#1
  1. No Profile Picture
    <? unset($sanity) ?>
    Devshed Novice (500 - 999 posts)

    Join Date
    Jul 2003
    Posts
    613
    Rep Power
    11

    http://cars.betachat.com


    Okay boys, and girls.. A new design needs a security check, and loop holes.

    http://cars.betachat.com

    The site holds information of a business of mine that contains cars bought, and sold.

    Login with this information..

    UserName: DevShed Users
    Password: access



    Have fun, and let me know what needs to be covered up, and what I've done wrong, and even what you would do if you were me. Don't be shy, let me have it!

    EDIT:
    The known bugs are:


    1) In buyer_edit.php I can edit a buyer who doesn't exist by typing in buyer_edit.php?id=none_existant_buyer_number
    for example "buyer_edit.php?id=5"
    Last edited by URSLOWR; August 27th, 2003 at 09:31 AM.
    "I haven't failed, I've found 10,000 ways that won't work."
    - Thomas Edison

    -=Rick=-

    Chat Refinance Loans
  2. #2
  3. Just another guy
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Jun 2003
    Location
    Wisconsin
    Posts
    2,953
    Rep Power
    262
    Read the sticky. Next time put the web address in your topic. (And at least have the address somewhere in the post. We need to know where to go, after all.
  4. #3
  5. No Profile Picture
    <? unset($sanity) ?>
    Devshed Novice (500 - 999 posts)

    Join Date
    Jul 2003
    Posts
    613
    Rep Power
    11
    Whoops, I hate it when I forget to do things..
    "I haven't failed, I've found 10,000 ways that won't work."
    - Thomas Edison

    -=Rick=-

    Chat Refinance Loans
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2003
    Posts
    152
    Rep Power
    11
    i'm really tired so this'll be short but

    search goes to a drop down for search... thats redundant, if a menu has only 1 option it should go there instantly via click... having to do it twice is annoying for the user

    how do you get back to the first screen after login, once you've clicked an option? hehe i couldn't find it, should make that more obvious

    payment > add payment only brings you to a list, i couldn't see a way to add a new one, should have list payments and add payment?


    actually all the adds are doing that, is that just not imp'd yet?

    other than that its good, sleek interface..

    oh one other thing i noticed - from a data entry background, in add vehicle when you tab from version to date bought it tabs to submit, then tabs to the calender, then tabs to date bought the calender, it should tab to the date bought entry field; it should tab immediately to date bought, tabs should always be in sequence with extra buttons ignored, for fast data entry purposes

    i like the layout tho, its very clean.. if this is going to be used for mass data entry you should attempt to make keyboard shortcuts for the menus, altho i dunno if you can, thas way beyond my scope

    g'night!

    one last thing, i was closing all my browsers and ihad a ton from you, i realized why - i thought that the 'view customer info' link didn't work, as it turned out, it opened up a new browser window.. that should open in the same window

    really g'night now!

    Comments on this post

    • JimmyGosling agrees
    Last edited by lisajill; August 27th, 2003 at 01:48 AM.
  8. #5
  9. kill 9, $$;
    Devshed Supreme Being (6500+ posts)

    Join Date
    Sep 2001
    Location
    Shanghai, An tSín
    Posts
    6,897
    Rep Power
    3886
    Overall . . . very nice with good interface.

    Just a couple of small things (using IE5).

    On the menu bar, clicking on the menu heading (Vehicle, Buyer etc.) when its submenu is expanded brings you back to the login page. It really should collapse the menu again. Also, when a menu is expanded, clicking in the main part of the page gives a javascript error:
    Code:
    Line: 408
    Char: 7
    Error: Object doesn't support this property or method
    Code: 0
    URL: http://cars.betachat.com/vehicle_display.php
    On the main page (late.php after login), most of the text is black on dark blue background and is very hard to read. Either change text to white of lighten the background. Also, I can play around with the MySessID param in the url (including deleting it) without changing anything. Perhaps this isn't important.
  10. #6
  11. No Profile Picture
    <? unset($sanity) ?>
    Devshed Novice (500 - 999 posts)

    Join Date
    Jul 2003
    Posts
    613
    Rep Power
    11
    First, I'd like to say thanks for taking the time to look the site over.

    Originally posted by lisajill
    i'm really tired so this'll be short but

    search goes to a drop down for search... thats redundant, if a menu has only 1 option it should go there instantly via click... having to do it twice is annoying for the user..
    -=Fixed=- Good catch, I was going to fix that, but just had not taken the time to do so since I *just* got done with the search option.


    how do you get back to the first screen after login, once you've clicked an option? hehe i couldn't find it, should make that more obvious
    -=Fixed=- I missed that one too. That is if you were talking about the late.php page?


    payment > add payment only brings you to a list, i couldn't see a way to add a new one, should have list payments and add payment?
    This one is tricky because I have to have a value in buyer_payment.php?id=vehicle_id Right now I can't think of any other way of doing this, any suggestions?

    /\
    |
    actually all the adds are doing that, is that just not imp'd yet?

    other than that its good, sleek interface..

    oh one other thing i noticed - from a data entry background, in add vehicle when you tab from version to date bought it tabs to submit, then tabs to the calender, then tabs to date bought the calender, it should tab to the date bought entry field; it should tab immediately to date bought, tabs should always be in sequence with extra buttons ignored, for fast data entry purposes
    I took a look at this and not sure what you mean. When I tabbed down the list, it went from...
    Year->Make->Model->Version->DateBought(which is a read only input tag)->DateBoughtCalendarIcon->AmountBought->Submit
    ... I have the Date Bought input read only because *I* want to have the correct date format entered in, the only way I could do that is to have a pop-up calendar, that way the date is always in the format of mm/dd/yyyy, no matter who enters the data in. The reason for the formatting is basically for the "late.php" page.



    i like the layout tho, its very clean.. if this is going to be used for mass data entry you should attempt to make keyboard shortcuts for the menus, altho i dunno if you can, thas way beyond my scope
    It will be for mass entries, but only over a long period of time. Very long.

    g'night!

    one last thing, i was closing all my browsers and ihad a ton from you, i realized why - i thought that the 'view customer info' link didn't work, as it turned out, it opened up a new browser window.. that should open in the same window
    That window is supposed to open on "target=top", so you should have seen them right away. But I got away from that and went right to the page without a pop-up.

    really g'night now!
    Once again, thanks for taking the time to check it out.
    Last edited by URSLOWR; August 27th, 2003 at 08:59 AM.
    "I haven't failed, I've found 10,000 ways that won't work."
    - Thomas Edison

    -=Rick=-

    Chat Refinance Loans
  12. #7
  13. No Profile Picture
    <? unset($sanity) ?>
    Devshed Novice (500 - 999 posts)

    Join Date
    Jul 2003
    Posts
    613
    Rep Power
    11
    Originally posted by ishnid
    Overall . . . very nice with good interface.
    Thanks!

    Just a couple of small things (using IE5).

    On the menu bar, clicking on the menu heading (Vehicle, Buyer etc.) when its submenu is expanded brings you back to the login page. It really should collapse the menu again. Also, when a menu is expanded, clicking in the main part of the page gives a javascript error:
    Code:
    Line: 408
    Char: 7
    Error: Object doesn't support this property or method
    Code: 0
    URL: http://cars.betachat.com/vehicle_display.php
    I can solve this easily, because it's going to be only a selected crowd using this database. I'll just have them use the current version of IE. Also, the best resolution to view the site is 1024 by 768 (that's the res I used when making the layout).

    On the main page (late.php after login), most of the text is black on dark blue background and is very hard to read. Either change text to white of lighten the background.
    I'll look into lightening up the dark blue background.

    Also, I can play around with the MySessID param in the url (including deleting it) without changing anything. Perhaps this isn't important.
    I'm not sure if that's a threat of any kind, or if it will harm anything. I'll look it up and see what kind of problems it would cause. Other then that, I don't think it will have any effect on login access, unless someone was to know the MySessID and username and password. Only a select group will have access to this.
    Thanks for taking your time to look this over.
    "I haven't failed, I've found 10,000 ways that won't work."
    - Thomas Edison

    -=Rick=-

    Chat Refinance Loans

IMN logo majestic logo threadwatch logo seochat tools logo