Volunteer

[John]

Well 3 years ago I started PHP for one reason. For the past 3 years (with long intermissions) I was working on a script. Finally, (with the extra time i had this summer) everything works to my satifiction. I was wondering if someone with a vast knowledge of php could get together with me (either by email or via IM) and critique, give me pointers, and point out coding errors and security flaws in my script.

i would post the files in the forum for everyone to rip apart, but i havnt decided how im going to distribute the files. whether under the gnu/gpl or a commercial license. I was thinking about encrypting it with zend, but in the event i go with the latter two, i would like the lelast ammount of people to have access to the full source.

so if someone is willing to volunteer, either post here or pm me. i would really appreciate it.

thank you.

[Jordan]

I'll take a look at it and I can also test it out on 2 different linux systems.

PM me for my email.

[Lop]

I'm up for it. What type of PHP app is this?

[John]

Quote:

Originally Posted by Lop

I'm up for it. What type of PHP app is this?

Its a script for a game i play. It allows clans to gather the stats of their players and compare them against eachother. Its a 'Top List' but it compares many stats.

I appreciate both of you doing this. Ill be sending both you a PM. Thank a lot.

[Jordan]

I've yet to install the application but I did look the code over today. Do you want me to post what I think here or PM you my thoughts?

[John]

either is fine with me.

[Jordan]

I'm going to install it on a public server today (just so I can test the install). Would you like to give the URL out for testing to people that play your game?

Ok, here are some things that I would change:

1) In most of the files you have no comments. You should add more comments!

2) You have a ton of if statements at the top of each script:

PHP Code:

if($fn == 'player_name'){
$filename = "Player";
}
elseif($fn == 'team_experience_points'){
$filename = "Total";
}
elseif($fn == 'koth_experiencepoints'){
$filename = "TKOTH";
}
elseif($fn == 'dm_experiencepoints'){
$filename = "DM";
}
elseif($fn == 'flag_experiencepoints'){
$filename = "CTF";
}
elseif($fn == 'bw_experiencepoints'){
$filename = "BW";
} 


and in most files it is the same statements. I would make an include file with those and just include them. Also, I would change the endifs to a select/case.

3) There isn't enough whitespace, for instance at the top of exp.php

PHP Code:

include "config.php";
include "english.php";
include "header.php";
$ordr = (isset($_GET['ordr']) ? $_GET['ordr'] : "asc"); 


I would change to

PHP Code:

// Include Files
include "config.php";
include "english.php";
include "header.php";

// Setup SQL Statement
$ordr = (isset($_GET['ordr']) ? $_GET['ordr'] : "asc"); 


Most of what I'm saying are just quirks of mine. The actual code looks fine.

[John]

i dont need the URL, just maybe after you install it, add the PID's i included in the readme, check the public files for any errors, and maybe change a few values in the database and make sure the update.php works.

thanks

[dirkfirst]

I'm up for testing this! I can tell you what I think about it as well.

[Jordan]

Ok, here is what happened during install:

1) At the create tables phase you have no real test to see if it actually creates the tables. It doesn't. If you change your connections to looke like:

PHP Code:

mysql_query($sql, $db) or die ('failure, could not create tables!' . mysql_error()); 


you will see that it dies.
Mine didn't work because of this line:

PHP Code:

 ENGINE=MyISAM DEFAULT CHARSET=latin1; 


at the end of the create tables.

Once I got it installed and deleted the install directory I tried to login. I used jordan/jordan as username/password combo and it does exist in the db as jordan and an md5 password. When I type those two in and press login it takes me right back to the login page without error. If I type in the wrong combination I get an error. Not sure what the problem is there but I was able to bypass it by going directly to the admin.php.

I enter a pid but no data is pulled in (all 0s). I think this may be the server though instead of your PHP. I see nothing wrong with your code and pid URL works fine. It does take a while to load though.

After that, once you go to the main site of your php it looks nice! Very impressive. I'd say that once you finish and work out the bugs it will be a nice script to have! Let me know if you need any more help.