Developing a site with a possibility of linking to ones site for free

marasm

New Member
Messages
34
Reaction score
0
Points
0
Hi there,

I'm thinking about developing a page where everyone can add a link to their site for free. I have several concerns so I'm asking experiences php devs for help.

First of all I'm not asking if this is something what can bring any benefit for me or if it is silly or not. The point is what are risks of such an idea.

Let me explain the concept of the idea:
- the page will contain 2 textboxes for title and url of the site,
- there will be select with categories,
- there will be some mechanism for preventing robots from filling the form - don't know yet what will it be (captcha, basic question, etc.),
- the data will be stored in db (after it's validated and after I'm sure that any kind of sql injection or hacking is not possible).

That's it for now - it's just a prototype of the idea.

Does anyone have any experience with similar problem?
Any thoughts or comments?
Would you like to put a link to your site on such a portal?
 

zen-r

Active Member
Messages
1,937
Reaction score
3
Points
38
The complexity of this will obviously be based on how much "vetting" you want to do on the data entered.

Are you going to allow obscenities in the title, or links to sex sites, for example? The potential for abuse is quite high.

The easiest way would be to just allow submissions by email, & to vet them yourself! :)

Maybe you're intending this form as the first stage of the submission process, with you then vetting the entries yourself before they make it onto your site?


I can't help you with your other questions I'm afraid. Perhaps someone else can answer the technical stuff?..........
 

marasm

New Member
Messages
34
Reaction score
0
Points
0
Wow zen-r, it looks like you spend a lot of time here ;)

Thanks for your answer. Yeah, the plan is to doublecheck every site before displaying the link on the page. I need to create some rules that page has to conform to.

I will probably create a script that displays only confirmed and validated pages. And an admin panel for me to see the pages with pending validation. Additional functionality might be blocking ips from possibility of submitting new urls and so on.
 

marasm

New Member
Messages
34
Reaction score
0
Points
0
Thanks slacker,

I'm pretty sure I'm able to create such a mechanism on my own without using some 3rd party code. One never knows what errors can be found in such a code and reviewing it can take much more than developing it from scratch. Validating user input is not a problem.

I think I'll finish the page today or tomorrow so I'll probably ask x10 members to try to break the code.

Cheers,
Maras
 

slacker3

New Member
Messages
146
Reaction score
6
Points
0
open source code should be quite secure and readable most of the times,
but you're right, writing stuff yourself is never a bad idea


breaking code ?
thats sounds like fun, tell us when you are ready.. :biggrin: :fruit:
 

marasm

New Member
Messages
34
Reaction score
0
Points
0
Ok, finished. You can try to add your links here and make some harm to my site - I have backup of the whole site and db ;)

http://marasm.pl/add-link/

Still need to create admin panel for me.
 

slacker3

New Member
Messages
146
Reaction score
6
Points
0
well, i didn't spend much time on your site but i have to say it looks fine..

now to the code:
it's possible to get urlencoded things trough you may not want, you are allowing only the charset "a-z 0-9 ? & _ - % . : # /" but it's easy to circumvent this by encoding the url like this :

somwhere.com&buysome%3Dpizza&amount%3D1000

%3D would evaluate to "=", which is not in your charset, see
http://ha.ckers.org/xss.html for examples and an urlencoder

it may also be possible to get sql injections trough with this, but i guess you're escaping the string anyway before storage
 

marasm

New Member
Messages
34
Reaction score
0
Points
0
Hi slacker,

Thanks again for your answer. You're right, one can encode all characters using %code. However, I'm checking all the urls manually before putting them on the site. The only reason why I created the set of allowed chars is a need of protection against sql injection (which I should not even care about as the user which is used to store the data in db has not any privileges that could harm the db).

Besides I allow urls with = as there are many sites with dynamic links ( http://example.com?page=123 ), I just forgot to put the char in the list.

Thanks anyway for your help :)
If you want me to put a link to your site on the featured list, just let me know.

Cheers,
Maras
 

slacker3

New Member
Messages
146
Reaction score
6
Points
0
"If you want me to put a link to your site on the featured list, just let me know."

this would be fine :)

i think of creating an exam simulation for LPIC-1 (linux's MCSA) some time in the future, you can read more about lpi at http://www.lpi.org/eng/certification/the_lpic_program


there are no training-simulations available on the web with updated questions
(new objectives since 1.4.09) and i believe this would generate some traffic


to clarify: no braindumps, just an test with the similar amount and quality of questions to get prepared for the real exam
 

marasm

New Member
Messages
34
Reaction score
0
Points
0
Done.

I added whole link as you wrote it "lpi.org/eng/certification/the_lpic_program".
If you want me to change it to the shorter version (e.g. lpi.org/eng/certification/ or lpi.org/ ) just let me know.
 

slacker3

New Member
Messages
146
Reaction score
6
Points
0
thank you very much !

please don't confuse this:
lpi.org is the official site of the linux professional institute and is not related to me, they are explaining the linux certification there, what it is and why you should get certified, they are not providing any exam simulations and most likely never will


my site is still work in progress and doesn't exist officially yet and i'm not even sure about the domain name i want to choose for it, but i will tell you when i'm done (1-2 months, i guess)


so a link to my site, and/or probably a link to "lpi.org" near it would be fine
 
Last edited:

marasm

New Member
Messages
34
Reaction score
0
Points
0
Ok, so looking forward to hearing from you.

You can write here or pm me or send me an email.

Cheers,
Maras
 

marasm

New Member
Messages
34
Reaction score
0
Points
0
Looks like no one managed to break the code yet ;) So I'm letting google to index the page.

Thanks for all those who tried to help.

If you want to place a link to your site on my site, just let me know of put the link here:

http://marasm.pl/add-link/

Cheers,
Maras
 
Top