Building your own Myspace.com with PHP part VI: Finishing touches
We have learned by now how to register a user and login, how to display and edit a presentation, how to add friends and search for new friends. In this last part of the tutorial we are going to finish it up with a guestbook where the visitor to a presentation can leave a message [...]
What is left to do now is tie it all together with a nice layout I have made a simple interface for all the code in this tutorial that you are free to use for inspiration, you can download it here. I also have a demo available online.
There are many improvements and feautures that could be added to this project but I will leave that up to you :). Here are some ideas of possible extensions.
- Private messaging
- Who is online
- Making friend request go both ways
If you have any suggestions on improvements for this tutorial or have any comments in general either post them as comments or send me an e-mail at stefan [at] upgradetheweb.com
ei i wanna thank you for this tutorial because this is my thesis topic… thanks a lot…=)
Hi, great tutorial for the masses. Except you have one fatal flaw. Please be sure to teach them how to sanatize user input. This is vital.
Your demo has a security hole which can compromise your site. Thought I’d give you a heads up.
Regards,
Justin Turner
C2 Global Technologies
http://c2global.com
Cutting edge website development.
Great tutorial!
As Justing points out, there is a huge security problem with the community. I hope you have your database some other place than the rest of the site. Because it can easily be removed, since none of the input is validated or secured in any way. Here is a start http://www.dot-silver.co.uk/index.php?id=6.
Keep up the good work!
Thanks for the heads up. You are both right that I should expand the tutorial to cover how to sanatize user input. I will update this as soon as possible. The demo application is fixed.
you should put in a check at the add friends part to make sure that the friend you’re adding exists. you can type a fake name in the url and add a friend that isn’t real. it takes 3 lines of code.
You should teach us how to do the private messaging :)
This is in response to the Security comment, and I’d actually like to say thanks to him/her for recommending my article. If you would like to see the article on security, the URL has been updated.
http://www.dot-silver.co.uk/tutorials/view/6/PHP+and+SQL+Security/
Lovely tutorial. I sure do hope that some day this tutorial might continue.
is their any good secure way to secure the overall login and sessions. I notice that if I didn’t login I and know the url I can just put the url and the username I would know and it would allow me to be logged in that users account without the password.
Does anyone know a tutorial which will explain how to creat a personal messaging system OR make the fried request to go both ways and send a request VIA personal message
Yes I would be interested in Making friend request go both ways. Anyone have the tutorial for this ???
Would also be nice to let the friend your adding approve or deny your request.
Anyone know how to do this?
I am going to write one considering my site is based off of this and I have everything but Who is Online.