:
Offtopic: pic in your signature is hilarious :lol:
It's no problem lol, just looking for something other than "your 5 minute quick template is crap." Trying to get this site into production by January since I'll be graduating (Computer Networking: Systems & Applications major).
Working on re-doing the login to be integrated in the top menu.
24-01-12
zkemppel
Re: Current Project (looking for feedback)
Added the source in the first post. Go easy on me, lol.
1. I don't comment anything... sorry in advance.
2. I realize now I could have done stuff a whole lot differently, but I didn't want to go back and re-do it all.
Haven't coded PHP so I don't know if there is something else wrong with the code but using switch statements instead of piles and piles of elseifs makes the code more readable.
25-01-12
TimeBomb
Re: Current Project (looking for feedback)
@Splitter
It wouldn't do much of anything for him IMO, and if/elseif/else is quicker than switch statements.
@zkemppel
I made it much more readable for you.
PHP Code:
<?php function makeNumerical($input) { return preg_replace("/[^0-9]/","", $input); }
function makeAlphanumerical($input) { return preg_replace("/[^A-Za-z0-9]/","", $input); }
if (! filter_var($email, FILTER_VALIDATE_EMAIL)) { $email = makeAlphanumerical($email); } ?>
You need to learn to separate the PHP from HTML better. Even if you can't wrap your mind around a simple template class, then at least take them out of the echo. Echo's shouldn't be big HTML blocks like that. Just keep it out of the PHP tags.
I recommend you learn better code management and organization. Looking into design patterns could prove very beneficial for you.
Also, I would recommend trying to start conforming to PEAR Standards.
s-p-n brought it to my attention recently, and, although my coding style was similar to PEAR standards, reading up on it and doing my best to practice it at all times really has made my code more readable for me in the now, as well as when I go back to look at it a few days later, and especially for other developers.
You obviously don't have to follow all the rules and standards, but some of the basics are well thought out and just plain look nice and make writing PHP less confusing at times.
Just by taking using the PEAR Control Standards(i.e. if/elseif/else statement, switch statement, etc.. standards), you can lower the amount of lines in your code, and make it more readable.
25-01-12
zkemppel
Re: Current Project (looking for feedback)
Quote:
Originally Posted by timebomb
You need to learn to separate the PHP from HTML better. Even if you can't wrap your mind around a simple template class, then at least take them out of the echo. Echo's shouldn't be big HTML blocks like that. Just keep it out of the PHP tags.
I recommend you learn better code management and organization. Looking into design patterns could prove very beneficial for you.
Also, I would recommend trying to start conforming to PEAR Standards.
s-p-n brought it to my attention recently, and, although my coding style was similar to PEAR standards, reading up on it and doing my best to practice it at all times really has made my code more readable for me in the now, as well as when I go back to look at it a few days later, and especially for other developers.
You obviously don't have to follow all the rules and standards, but some of the basics are well thought out and just plain look nice and make writing PHP less confusing at times.
Just by taking using the PEAR Control Standards(i.e. if/elseif/else statement, switch statement, etc.. standards), you can lower the amount of lines in your code, and make it more readable.
This is the type of feedback I've been looking for, thank you. I have no formal training in PHP which is probably why it's roughly put together.
29-01-12
SomeRB
Re: Current Project (looking for feedback)
Ok, so it seems that timebomb has covered most of my points already, but here is what else I have:
-----------
The first thing I noticed after logging in is that the code to check is only 4 digits long and all numeric - this is a problem!
After entering 0069 (I think) I was shown the following:
Code:
Name: john smith
Phone #: (123) 456-7890
Email: test@test.com
This should never be accessible, except by the person who the details belong to. You do not need to include any of this data in the external page, where anyone who can guess/brute force the input box can "farm" personal details.
-----------
I feel you are not seperating the admin functionality from the user functionality enough.
I mean, you have all these IF statements to validate staff, when really, you could just make a user.php and a staff.php and lock down the staff page, preferably by .htaccess
-----------
I also think you have too many classes in seperate files, but maybe that is because I have my own framework that I work within now that only requires me to have a database class and an authorization class. You seem to have classes in numerous pages. I would definitely merge some of those, based on their logic and downsize the file count.
-----------
You should also consider having a single included file, with all other includes put into that.
Right now, this is no problem for you due to the site size, but it is good practice to get into because one day, should you run a big site and include files on individual pages, you only have to remove an include from one file instead of multiple.
Sure, you could just empty data from the file and leave the file there, but in a commercial environment, that is not acceptable IMO.
