Constructive feedback on newly launched web project requested.

Discussion in 'Programming & Software Development' started by blued, Jan 24, 2018.

  1. blued

    blued Member

    Joined:
    Apr 29, 2008
    Messages:
    215
    Location:
    Melbourne
    Hi all,

    I've recently had some time off and wanted to get back into web development.
    During my time off I've been working on a web based project and today i made it live.

    The site is pretty self explanatory (i hope), can be visited at http://www.giftsto.com.au and I'd love to get your feedback.

    To be honest i made the site as i am hopeless with remembering occasions. I know that some social media platforms provide a similar service but not the same notification methods, not everyone may be on the platform you use nor as simple to use.

    Let me know your thoughts. If you want to test the site and want me to delete all your data please contact me (either via the contact form on the site or PM me here).

    Cheers.
     
    Last edited: Jan 24, 2018
  2. doug81

    doug81 Member

    Joined:
    Jul 18, 2005
    Messages:
    4,500
    Location:
    South Yarra, VIC
    Interesting idea - assuming you'll then monetise through targeted referrals to occasion-based gifts?
     
  3. waltermitty

    waltermitty Member

    Joined:
    Feb 19, 2016
    Messages:
    531
    Location:
    BRISBANE
    Maybe put SSL on your homepage as well

    Maybe add some tooltips on the action buttons or labels above so users know what each does e.g. silent/edit/delete whatever.

    Maybe add a datepicker rather than force dd-mm-yyyy

    Otherwise cool site

    [​IMG]
     
  4. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    52,856
    Location:
    brisbane
    make an app as well.
     
  5. OP
    OP
    blued

    blued Member

    Joined:
    Apr 29, 2008
    Messages:
    215
    Location:
    Melbourne
    Appreciate the feedback all.

    Yeah, something like that. We wont provide any user data to third parties but in the future we may consider some subtle advertising.
    Appreciate the feedback.

    Good idea. Ill add some tooltips for the first entry or for all entries with an option to turn off via account settings.
    A datepicker is on my roadmap for sure.

    The site is responsive and works well on mobile devices. I might make an app in the future however.
     
  6. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    52,856
    Location:
    brisbane
    millions more eyeballs on app stores, etc. your choice.
     
  7. OP
    OP
    blued

    blued Member

    Joined:
    Apr 29, 2008
    Messages:
    215
    Location:
    Melbourne
    All done. Working on the datepicker too.

    In addition to those changes I've also added more ability to change reminder frequency. For example, a person can now opt out from receiving reminders one month out, can choose to receive reminders the day of, etc.

    Fair point. :thumbup:
     
  8. w0ng

    w0ng Member

    Joined:
    Dec 17, 2006
    Messages:
    122
    Location:
    Sydney
    G'day. Congrats on your site. If this is your first website, it's A LOT of of work.
    I like that your using bootstrap and jquery to keep things easy.
    Are you using any PHP framework? If not, it's worth learning. Check out https://laracasts.com/series/laravel-from-scratch-2017. It'll take at least 5-10 hours to sink in if you've done web dev before or 20-50 hrs if you haven't, but it's well worth it. Laracasts is unquestionably the best online resource for people learning a web framework for the first time or someone re-learning something from 10 years ago.

    Some of the things typical of these frameworks are dealing with form validation and authentication before/after dealing with sqlite/mysql database stuff.

    e.g. some of the important security things you can look into, which all standard database-driven websites have are (using a framework normally does all of these for you):

    Authentication
    - Instead of a different subdomain (send.giftsto.com.au, send.giftsto.com.au/login.php, send.giftsto.com.au/login.php?logout=true), create the routes giftsto.com.au/home, giftsto.com.au/login, giftsto.com.au/logout
    - When a user is logged out and they go to /home or /logout, redirect them to /login
    - When a user is logged in and they go to / or /login, redirect them to /home

    Validation
    Make sure all forms are validated in PHP. Javascript validation is mostly for UX and aesthetics, but backend comes first because JS can be changed easily e.g. in Google Chrome, I can easily easily ignore your JS validation by removing the
    Code:
    onsubmit=
    part of your
    Code:
    <form ...
    from the Elements tab, or from the Console tab I can just type
    Code:
    ValidateForm = () => true;
    and then I can type "NOTANEMAIL" in the email field and "1" for the password field.

    Protecting from SQL Injection
    SQL injection is a fancy term for "people can do nasty stuff to your database from form fields or the URL because your sql queries are not escaped" (see: https://secure.php.net/manual/en/security.database.sql-injection.php)
    e.g. I'm guessing somewhere in your login.php, you probably have something like
    Code:
    "INSERT INTO users(email, password) VALUES (" . $_POST['email'] . ", " . $_POST['password'] . ")"
    because if I try to create a login with the email as "some@email.com, somepassword); SELECT * FROM users; --", in your PHP it will be executing:
    Code:
    "INSERT INTO users(email, password) VALUES (some@email.com, somepassword); SELECT * FROM users; --"
    it returns a 403, indicating the SELECT ran. Replace SELECT with DROP, UPDATE, or DELETE and we'll be in trouble.
     
  9. OP
    OP
    blued

    blued Member

    Joined:
    Apr 29, 2008
    Messages:
    215
    Location:
    Melbourne
    Thanks mate. Appreciate the feedback greatly!

    I'll look into using directories rather than pages as it does look neater at the very least :thumbup:

    In terms of the security side of things there's more i can do that's for sure and I'll keep making changes in this regard.
    I wont go into too much detail outside of private message but there were some odd accounts created by you bypassing the client validation :Paranoid:
     
  10. Alqemist

    Alqemist Member

    Joined:
    Oct 5, 2002
    Messages:
    1,255
    Location:
    Victoria
    Add the reminder options when you create the event. I created 6 events and then had to edit each one to remove 1 month prior.
     
  11. OP
    OP
    blued

    blued Member

    Joined:
    Apr 29, 2008
    Messages:
    215
    Location:
    Melbourne
    Thanks mate. You can untick the box at the bottom of the "Add" screen to adjust the reminder times and methods. Would you prefer that to be visible all the time like in the edit screen?
     
  12. Alqemist

    Alqemist Member

    Joined:
    Oct 5, 2002
    Messages:
    1,255
    Location:
    Victoria
    Yep I think that would be more intuitive.
     
  13. OP
    OP
    blued

    blued Member

    Joined:
    Apr 29, 2008
    Messages:
    215
    Location:
    Melbourne
    All done.
     
  14. Alqemist

    Alqemist Member

    Joined:
    Oct 5, 2002
    Messages:
    1,255
    Location:
    Victoria
    Site is down?
     

Share This Page