Topic: Tutorials Site (Read 3257 times)

.Darkman · « **on:** April 13, 2007, 05:53:19 AM »

Hello Everybody,

Visit my new tutorials index site at http://clevertutorials.com

This is the first site that i am coding in PHP. I think it has come out good.

I have used script.aculo.us AJAX framework at some places.

It is still not complete. I will add some more features too later. This is the basic thing that i wanted to have.

The design is from http://styleshout.com

I submitted one tutorial just for testing purposes. Feel free to submit some more if you like.

I'm mainly looking for some comments on my PHP coding.

Thanks,

clown[NOR] · « **Reply #1 on:** April 13, 2007, 06:32:26 AM »

well that was not that impressive, you havent made the style yourself, and you havent even made the tutorial yourself... your actually just redirecting.. why dont you put up a database and let people actually add their own tutorials... for all i know the site contains only one file except the gfx files.. and that's the index file...

IMO: 2/10

MadTechie · « **Reply #2 on:** April 13, 2007, 07:24:45 AM »

Ouch but i kinda agree clown[NOR], they need work

.Darkman · « **Reply #3 on:** April 13, 2007, 07:32:33 AM »

Hmm..
I really didn't want any comment on the content of the site. It IS a database and people can add their own tutorials links.

clown[NOR] · « **Reply #4 on:** April 13, 2007, 07:41:04 AM »

ok... sorry about that DB part.. but then, why dont you let people add their own tutorials? instead of just working as a sort of a daughter site for other tutorial sites, just redirecting?

.Darkman · « **Reply #5 on:** April 13, 2007, 07:57:50 AM »

Your idea is pretty good. But users don't like it much. Whoever has the ability to write a tutorial, would mostly have their own site. so they wouldn't been submitting it on my site.

Check out my other site http://templora.com

It is a site with a much wider scope. But there aren't too many tutorials there.
But check out sites like http://good-tutorials.com and http://tutorialized.com
They have lots of tutorials.

Thats the reason i chose to be just an index.

clown[NOR] · « **Reply #6 on:** April 13, 2007, 08:18:10 AM »

do you have many friends who know their way around PHP, JavaScript, Photoshop, HTML etc? if so... why dont you try to get together and make your own tutorials?

I know from my own experience.. when I come to a index tutorial site I sometimes get confused... hehe... reason for that is i start out on one page and end up on another site...

but gotta admit... i like the way sub categories change after what main cat you select...

.Darkman · « **Reply #7 on:** April 13, 2007, 08:21:57 AM »

Quote

do you have many friends who know their way around PHP, JavaScript, Photoshop, HTML etc? if so... why dont you try to get together and make your own tutorials?

Hmm... No.
I'm from southern part of India. And not everybody here shows interest in computers. So none of my friends can do. In fact, i have only one friend who can help at times. In this site, he'll help me in submitting more and more tutorials.

Quote

I know from my own experience.. when I come to a index tutorial site I sometimes get confused... hehe... reason for that is i start out on one page and end up on another site...

Lol...
In CleverTutorials all external links are opened in new window. So you'll not get confused i guess.

clown[NOR] · « **Reply #8 on:** April 13, 2007, 08:47:44 AM »

hehe... oh well.. i've shared my opinion =) it's your site and you do whatever you want with it=)

Chat · « **Reply #9 on:** April 13, 2007, 12:25:02 PM »

design is both strange and interesting.

where can i view your php coding to criticise it?

.Darkman · « **Reply #10 on:** April 13, 2007, 12:32:19 PM »

Lol, you cannot see the PHP coding.
But you may comment on how it functions.

obsidian · « **Reply #11 on:** April 13, 2007, 12:44:17 PM »

Quote from: .Darkman on April 13, 2007, 07:57:50 AM

Your idea is pretty good. But users don't like it much. Whoever has the ability to write a tutorial, would mostly have their own site. so they wouldn't been submitting it on my site.

Therein lies part of your problem. At first glance, I would have no idea that I was going to be redirected to a third-party site. As a visitor, I wouldn't like that much since there is no warning or even credit given to the individual sites the tutorials come from. The layout looks good, but it's not really original. I think that you've done a pretty good job overall, but it's hard to say without seeing the result of my submission

I tried to put some different types of things in to see what I could get away with, and I was able to submit some different characters and things that could leave you XSS vulnerable, but I didn't go that far.

Chat · « **Reply #12 on:** April 13, 2007, 12:48:41 PM »

Quote from: .Darkman on April 13, 2007, 12:32:19 PM

Lol, you cannot see the PHP coding.
But you may comment on how it functions.

forgive me for my stupidity but how on earth can anyone do that?

obsidian · « **Reply #13 on:** April 13, 2007, 12:53:04 PM »

Quote from: Chat on April 13, 2007, 12:48:41 PM

forgive me for my stupidity but how on earth can anyone do that?

Chat, any page that you go to that has the dynamic element to it is written in some sort of scripting language (such as PHP). The problem is that they are server side, so by the time the page reaches your browser, you can't see anything of it left. Therein lies the difference between server side scripting languages and client side ones (such as javascript). While he's asking for a critique on the site, we can examine how well he handles things in his code without ever actually seeing the code directly.

For instance, there is an includes file on his site I located, but if you view the PHP files inside that folder directly, you simply see a blank page: http://clevertutorials.com/includes.

Hope this helps the understanding a bit.

veridicus · « **Reply #14 on:** April 13, 2007, 12:57:51 PM »

I like the domain name. But I just don't find a site like that interesting. If I'm looking for a tutorial on something I google it.

Chat · « **Reply #15 on:** April 13, 2007, 01:09:01 PM »

i was not aware of this unrestricted includes folder.

anyway, i can't seem to access the raw php still. i tried saving the file but my silly library computer is messing me around. can you paste the php code in this thread?

obsidian · « **Reply #16 on:** April 13, 2007, 01:16:53 PM »

Quote from: Chat on April 13, 2007, 01:09:01 PM

anyway, i can't seem to access the raw php still. i tried saving the file but my silly library computer is messing me around.

That's just it. Because it is PHP, you cannot access the raw code through a browser. You would have to have the author share the code with you (like you've asked).

.Darkman · « **Reply #17 on:** April 13, 2007, 10:14:28 PM »

Quote

I think that you've done a pretty good job overall, but it's hard to say without seeing the result of my submission Wink

I tried to put some different types of things in to see what I could get away with, and I was able to submit some different characters and things that could leave you XSS vulnerable, but I didn't go that far.

Oh ! Thanks for pointing me out.
I thought of cleaning up the text off tags. But then i ignored it because i'll be able to accept or reject tutorials before they show on their site.

For eg, i looked at your submission. I deleted it.

So do you say that i should strip the Description off tags ?

Thanks,

obsidian · « **Reply #18 on:** April 14, 2007, 09:30:01 AM »

Quote from: .Darkman on April 13, 2007, 10:14:28 PM

For eg, i looked at your submission. I deleted it.

So do you say that i should strip the Description off tags ?

It's totally up to you, but here's the thing: if the javascript I entered into the description actually showed a popup when you reviewed my submission, if I were mean, I could have taken that to the next level and used the javascript that would run to send your PHPSESSID to myself. If I have that, I could have then used your cookie to log in as you (hypothetically). While I'm oversimplifying things for the sake of argument here, the threat is very real. Any time you have client script running that you did not right (especially in an admin panel), it can be very dangerous.

.Darkman · « **Reply #19 on:** April 14, 2007, 09:34:06 AM »

Quote from: obsidian on April 14, 2007, 09:30:01 AM

Quote from: .Darkman on April 13, 2007, 10:14:28 PM
For eg, i looked at your submission. I deleted it.

So do you say that i should strip the Description off tags ?

It's totally up to you, but here's the thing: if the javascript I entered into the description actually showed a popup when you reviewed my submission, if I were mean, I could have taken that to the next level and used the javascript that would run to send your PHPSESSID to myself. If I have that, I could have then used your cookie to log in as you (hypothetically). While I'm oversimplifying things for the sake of argument here, the threat is very real. Any time you have client script running that you did not right (especially in an admin panel), it can be very dangerous.

Very True.
So, will it be okay if use the following code before submitting information into the database,

Code: [Select]

$description = strip_tags($description);

obsidian · « **Reply #20 on:** April 14, 2007, 09:41:41 AM »

Quote from: .Darkman on April 14, 2007, 09:34:06 AM

Very True.
So, will it be okay if use the following code before submitting information into the database,
Code: [Select]
$description = strip_tags($description);

Yes, however, you may wish to give your submitters some limited HTML to spice up the descriptions. If so, just use the optional second parameter with strip_tags():

Code: [Select]

<?php
$description = strip_tags($description, "b i u strong em");
?>

Good luck!

.Darkman · « **Reply #21 on:** April 14, 2007, 09:45:26 AM »

Thanks a lot for your help. Even those HTML would spoil the look. So i'll strip all the tags.

Thanks,

News:

Author Topic: Tutorials Site (Read 3257 times)

PHP Freaks Forums