[REQ][50 Credits per issue]Beta Testers wanted

[freecrm]

I didn't know whether to put this in here or in Marketplace but my site is now in Beta release and needs extensive testing.

In order to test, you will need to register and sign in.

For every valid bug, I will offer 50 creds (until I run out or close this thread)

Your report should contain:

1) URL
2) Error code if any
3) Function not working and details.
4) ideally your IP add so I can track the history (although not important)

You could very quickly get a lot of credits...

Site as below in signature.

 

[Salvatos]

Re: Beta Testers wanted - 50 creds per issue.

If you're game I'll work on the grammar, typos and such. Just give me as many credits as you see fit once you get the suggested modifications, since it's hard to judge how many mistakes make "one bug"
Won't be able to start until a few days though.

 

[tittat]

Re: Beta Testers wanted - 50 creds per issue.

*****Thread Moved to market place*******

 

[freecrm]

Re: Beta Testers wanted - 50 creds per issue.

OK - obviously no-one wants credits!!!
Edit:

If you're game I'll work on the grammar, typos and such. Just give me as many credits as you see fit once you get the suggested modifications, since it's hard to judge how many mistakes make "one bug"
Won't be able to start until a few days though.

Merci Beaucoup mon ami.

Unfortunately, I need someone to test it before I can recommend modifications!! LOL.

I'll try to do more myself but it s never the best way...

 

[Salvatos]

Re: Beta Testers wanted - 50 creds per issue.

I'll try to do both, by again it will take a few days to get started. I'm late both on working hours and personal issues so I'm trying to squeeze all kinds of stuff together in my schedule ^^

 

[freecrm]

Re: Beta Testers wanted - 50 creds per issue.

I'll try to do both, by again it will take a few days to get started. I'm late both on working hours and personal issues so I'm trying to squeeze all kinds of stuff together in my schedule ^^

Many thanks Salvatos

Looking at the visit history, I think many people are scared of entering details into the site... :S

If anyone is in any doubt here, they can always sign into the demo account

Username: Demo
Password: Password

You just don't get the full functionality with user control.
Edit:
Von Wisk - you have inadvertently stumbled across a glitch in the Task list - but I have no idea what your username is in X10....

If you respond, I'll give you the creds - especially as you went through most of the site and spent 24 minutes on it!!!!

 

[Tariqul Islam]

Re: Beta Testers wanted - 50 creds per issue.

I'll try in a very short time.

 

[kbjradmin]

Re: Beta Testers wanted - 50 creds per issue.

here's something.
when in the demo account, you can change things in the calender such as setting the admin's event titled, 'Encryption on login password' to a 5+ year durration (you might want to fix that now.)

the demo account can also access visitor history, i dont know if this is ok with you but it doesnt seem very secure.

 

[freecrm]

Re: Beta Testers wanted - 50 creds per issue.

here's something.
when in the demo account, you can change things in the calender such as setting the admin's event titled, 'Encryption on login password' to a 5+ year durration (you might want to fix that now.)

the demo account can also access visitor history, i dont know if this is ok with you but it doesnt seem very secure.

Thanks

The login encryption certainly needs sorting and I'll be trying that tonight. (50 creds for spotting that) It shouldn't take 5 years!! lol.

The visitor history is fine. Any good site will have a tracker and the display of IP addresses or system info is not a security risk to anyone. This function is a good way for management to track users and make sure that they are using the system as they should.
Edit:

I'll try in a very short time.

Thanks

 

[xPlozion]

Re: Beta Testers wanted - 50 creds per issue.

question, would a serious, security bug be worth more than a general error bug?

-------------------

when searching for contacts, if i type "john", it will return \ in the name field after i click submit on the same note, if i type 'john', it will return \'john\', and if i click it again, it will return \\\'john\\\'. not so much as a bug, but more of an eye-sore

you could possibly do an strreplace(array('"', "'"), '', $_POST['name']) to remove the quotes and apostrophes before they reach the database, and return john without them

as far as the user history goes, it's a good practice to return just the last set of numbers. so if the address is 123.456.78.90, it's a good idea to return *.*.*.90 for anyone who's not an administrator. that way you still have them in the database, but no one else can see them...

-----------------

next thing, although it's not really a bug, you should definately look at your code and clean it up. you've got <title>Main Menu</title> on line 94 inside of a <body> tag, when it belongs in the <head> tag, to create a page title where it says "Beta Testers wanted - 50 creds per issue. - x10Hosting Forums" on this page. if you don't already, i would suggest using the html tidy validator extension for firefox to view live page errors, instead of having to go to w3c to find them. also, along w/ that would be the web developer toolbar.

one of my biggest pet peeves is improper code... thus making me choose fluxbb as my forum software

 

[freecrm]

Re: Beta Testers wanted - 50 creds per issue.

you could possibly do an strreplace(array('"', "'"), '', $_POST['name']) to remove the quotes and apostrophes before they reach the database, and return john without them

Not sure how I would integrate this. And what happens if the user needs to enter a name with an apostrophe, like "O'Hara" or "O'Leary"?

My current code just echos the $_POST value back to the field

<input name="searchfield1" type="text" id="searchfield1" value="<?php echo $_POST['searchfield1'];?>" />

Would I be safer just leaving a blank form? (oh no, that also sends the ' if entered.)

In the head script, I've got

$varsearch1_Lookup = "gobbledegook";
if (isset($_POST['searchfield1'])) {
  $varsearch1_Lookup = $_POST['searchfield1'];
}

The sql is

...WHERE CONCAT_WS(' ',TITLE, FIRSTNAME, LASTNAME) LIKE %varsearch1%....

as far as the user history goes, it's a good practice to return just the last set of numbers. so if the address is 123.456.78.90, it's a good idea to return *.*.*.90 for anyone who's not an administrator. that way you still have them in the database, but no one else can see them...

OK good point.

When echoing these values, how do I split it on "." and then echo "*.*.*.".$lastdigits ?

Thanks for your help so far.

 

[xPlozion]

Re: Beta Testers wanted - 50 creds per issue.

well, to split the ip address, mind you this is going off the top of my head, so this might be wrong, but you can try:

echo '*.*.*.',substr($db_ip, strrpos($db_ip, '.')+1, 3);  // either one will do just fine.  the 3 at the end of this tells substr how long you want to go after you start it
echo '*.*.*.',substr($db_ip, strrpos($db_ip, '.')+1, strlen($db_ip)); // this will work too, but it might not be as optimized

what that should do is obviously add "*.*.*.", but the next part (substr) would take a part of that string, starting at the position set by strrpos (which is reverse search, and would output at what position it is), and you add one to that length so it doesn't include the last period (or remove the last peroid in the *.*.*. to make it *.*.*, and remove the +1). this will then go to the end of the ip address (strlen), and basically return what's inbetween those two values

as for your first note, i don't know if you already use mysql_real_escape_string, but if you don't, i would suggest that first. if you do, then you can first, strip the quotes from the string, cause who has quotes in their name??? you would then want to make sure that where you have value="" that they are using quotes instead of apostrophes: value=''. then you would also want to make sure that you are not going to have any problems with your database query setup. the mysql_real_escape_string would add a \' to your query, and if you are inserting into the db, iirc it does the same. when you echo it, it should remove the backslash from the database and just print an apostrophe

-xP

P.S. I'm sure you've already thought of this, but when the bug testing is over, you might want to consider becoming a part of SourceForge. IIRC, they've got free hosting, don't know if there's any limits, and your software will be seen on a wider spectrum than anywhere else. That is where phpMyAdmin, Pidgin (once gaim), and so much other open source software got it's start.

 

[Salvatos]

Re: Beta Testers wanted - 50 creds per issue.

Not sure how I would integrate this. And what happens if the user needs to enter a name with an apostrophe, like "O'Hara" or "O'Leary"?

Here's what I once used on one of my sites:

$var = str_replace("'", "’", "$_POST[var]");

This way the apostrophe doesn't cause any problem to any part of your code anymore.
I've also just seen this in another thread, which is probably more efficient:

$value = str_replace("'","´",$value); //this line is to prevent SQL injection

Okay, here I go.

=> I shouldn't be able to go to the login page while I'm logged in.

=> http://www.freecrm.x10hosting.com/crmevents/searchevents.php
After adding an event and searching for all events, I get my event, BUT: "Records 1 to 0 of 1".
Also, at the bottom it says who created it and who edited it. "Edited 1970-01-01 00:00:00 by ." should be replaced by "Never" or something similar when it hasn't been edited.
You also get this at the top: "Type:Other: Look", which is a bit too cluttered in my opinion (at least add the missing space).

=> http://www.freecrm.x10hosting.com/crmopps/insertopp.php / http://www.freecrm.x10hosting.com/crmopps/updateopp.php
You can set values over 100% to opportunities, as long as it has 3 digits or less. You can fix that with an if($var > 100) { $var = 100; }. I'm also able to enter a negative percentage (-50 for example), which is most likely not relevant. For this one you can either use the same technique with "< 0" or strip all dashes from the entry.

=> http://www.freecrm.x10hosting.com/crmreports/oppsbyuser.php Searching for opportunities.
"Records Found: 1. Ordered by: OPTITLE ASC." Shouldn't that be replaced with a more human sentence?

=> The "enquiries:" in your footer should have a capitalized E.

I believe I've tested a bit of everything by now. Won't be as complete as real use, but hopefully you get to fix some more issues.


==> As a general note, I believe your website relies too much on opening new windows. It really gets annoying when you get a fistful of new windows opened while navigating a single site. A good example would be to replace your Question Mark tooltips using JavaScript instead of linking to the forum. You could even just set an anchor <a> around the question mark image and place the text inside the title attribute; but JS is more convenient as it can last until the user takes their mouse away from the image.

P.S. I'm sometimes concerned about sounding harsh while reviewing websites; just note that I describe everything in a very straight way, just as I see it, and of course it's always just my opinion

And you know what, I don't need credits anymore, so no need to give me any; it was my pleasure to (maybe) help you ^^

 

[freecrm]

Re: Beta Testers wanted - 50 creds per issue.

well, to split the ip address, mind you this is going off the top of my head, so this might be wrong, but you can try:

echo '*.*.*.',substr($db_ip, strrpos($db_ip, '.')+1, 3);

Works a treat - 50 creds given for this - thanks xP
Edit:
OK - I have gone through the above posts about cleansing quotes and apostrophes and seem to be missing something..

In the section where I prepare the variable prior to SQL query:

$varsearch1_Lookup = "gobbledegook";
if (isset($_POST['searchfield1'])) {
	$varsearch1_Lookup = $_POST['searchfield'];
	$varsearch1_Lookup = str_replace("'", "`", $varsearch1_Lookup);
	$varsearch1_lookup = mysql_real_escape_string($varsearch1_Lookup);
}

But this doesn't seem to have done anything!!! :dunno:

I've checked the manual and it seems to be right but I obviously ain't doing something right...

I still have issues about names with apostrophes in (examples of Irish names given above. Oh - and some Scottish names... like O'Gonnagal
Edit:

P.S. I'm sure you've already thought of this, but when the bug testing is over, you might want to consider becoming a part of SourceForge. IIRC, they've got free hosting, don't know if there's any limits, and your software will be seen on a wider spectrum than anywhere else. That is where phpMyAdmin, Pidgin (once gaim), and so much other open source software got it's start.

I hadn't thought of this and I think its a great idea seeing as my results in SEO are pathetic!!
Edit:
__________
Oops - syntax error.. ['searchfield'] should have been ['searchfield1']!
Edit:

=> I shouldn't be able to go to the login page while I'm logged in.

True - done... 50 creds

=> http://www.freecrm.x10hosting.com/crmevents/searchevents.php
After adding an event and searching for all events, I get my event, BUT: "Records 1 to 0 of 1".

Another 50 creds here - done

Also, at the bottom it says who created it and who edited it. "Edited 1970-01-01 00:00:00 by ." should be replaced by "Never" or something similar when it hasn't been edited.

This was for earlier created records - this has since been resolved but the original test records still remain - maybe I should resolve this.

You also get this at the top: "Type:Other: Look", which is a bit too cluttered in my opinion (at least add the missing space).

I'll have to look at this another day. - another 50 creds.

=> http://www.freecrm.x10hosting.com/crmopps/insertopp.php / http://www.freecrm.x10hosting.com/crmopps/updateopp.php
You can set values over 100% to opportunities, as long as it has 3 digits or less. You can fix that with an if($var > 100) { $var = 100; }. I'm also able to enter a negative percentage (-50 for example), which is most likely not relevant. For this one you can either use the same technique with "< 0" or strip all dashes from the entry.

Another 50.. I used JS to validate the content before submit. - looks slicker.

=> http://www.freecrm.x10hosting.com/crmreports/oppsbyuser.php Searching for opportunities.
"Records Found: 1. Ordered by: OPTITLE ASC." Shouldn't that be replaced with a more human sentence?

Oooh - I wondered if someone would pick up on that - again - I'll have to do this another day. + 50 creds

=> The "enquiries:" in your footer should have a capitalized E.

true - but I thought after inspecting it it looked messy so I've removed it completely. (+50 for suggestion)

I believe I've tested a bit of everything by now. Won't be as complete as real use, but hopefully you get to fix some more issues.


==> As a general note, I believe your website relies too much on opening new windows. It really gets annoying when you get a fistful of new windows opened while navigating a single site. A good example would be to replace your Question Mark tooltips using JavaScript instead of linking to the forum. You could even just set an anchor <a> around the question mark image and place the text inside the title attribute; but JS is more convenient as it can last until the user takes their mouse away from the image.

I'll have to consider this later - there was a very good reason for multiple windows for a CRM system but your JS solution sounds intriguing.

P.S. I'm sometimes concerned about sounding harsh while reviewing websites; just note that I describe everything in a very straight way, just as I see it, and of course it's always just my opinion

And you know what, I don't need credits anymore, so no need to give me any; it was my pleasure to (maybe) help you ^^

You weren't harsh at all - merci bien.

I know you don't need the creds but I wouldn't be being fair if I didn't give you them.

If you decide to give them back.... well thats your choice then! :biggrin:

 

[Salvatos]

Re: Beta Testers wanted - 50 creds per issue.

This was for earlier created records - this has since been resolved but the original test records still remain - maybe I should resolve this.

Just to make sure we got each other right, this was for a record I had created myself yesterday when testing, not from an earlier record.

By the way, I've made my choice

 

[freecrm]

Re: Beta Testers wanted - 50 creds per issue.

bump

 

[NaHoW]

Re: Beta Testers wanted - 50 creds per issue.

I can't find any bugs. I'm sorry.

 

[freecrm]

Re: Beta Testers wanted - 50 creds per issue.

I can't find any bugs. I'm sorry.

Cool - thats a good thing!!

 

[AttackBunnyPro]

Re: Beta Testers wanted - 50 creds per issue.

It seems as though it automatically put me in as an administrator when I signed up. I don't know that I have administrative privileges, but it certainly seems to tell me so.

EDIT: It does seem as though I can view the visitor history, as well as a few other administrative functions with partial access.

EDIT 2: When you delete your own account, you are not signed out.

 

[Salvatos]

Re: Beta Testers wanted - 50 creds per issue.

EDIT 2: When you delete your own account, you are not signed out.

Oh yea I had forgotten that one, pretty funny