Xenon Design

Hey all.Ive made a blog and started blogging about Web 2.0 and thought's iv'e had about its working and why its so successful.This is part 1 of many and I will add articles when I can.Heres Part 1-> http://ecky.wordpress.com/2007/04/14/succe...he-user-aspect/Enjoy and leave a comment if you wish

Your doing it a slightly longer and harder way that its usually done. Heres what a basic, typical login will look like. I will model the below on your above code.

$con = mysql_connect("localhost","******","******");mysql_select_db("******", $con);$name = mysql_real_escape_string($_POST['name']);$pass = mysql_real_escape_string($_POST['pass']);$search = mysql_query("SELECT * FROM users WHERE `name` = '".$name."' AND `pass` = '".$pass."'");$num_row = mysql_num_rows($search);if ($num_row >0){	 $_SESSION['logged'] = 1;}else{	 $_SESSION['logged'] = 0;}

If there is a record then there will be bigger than 0 records! Also I put in some security for ya, the mysql_real_escape_string stops SQL injections.

My first question is, is the variable you use in the euqation a number or string? If its a string then use intval():

$variable = "1990";$equation = intval($variable)+1;print $equation;//Will print 1991

Also whats the + in front of $_GET['target_lvl'] ?

Im not quite sure what you mean. Could you post some code or a more detailed explination?

You have put in a physical line break here:

echo "<tr>\n<td width='120' valign='top'><b class='tname'><a href='http://hiscore.runescape.com/lang/en/aff/runescape/hiscorepersonal.ws?user1=$name'>$name</a></b></td>\n<td width='50' valign='top'> " /*echo ended here */

PHP doesnt like em. So just use <br> tags or /n but not actual line breaks. The result should look like this:

echo "<tr><td width='120' valign='top'><b class='tname'><a href='http://hiscore.runescape.com/lang/en/aff/runescape/hiscorepersonal.ws?user1=$name'>$name</a></b></td><td width='50' valign='top'> " /*echo ended here */

You should not need ine breaks in the table tag anyway unless you want a space. If so just pop in some <br/> tags.

These are my honest opinions and only constructive crit.Problem 1: Start/Enter screen, why? We want to visit a website and having to click another link is painful. Research says that people will likely to click on 3 links on your site and that counts as 1.Problem 2: No structure, the site has really no design structure at all. It needs to have a skeleton redesign of the site (layout of objects). IMO the nav should be on the leftProblem 3: Lack of images, its not very nice on the eye...nothing to look at and 'wow' about...but then again Vista is using the same approach (sorry but I had to make a cheap shot at Vista )So heres some solutions:Solution 1: Ditch the enter page :)Solution 2: Make a design skeleton/map for the site. This should include where the nav, logo and content are going to be placed. The usual style is a logo up top, nav to the left and content filling the right.Solution 3: Your probably more of a developer (as said above) than a designer. I had the same problem. You can go to sites like www.cssremix.com and www.webcreme.com and get some inspiration. Also pick a colour scheme from www.colorschemer.com that matches the site. Blues popular atm but maybe you want to mix it up a bit with some diff. colours.Also the cross hair cursor, its not bad but its annoying for a person who wants to view the site.With time and practice you'll get better

Thanks for the new sites...I will add them in when I get home tonight.

What youll need to do is FTP upload the files to the server. Then for the database you'll have to transfer the data over.I cant elaborate atm because im at school. But im sure someone else can.

The outer glow around the header seems strong. Also, im not sure if you can, its just a bit too plain. It needs something to liven it up.

Awesome thanks peoples If you have a site that I dont have listed for the search PM it to me.

I did have it black but it didnt look to well. White is just fine

Well ill make 1 that mashes em all up then And you can just choose a label to search for specifics...you do know about the lables? If not, check at the top of the results below the ads

I just fixed a few small bugs to make it correctly show this forum since its on a different domain So far W3schools appears on all of my search engines site lists...GO W3S!

Go to my refined Google search engine and find what you want from my favorite sites I use to help me. It includes W3schools as one of those sites.Mega Coding search engine (powered by Google)Shows results for all below langs plus SQL. You can still refine to coding langs using the label options (eg 'HTML only' if you want help with HTML coding only)PHP Refined search engine (powered by Google)ASP Refined search engine (powered by Google)HTML, CSS & Javascript Refined search engine (powered by Google)I will be making more for the other coding langs asap. So check back for more information.Edit:All the major ones done. Please reply with good tutorial and refrence sites to add to the list. I know we arnt allowed to reference other sites but for the sake of helping others this SHOULD be exempt.Flash Actionscript is being added to the mega search option

Well maybe its not a problem with the javascript but rather with your dynamic programming. What DONT you want the user to go back in their history? You may just need to re-revise your dynamic coding.

You could use some javascript to scroll to it. If you want me to make that just PM me and ill send you it. It will ease into the selected range of the section your link is at.I dont know of a way in CSS in which you can make it 'ease' scroll.

Im not sure but i think that thats a safari/mac aqua style thing. You could just use a plain <img> tag but use some simple javascript to submit the form.

<script>function submitForm(){document.getElementById('form1').submit();}</script><form id="form1" action="form/submit.html"><img src="***************************img/default/elections/poll_submit.gif" onclick="submitForm()"/></form>

SQL is standard over all languages it just how I wrote the code around it.Jump on to the W3S website and go learn SQL Its DEAD simple and should only take 1 hr tops to learn.

Also another thing to add...how can you hack HTML? Like its not like if I change it with my fancy Firefox plug-ins it will change on the server...it wont. Really security is for databases and dynamic scripts :)Also a good comment there aspnetguy. If the visitor is living in the old times/browsers they wont see the page.

Quick question: Why not just have a scroll bar? I know it may look better to us designers BUT your average user just wants a scroll bar and not a fancy doodad. We really have to look at visitors as being Neanderthals and we have to spell everything out for them and make everything obvious.

<script>function scrollDown(){var obj = document.getElementById('disp');obj.scrollTop += 10;}function scrollUp(){var obj = document.getElementById('disp');if(obj.scrollTop > 9){obj.scrollTop += 10;}}</script>

Just basic stuff there. And just put the scroll buttons on the side and maybe make it look like a scroll bar.

Note: This was fixed via MSN. The problem was it would not run the .php3 extension because Apache's MIME types do not 'by default' know about the php3 extension. You can add this to the MIME list if you want to.Just thought id keep every1 in the loop

They will mainly only attack databases and if they can access the pages they will edit them.The way they can delete your database is by exploiting weakneses in your SQL syntax. Heres a common mistake:

$sql = "SELECT * FROM users WHERE username ='".$_POST['username']."' AND password = '".$_POST['password']."'";$query = mysql_query($sql);

That can be exploited by any SQL Hacker novice. So thats an example of a BAD system. Heres a good one:

$user = ereg_replace("[^A-Za-z0-9\-\_]", $_POST['username']);$pass = md5($_POST['password']);$sql = "SELECT * FROM users WHERE username ='".$user."' AND password = '".$pass."'";$query = mysql_query($sql);

So the key here is making sure no user submitted data from forms (input boxes etc.) is not a hack.Theres more advanced ways to secure stuff but basically the main thing you have to look out for if you have a database is the user submitted data.You wont be hacked by a faulty script Just an error message :)I hope you understand that BTW Im using PHP as the examples. ASP and others will be different.

Open up sources/classes/post/class_post.php and add this to the end of the function named compile_post()

//-----------------------------------------		// Check if they are a bot [XENON DESIGN]		//-----------------------------------------		include_once(ROOT_PATH."sources/action_public/xemod_userinfo.php");		$xemods = new xemod_userinfo();		$xemods->init_db_conn();		$user_id = $this->ipsclass->member['id'];		$user_info = $xemods->get_full_user_info($user_id);		$num_img = substr_count($this->ipsclass->input['Post'], '[IMG');		$num_img += substr_count($this->ipsclass->input['Post'], '[img');		$num_url = substr_count($this->ipsclass->input['Post'], '[URL');		$num_url += substr_count($this->ipsclass->input['Post'], '[url');		$num_posts = $user_info['posts'];		$days_joined = floor((time() - $user_info['joined'])/( 24 * 60 * 60));		if($days_joined < 5 && $num_posts < 5 && $this->ipsclass->input['iconid'] == 1){			if($num_img >= 3 || $num_url >=3){				$this->ipsclass->Error( array( LEVEL => 1, MSG => 'bot_detected') );			}			$post['queued'] = 1;			$this->obj['post_errors'] = $this->parser->error;			return $post;		}

Add that just before this:

$this->obj['post_errors'] = $this->parser->error;			return $post;

Youll have to add my special 'xemod_userinfo.php' into your sources/action_public folder. Heres the code for it. Just make the file with the below:

<?phpif ( ! defined( 'IN_IPB' ) ){	print "<h1>Incorrect access</h1>You cannot access this file directly. If you have recently upgraded, make sure you upgraded all the relevant files.";	exit();}class xemod_userinfo{	#Globals	var $conn;		function init_db_conn(){		global $global_xemod, $conn;		if($global_xemod['conn_status'] == false){			$conn = mysql_connect('localhost', '%mysqlUSERNAME%', '%mysqlPASSWORD%');			if(!$conn){				die('CONNECION ERROR - Xenon Mod failure');			}else{				mysql_select_db("%databaseNAME%", $conn);				$global_xemod['conn_status'] = true;			}		}	}	function get_full_user_info($user_id){		global $conn;		$user_id = ereg_replace("[^0-9]", "", $user_id);		$sql_1 = "SELECT * FROM %IPB-DB-PREFIX%members WHERE id = ".$user_id;		$query_1 = mysql_query($sql_1, $conn);		if(!$query_1 || mysql_num_rows($query_1) < 1){			return "error";		}		return mysql_fetch_array($query_1);	}}?>

That file does include more 'stuff' in it and if you go to http://martin2k.co.uk/forums and view a post you'll see a few mods I have made. You could just get the user info from the IPB but I just decided to use what I had already made previously.Then just for a small bug fix in my code, open up sources/ipsclass.php and add this in the function named Error (case specific):

if($error['MSG'] == 'bot_detected'){			$msg = "Your post has been suspected as being a SPAM post and has not been submitted! Your username has been added to our watch list along with your IP.";		}

Put it after the following line of code:

$msg = $this->lang[ $error['MSG'] ];

-~-~-~Now for a lowdown on what happens:When a user posts that is less than 5 days old, less than 5 posts, uses simily icon 1 then their post is then put under moderation/unapproved status. If there is then more than 3 url's and/or 3 or more img's then they cannot post that topic.It works in my IPB 2.0.1. Hopefully it will work for you If not drop me a PM.

Ill dig it up off the PHP pages now. Just give me a min to put it together

It happens to the best of us dont worry :)I was at work and I realized the PC I had about a months work on had died and I had to start from scratch. 20 PHP files and a whole database setup gone But I got it back again