[Help Still Needed] Coding/Psychology

A place to discuss the implementation and style of computer programs.

Moderators: phlip, Moderators General, Prelates

User avatar
BotoBoto
Posts: 191
Joined: Mon Mar 09, 2009 9:31 pm UTC
Contact:

[Help Still Needed] Coding/Psychology

Postby BotoBoto » Wed Jan 12, 2011 10:05 am UTC

So, I have this site. It's for posting pictures and what not. It's mostly a place where I can experiment with PHP and Mysql and html/css. I'm getting pretty decent at the coding part but I need community interaction to know where bugs lie, what really doesnt work; hence I want to know the psychology behind user interaction, when does a user sign up? What makes him sign up/comment.

I've made it possible so that people can post anonymously but even that doesn't seem to work. Any tips/tricks out there?
Last edited by BotoBoto on Thu Mar 17, 2011 4:15 pm UTC, edited 2 times in total.

User avatar
Emu*
Posts: 689
Joined: Mon Apr 28, 2008 9:47 am UTC
Location: Cardiff, UK
Contact:

Re: coding/psychology

Postby Emu* » Wed Jan 12, 2011 10:24 am UTC

The business-speak for what you're lacking is "USP", Unique Selling Point...

There are already hundreds of sites which support commending on pictures.
Cosmologicon wrote:Emu* implemented a naive east-first strategy and ran it for an hour, producing results that rivaled many sophisticated strategies, visiting 614 cells. For this, Emu* is awarded Best Deterministic Algorithm!

User avatar
BotoBoto
Posts: 191
Joined: Mon Mar 09, 2009 9:31 pm UTC
Contact:

Re: coding/psychology

Postby BotoBoto » Wed Jan 12, 2011 10:28 am UTC

Understandable and I know my site is not unique but I'm just wondering about a startup website, I certainly wouldn't register to an empty site, would you? Somebody has to start...

sigmaman
Posts: 12
Joined: Thu Dec 04, 2008 12:05 am UTC

Re: coding/psychology

Postby sigmaman » Wed Jan 12, 2011 3:50 pm UTC

Marketing has a good deal to do with it. You need to market your website to an audience.

User avatar
Yakk
Poster with most posts but no title.
Posts: 11129
Joined: Sat Jan 27, 2007 7:27 pm UTC
Location: E pur si muove

Re: coding/psychology

Postby Yakk » Wed Jan 12, 2011 4:23 pm UTC

Many website forums start because they are connected to content that people want to discuss. Others are mostly used by real-life acquaintances first.

Webcomics, for example, set up a discussion board for each panel. You can go and post your thoughts, or ask questions. Initially, with low readership, you are likely to get the attention of the author with a question, encouraging participation. Over time, it grows.

Other places offer neat services (say, image sharing). The developers and the like show it to people who find it neat, and who then use it.

Is your service better than the alternatives? If so, how? Do people value that improvement? Do they value it so much that after trying it, they are hooked? If so, it should be easy to get people to use it.
One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision - BR

Last edited by JHVH on Fri Oct 23, 4004 BCE 6:17 pm, edited 6 times in total.

User avatar
rogerrabbitsclone
Posts: 10
Joined: Mon Jan 10, 2011 9:07 am UTC

Re: coding/psychology

Postby rogerrabbitsclone » Fri Jan 14, 2011 6:36 pm UTC

alot of websites like that make a few hundred dummy accounts. then they bump the views on their own content. so there are 2 steps.

1. lie out the ass
2. market like a madman

User avatar
BotoBoto
Posts: 191
Joined: Mon Mar 09, 2009 9:31 pm UTC
Contact:

Re: coding/psychology

Postby BotoBoto » Thu Jan 20, 2011 10:01 pm UTC

rogerrabbitsclone wrote:alot of websites like that make a few hundred dummy accounts. then they bump the views on their own content. so there are 2 steps.

1. lie out the ass
2. market like a madman


I love you. I'm starting the dummy accounts.. and some fake comments and shit. i've gotten my first two real comments from actual visitors :D

User avatar
rogerrabbitsclone
Posts: 10
Joined: Mon Jan 10, 2011 9:07 am UTC

Re: coding/psychology

Postby rogerrabbitsclone » Fri Jan 21, 2011 5:26 pm UTC

BotoBoto wrote:
rogerrabbitsclone wrote:alot of websites like that make a few hundred dummy accounts. then they bump the views on their own content. so there are 2 steps.

1. lie out the ass
2. market like a madman


I love you. I'm starting the dummy accounts.. and some fake comments and shit. i've gotten my first two real comments from actual visitors :D


shit, i think ill go make a few dummy accounts myself. its the one in your sig right>?


edit: you better not be bananna.

User avatar
rogerrabbitsclone
Posts: 10
Joined: Mon Jan 10, 2011 9:07 am UTC

Re: coding/psychology

Postby rogerrabbitsclone » Fri Jan 21, 2011 5:43 pm UTC

also, bug found:


comment posted shouldve been:
where does the "d" come from>?

came out as:
where does the "d" come from>?


link:
http://www.funzors.com/media/splayd-31/

User avatar
BotoBoto
Posts: 191
Joined: Mon Mar 09, 2009 9:31 pm UTC
Contact:

Re: coding/psychology

Postby BotoBoto » Sat Jan 22, 2011 4:54 pm UTC

rogerrabbitsclone wrote:
BotoBoto wrote:
rogerrabbitsclone wrote:alot of websites like that make a few hundred dummy accounts. then they bump the views on their own content. so there are 2 steps.

1. lie out the ass
2. market like a madman


I love you. I'm starting the dummy accounts.. and some fake comments and shit. i've gotten my first two real comments from actual visitors :D


shit, i think ill go make a few dummy accounts myself. its the one in your sig right>?


edit: you better not be bananna.


I am banana. :) I just coded that you can reply to a comment :D So proud haha

rogerrabbitsclone wrote:also, bug found:


comment posted shouldve been:
where does the "d" come from>?

came out as:
where does the "d" come from>?


link:
http://www.funzors.com/media/splayd-31/


Yeah.. I think that has something to do with my charset.. I think.. I dont really know how taht worsk

squareroot
Posts: 548
Joined: Tue Jan 12, 2010 1:04 am UTC
Contact:

Re: coding/psychology

Postby squareroot » Sat Jan 22, 2011 9:09 pm UTC

You might want to try not link the Anonymous comments to a broken member page... you just link to http://www.funzors.com/members//, which gives that wonderful "We're sorry" video. :-)

A convenient feature would be giving each comment its own anchor (something like #305), and then when it says "in reply to #___", it could link back to the original comment.

EDIT: Left/right links (the big arrows) are broken on #'s 17 and 18. Left from 18 takes you to 19 (should be 17), right is blank (and so takes you to /media/). Left from 17 takes you to 18 (don't know where it should take you), and the right is also blank (and so takes you to /media/).

If you're storing the left/right links for each picture and split()/explode() ing it, maybe some how pics 17 and 18 only got one item instead of two, so what should be on the right ended up on the left, and the right ended up blank?
<signature content="" style="tag:html;" overused meta />
Good fucking job Will Yu, you found me - __ -

User avatar
BotoBoto
Posts: 191
Joined: Mon Mar 09, 2009 9:31 pm UTC
Contact:

Re: coding/psychology

Postby BotoBoto » Sat Jan 22, 2011 9:43 pm UTC

squareroot wrote:You might want to try not link the Anonymous comments to a broken member page... you just link to http://www.funzors.com/members//, which gives that wonderful "We're sorry" video. :-)

A convenient feature would be giving each comment its own anchor (something like #305), and then when it says "in reply to #___", it could link back to the original comment.

EDIT: Left/right links (the big arrows) are broken on #'s 17 and 18. Left from 18 takes you to 19 (should be 17), right is blank (and so takes you to /media/). Left from 17 takes you to 18 (don't know where it should take you), and the right is also blank (and so takes you to /media/).

If you're storing the left/right links for each picture and split()/explode() ing it, maybe some how pics 17 and 18 only got one item instead of two, so what should be on the right ended up on the left, and the right ended up blank?


the "in reply to " I did. :) Haha and then empty member page was an error haha. The 'anonymous' feature wasnt in at first. So thats an error..

And about the big arrows thats just spaghetti code. Will tidy that up :D

If you find anything else let me know!

to login:
testuser
ilikebeans

:D

Carnildo
Posts: 2023
Joined: Fri Jul 18, 2008 8:43 am UTC

Re: coding/psychology

Postby Carnildo » Sat Jan 22, 2011 9:49 pm UTC

BotoBoto wrote:
rogerrabbitsclone wrote:also, bug found:

comment posted shouldve been:
where does the "d" come from>?

came out as:
where does the &quot;d&quot; come from&gt;?

link:
http://www.funzors.com/media/splayd-31/


Yeah.. I think that has something to do with my charset.. I think.. I dont really know how taht worsk

The problem is that you're not consistent in how you escape/unescape various special characters. This is something you need to get right: getting it wrong can permit cross-site scripting attacks or leave comments unreadable -- or both.

User avatar
BotoBoto
Posts: 191
Joined: Mon Mar 09, 2009 9:31 pm UTC
Contact:

Re: coding/psychology

Postby BotoBoto » Sat Jan 22, 2011 9:51 pm UTC

Carnildo wrote:
BotoBoto wrote:
rogerrabbitsclone wrote:also, bug found:

comment posted shouldve been:
where does the "d" come from>?

came out as:
where does the &quot;d&quot; come from&gt;?

link:
http://www.funzors.com/media/splayd-31/


Yeah.. I think that has something to do with my charset.. I think.. I dont really know how taht worsk

The problem is that you're not consistent in how you escape/unescape various special characters.

that may be so. But the unescaping of characters is now consistent. I still have to do the escaping consistently. Any other remarks you have? :) I love hearing thoughts/criticsm

I escape most input through my database abstraction layer. Which mostly filters out.. well .. everything.

User avatar
BotoBoto
Posts: 191
Joined: Mon Mar 09, 2009 9:31 pm UTC
Contact:

Re: coding/psychology

Postby BotoBoto » Sun Jan 23, 2011 11:01 am UTC

any more tips? :)

User avatar
Yakk
Poster with most posts but no title.
Posts: 11129
Joined: Sat Jan 27, 2007 7:27 pm UTC
Location: E pur si muove

Re: coding/psychology

Postby Yakk » Sun Jan 23, 2011 4:44 pm UTC

Use variable types. If your language doesn't support that, use variable names to emulate types.

Unescaped text uses one type.
Escaped/filtered text for HTML uses another type.
Escaped/filtered text for SQL uses another type.

The only "allowed" way to convert from one to the other is a specific function.

If you lack types, you need to enforce this by coding standards. These standards need to be high and computer-checkable in order to not be broken in any reasonable sized code base.

Ie: Imagine you have SQL functions. Well, then you only call the SQL functions from a handful of your special functions. They take "unfiltered" text always, and any text they return is unfiltered.

These special functions do all of the filtering themselves.

You can verify that there are no SQL statement or calls outside of your special guarded functions via computer. You can check the handful of SQL statements or calls for failure to filter manually. Thus this coding standard can make your code safe.

You have to do the same for HTML output -- decide on a coding standard, or use a type system, or both.

If you don't do this, these problems will continue to pop up. You can think you have fixed it because you bopped another instance of the problem on the head last week, but what you will actually be fixing is the common instances of the problem, not every instance.
One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision - BR

Last edited by JHVH on Fri Oct 23, 4004 BCE 6:17 pm, edited 6 times in total.

User avatar
BotoBoto
Posts: 191
Joined: Mon Mar 09, 2009 9:31 pm UTC
Contact:

Re: coding/psychology

Postby BotoBoto » Sun Jan 23, 2011 5:16 pm UTC

So cast them to the appopriate type? If I am getting what you are saying? I have a database class (its PHP btw) which does the sanitizing for me because I insert the data to be handled in the class and the way it is supposed to handle the data and it sanitizes on the go.

User avatar
Yakk
Poster with most posts but no title.
Posts: 11129
Joined: Sat Jan 27, 2007 7:27 pm UTC
Location: E pur si muove

Re: coding/psychology

Postby Yakk » Sun Jan 23, 2011 5:49 pm UTC

Sure, that is one approach.

A similar approach for "input from users" and/or "stuff to print to HTML" can be done.
One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision - BR

Last edited by JHVH on Fri Oct 23, 4004 BCE 6:17 pm, edited 6 times in total.

User avatar
BotoBoto
Posts: 191
Joined: Mon Mar 09, 2009 9:31 pm UTC
Contact:

Re: coding/psychology

Postby BotoBoto » Sun Jan 23, 2011 7:28 pm UTC

xss is kind of impossible :)

squareroot
Posts: 548
Joined: Tue Jan 12, 2010 1:04 am UTC
Contact:

Re: coding/psychology

Postby squareroot » Sun Jan 23, 2011 8:52 pm UTC

BotoBoto wrote:xss is kind of impossible :)

I take that as challenge. I recently read some interesting strategies for XSS, so I might give it a go. :D
<signature content="" style="tag:html;" overused meta />
Good fucking job Will Yu, you found me - __ -

User avatar
BotoBoto
Posts: 191
Joined: Mon Mar 09, 2009 9:31 pm UTC
Contact:

Re: coding/psychology

Postby BotoBoto » Mon Jan 24, 2011 6:41 pm UTC

Anybody care to hack-proof my site? :)

squareroot
Posts: 548
Joined: Tue Jan 12, 2010 1:04 am UTC
Contact:

Re: coding/psychology

Postby squareroot » Tue Jan 25, 2011 12:29 am UTC

I can't send a PM to "Banana"... it says "Username does not exist". :-/
<signature content="" style="tag:html;" overused meta />
Good fucking job Will Yu, you found me - __ -

User avatar
BotoBoto
Posts: 191
Joined: Mon Mar 09, 2009 9:31 pm UTC
Contact:

Re: coding/psychology

Postby BotoBoto » Tue Jan 25, 2011 8:25 am UTC

Oh yes thats right... The PM only works if you send the pm without capitalization.. I'll get it on it right away :D Thanks :D

trebach
Posts: 22
Joined: Wed Jun 04, 2008 1:36 am UTC

Re: coding/psychology

Postby trebach » Wed Feb 09, 2011 8:33 am UTC

People can't register. I was denied registration because I didn't specify a gender, but there's no place to put it.
ImageImage

User avatar
Yakk
Poster with most posts but no title.
Posts: 11129
Joined: Sat Jan 27, 2007 7:27 pm UTC
Location: E pur si muove

Re: coding/psychology

Postby Yakk » Wed Feb 09, 2011 12:46 pm UTC

trebach wrote:People can't register. I was denied registration because I didn't specify a gender, but there's no place to put it.

And why would you require gender? Are you planning on selling demographics?
One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision - BR

Last edited by JHVH on Fri Oct 23, 4004 BCE 6:17 pm, edited 6 times in total.

gorcee
Posts: 1501
Joined: Sun Jul 13, 2008 3:14 am UTC

Re: coding/psychology

Postby gorcee » Wed Feb 09, 2011 4:09 pm UTC

trebach wrote:I didn't specify a gender, but there's no place to put it.


This combination of words in this order is pretty LOL.

bittyx
Posts: 194
Joined: Tue Sep 25, 2007 9:10 pm UTC
Location: Belgrade, Serbia

Re: coding/psychology

Postby bittyx » Wed Feb 09, 2011 9:24 pm UTC

Just some bugs/issues I've found.

1)
http://www.funzors.com/memberlist.php?m ... ofile&id=1 currently redirects to .../members/Banana.
I've logged in as "testuser" and changed the account name to "Banana". Now, http://www.funzors.com/memberlist.php?m ... file&id=46 (which should show testuser's profile) redirects to - guess what - .../members/Banana, which in turn displays the original Banana's account info. You should be more consistent with your usage of account names vs. account IDs.

2)
Sent a PM to myself. When I open it for reading, the header shows:

Code: Select all

From: testuser
Data: 31/12/69 - 20:00
Subject: test

The "Data" line is obviously incorrect.

3)
The comment system seems to be broken - I get a flash of "comment successfully posted" every time I hit "add comment", and then it turns back into the textbox... But no comment appears and when I view my profile, I still see the same number of comments made - 2 (the 2 comments somehow got through - no idea how/why).

4)
While updating my profile, I tried editing the html to make weird changes (and succeeded), such as - setting my timezone to +8760 (and all the old dates are now in the future of course), or my gender to 17 (although only 0/male or 1/female are allowed; 17 was a random choice). I don't think you should allow your PHP code to forward illegal values to the database; ie. sanitize the input in the PHP files. Also, I've managed to get a few errors while testing out what kind of stuff I can input as the timezone (and found out that the columns for the timezone and gender are "user_tz" and "user_gender"; if I managed to find an SQL injection spot, I'd probably be able to guess the other column names, e.g. user_name, user_id, user_pw/user_password etc. and abuse them).


This kind of stuff is usually fun for me, so maybe I'll do more testing when I have time.

User avatar
BotoBoto
Posts: 191
Joined: Mon Mar 09, 2009 9:31 pm UTC
Contact:

Re: coding/psychology

Postby BotoBoto » Thu Mar 17, 2011 11:07 am UTC

bittyx wrote:Just some bugs/issues I've found.

1)
http://www.funzors.com/memberlist.php?m ... ofile&id=1 currently redirects to .../members/Banana.
I've logged in as "testuser" and changed the account name to "Banana". Now, http://www.funzors.com/memberlist.php?m ... file&id=46 (which should show testuser's profile) redirects to - guess what - .../members/Banana, which in turn displays the original Banana's account info. You should be more consistent with your usage of account names vs. account IDs.

2)
Sent a PM to myself. When I open it for reading, the header shows:

Code: Select all

From: testuser
Data: 31/12/69 - 20:00
Subject: test

The "Data" line is obviously incorrect.

3)
The comment system seems to be broken - I get a flash of "comment successfully posted" every time I hit "add comment", and then it turns back into the textbox... But no comment appears and when I view my profile, I still see the same number of comments made - 2 (the 2 comments somehow got through - no idea how/why).

4)
While updating my profile, I tried editing the html to make weird changes (and succeeded), such as - setting my timezone to +8760 (and all the old dates are now in the future of course), or my gender to 17 (although only 0/male or 1/female are allowed; 17 was a random choice). I don't think you should allow your PHP code to forward illegal values to the database; ie. sanitize the input in the PHP files. Also, I've managed to get a few errors while testing out what kind of stuff I can input as the timezone (and found out that the columns for the timezone and gender are "user_tz" and "user_gender"; if I managed to find an SQL injection spot, I'd probably be able to guess the other column names, e.g. user_name, user_id, user_pw/user_password etc. and abuse them).


This kind of stuff is usually fun for me, so maybe I'll do more testing when I have time.


Fixed the comments ( I think) And the whole profile mixup should not happen anymore. :) Gonna go for the whole sql injection now lol


Return to “Coding”

Who is online

Users browsing this forum: No registered users and 7 guests