Jump to content

classified website creation thread

jameshumphries47

So it's the weekend and its time for me to stop putting this off, and give it a go! its a project ive had in mind for a while, and ive posted on here once before about it so ill try and explain it, then i will post updates as i do work on it. 

Okay so im planning on creating a Classified site!  my idea is like bookoo which is where users take a photo of something they want to sell add a description and some contact details, they put it on someone contacts them and buys it... *Simples* but i want to do something different, i want to create the template/site then find someone online who lives in a city or town, they then advertise their city/towns website to their community through any means they want to. Then they get a cut of all the sponsored ads that have sold in that area. the response as will be an add the user pays i dont know $1.50 ????? for their add to be displayed either higher up in the search ranking or on the side of the page when similar product is searched for... like adwords. This means if the advertiser advertises lots and well he in theory should create more income. Now this is all ideas at the moment, and i would really like everyone's input. i would like to think i would have it complete at the end of June ish. Then each areas websites have sub categories for.... i dont know computer hobbiests to sell their items and so on. Any ideas,advice,opinions? I will add my updates to this thread so follow if your interested.

~James  

Check out my current projects: Selling site (Click Here)

If($reply == "for me to see"){

   $action = "Quote me!";

}else{

   $action = "Leave me alone!";

}

Link to comment
Share on other sites

Link to post
Share on other sites

Don't get me wrong, your idea seems pretty good on paper but I don't think it'll work since there are tons sites for buying and selling products that are already vying for attention. Then again who am I to stop you! Give it a go! :)

Link to comment
Share on other sites

Link to post
Share on other sites

2 hours ago, iUSEMAC said:

Don't get me wrong, your idea seems pretty good on paper but I don't think it'll work since there are tons sites for buying and selling products that are already vying for attention. Then again who am I to stop you! Give it a go! :)

no i agree with that, i just have a week to kill hahah 

Check out my current projects: Selling site (Click Here)

If($reply == "for me to see"){

   $action = "Quote me!";

}else{

   $action = "Leave me alone!";

}

Link to comment
Share on other sites

Link to post
Share on other sites

I have begun work, im going to have a to do list so i can keep track on what needs doing, and you guys if you want can see whats being done.

  1. login system -salt-hash <Complete>
  2. User page with image, bio, and shows "feedback" <working on>
  3. register <complete>
  4. log out -?? holding the username in a session variable maybe, then clearing it? Anyone got a better idea? <complete>
  5. create a for sale item
  6. display all of them using pagination 25 a page
  7. deleting posts when sold
  8. categories to search for items
  9. searching for items using similar terms to the listing
  10. similar postings algorithm
  11. contacting system -email?-Direct messaging?
  12. seller feedback out of 10
  13.  tidy up?
  14. ...profit?

now i hope i dont need to add anymore, and lets hope i comeplete them all. This will be a nice project to try.

Check out my current projects: Selling site (Click Here)

If($reply == "for me to see"){

   $action = "Quote me!";

}else{

   $action = "Leave me alone!";

}

Link to comment
Share on other sites

Link to post
Share on other sites

What technologies are you using?

Link to comment
Share on other sites

Link to post
Share on other sites

28 minutes ago, Gachr said:

What technologies are you using?

well im doing everything by hand, the only thing im using really is bootstrap.

Check out my current projects: Selling site (Click Here)

If($reply == "for me to see"){

   $action = "Quote me!";

}else{

   $action = "Leave me alone!";

}

Link to comment
Share on other sites

Link to post
Share on other sites

Langauge?

Servers?

Databases?

ICO Registration (Legal requirement)

Pen testing?

Security?

 

Link to comment
Share on other sites

Link to post
Share on other sites

13 minutes ago, Brenz said:

Langauge?

Servers?

Databases?

ICO Registration (Legal requirement)

Pen testing?

Security?

 

Language: PHP,HTML,CSS, JS

Servers: well for testing i will use hostinger, im not sure what ill use afterwards

Databases: Mysqli Via phpmyadmin, is there a better way? 

ICO: not currently but i will if i release this

pen testing: i hope to do this when complete yes

Security, mainly hashes and salts using 128 bit salt and then using a secure hash, then obviously i have to protect from SQL injection. what else could i do? 

 

I didnt know about ICO, thanks for that i would of completely over looked it.

 

Check out my current projects: Selling site (Click Here)

If($reply == "for me to see"){

   $action = "Quote me!";

}else{

   $action = "Leave me alone!";

}

Link to comment
Share on other sites

Link to post
Share on other sites

20 minutes ago, Brenz said:

Langauge?

Servers?

Databases?

ICO Registration (Legal requirement)

Pen testing?

Security?

 

just did a test, i do not need to register with the ICO but i probably will anyway

Check out my current projects: Selling site (Click Here)

If($reply == "for me to see"){

   $action = "Quote me!";

}else{

   $action = "Leave me alone!";

}

Link to comment
Share on other sites

Link to post
Share on other sites

So im about 6 hours in, and so far i have the login, register pages all working with salt and hashing, but currently with only username, password but i will add emails, addresses. and so on. Ive also got the template sorted, looking nice and modern. slowly but surely all coming together. i may get a video of it so far, tomorrow, if i do some more.

Check out my current projects: Selling site (Click Here)

If($reply == "for me to see"){

   $action = "Quote me!";

}else{

   $action = "Leave me alone!";

}

Link to comment
Share on other sites

Link to post
Share on other sites

On 4/2/2016 at 9:08 AM, jameshumphries47 said:

I have begun work, im going to have a to do list so i can keep track on what needs doing, and you guys if you want can see whats being done.

  1. login system -salt-hash <Complete>
  2. User page with image, bio, and shows "feedback" <working on>
  3. register <working on>
  4. log out -?? holding the username in a session variable maybe, then clearing it? Anyone got a better idea? 

Rule number one for Authorization and Authentication is do not roll your own.

Link to comment
Share on other sites

Link to post
Share on other sites

3 hours ago, Toxicable said:

Rule number one for Authorization and Authentication is do not roll your own.

This is generally a good idea as it reduces the severity of data leaks since it isn't possible to leak passwords, and is often more convenient for users to just login with an existing account. However for privacy reasons, some people don't like logging in with their Facebook or Google accounts to some sites, or wish to keep themselves anonymous, or want to have multiple accounts. I feel like the best option would be to have both OAuth and your own authentication.

 

You certainly should read up on some OWASP articles before you attempt to implement your own authentication, as they cover most web vulnerabilities and describe them in detail. Here's one to start you off https://www.owasp.org/index.php/Authentication_Cheat_Sheet. Unfortunately some small vulnerabilities aren't covered in the cheat sheet, such as timing attacks, which you can prevent by using constant time comparison functions.

 

Also I recommend using a hashing algorithm like scrypt, or bcrypt if scrypt is too memory intensive. Avoid using SHA or weaker hashing algorithms, as their use in authentication is often implemented incorrectly and can be brute forced relatively quickly. Algorithms like scrypt and bcrypt are intentionally resource intensive and slow to make brute forcing as slow as possible, and have a built in salt. scrypt is just a memory intensive variant of bcrypt to prevent brute forcing through the use of GPUs.

Link to comment
Share on other sites

Link to post
Share on other sites

4 hours ago, Toxicable said:

Rule number one for Authorization and Authentication is do not roll your own.

i know its not good to use your own code for something like this, but im pretty confident of how solid my code is, the reason i dont like using some other peoples work/code is if there are any vulnerabilities then you have to pass the blame, if i code it then its my responsibility, that i maintain it and fix bugs as and when they are needed to. For example if i had addresses and encrypted passwords stored, and someone managed to get in. Then im using someone elses code to store important data/.This person who i dont know or have i ever met. 

34 minutes ago, 1lann said:

This is generally a good idea as it reduces the severity of data leaks since it isn't possible to leak passwords, and is often more convenient for users to just login with an existing account. However for privacy reasons, some people don't like logging in with their Facebook or Google accounts to some sites, or wish to keep themselves anonymous, or want to have multiple accounts. I feel like the best option would be to have both OAuth and your own authentication.

 

You certainly should read up on some OWASP articles before you attempt to implement your own authentication, as they cover most web vulnerabilities and describe them in detail. Here's one to start you off https://www.owasp.org/index.php/Authentication_Cheat_Sheet. Unfortunately some small vulnerabilities aren't covered in the cheat sheet, such as timing attacks, which you can prevent by using constant time comparison functions.

 

Also I recommend using a hashing algorithm like scrypt, or bcrypt if scrypt is too memory intensive. Avoid using SHA or weaker hashing algorithms, as their use in authentication is often implemented incorrectly and can be brute forced relatively quickly. Algorithms like scrypt and bcrypt are intentionally resource intensive and slow to make brute forcing as slow as possible, and have a built in salt. scrypt is just a memory intensive variant of bcrypt to prevent brute forcing through the use of GPUs.

okay ill take a look. ive added that to my bookmarks ill take a read later tonight. i currently use bcrypt. might use scrypt when i get a better server

 

Check out my current projects: Selling site (Click Here)

If($reply == "for me to see"){

   $action = "Quote me!";

}else{

   $action = "Leave me alone!";

}

Link to comment
Share on other sites

Link to post
Share on other sites

On 4/3/2016 at 0:47 PM, jameshumphries47 said:

well im doing everything by hand, the only thing im using really is bootstrap.

I meant what language/framework, but it looks like you already answered that. It's PHP, so meh, I'd love to try to help if it was Ruby or JS.

Link to comment
Share on other sites

Link to post
Share on other sites

On 04/04/2016 at 3:02 PM, jameshumphries47 said:

i know its not good to use your own code for something like this, but im pretty confident of how solid my code is, the reason i dont like using some other peoples work/code is if there are any vulnerabilities then you have to pass the blame, if i code it then its my responsibility, that i maintain it and fix bugs as and when they are needed to. For example if i had addresses and encrypted passwords stored, and someone managed to get in. Then im using someone elses code to store important data/.This person who i dont know or have i ever met. 

The others are correct here. You may have more faith in your code but its likely to be much simpler and more vulnerable than the code made available by many frameworks which has not only been written by much more senior developers but also analysed and tested by hundreds of other developers and the code subsequently improved over many years.

 

Also don't forget Unit tests, untested code is never good in the long run and likely has mistakes in it.

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, Brenz said:

The others are correct here. You may have more faith in your code but its likely to be much simpler and more vulnerable than the code made available by many frameworks which has not only been written by much more senior developers but also analysed and tested by hundreds of other developers and the code subsequently improved over many years.

 

Also don't forget Unit tests, untested code is never good in the long run and likely has mistakes in it.

okay, ill take a look into using some other framework for the passwords 

Check out my current projects: Selling site (Click Here)

If($reply == "for me to see"){

   $action = "Quote me!";

}else{

   $action = "Leave me alone!";

}

Link to comment
Share on other sites

Link to post
Share on other sites

18 hours ago, Gachr said:

I meant what language/framework, but it looks like you already answered that. It's PHP, so meh, I'd love to try to help if it was Ruby or JS.

thanks man, if i need any js or ruby work ill ask you :) i think i may have something that will need doing in js soon :)

Check out my current projects: Selling site (Click Here)

If($reply == "for me to see"){

   $action = "Quote me!";

}else{

   $action = "Leave me alone!";

}

Link to comment
Share on other sites

Link to post
Share on other sites

11 hours ago, jameshumphries47 said:

thanks man, if i need any js or ruby work ill ask you :) i think i may have something that will need doing in js soon :)

I only did back end JS actually and meant that, so keep that in mind ;)

Link to comment
Share on other sites

Link to post
Share on other sites

sorry guys, havent done anything the last few days been very busy, getting ready to go back to school :(. i should be able to get a little work done tonight hopefully some tomorrow. But i should be back to normal monday/tuesday night 

Check out my current projects: Selling site (Click Here)

If($reply == "for me to see"){

   $action = "Quote me!";

}else{

   $action = "Leave me alone!";

}

Link to comment
Share on other sites

Link to post
Share on other sites

im not sure when ill be able to work on this again. Im a bit caught up at the minute, with schoolwork and more important projects. I have coursework and lots of things to do. Im hoping in the next few weeks ill be able to do some work. But ill keep you posted when im back.

Check out my current projects: Selling site (Click Here)

If($reply == "for me to see"){

   $action = "Quote me!";

}else{

   $action = "Leave me alone!";

}

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×