Hi everyone, my name is Anefu Favour and I'm 14. I need your help in reviewing my website. Any suggestions and corrections would be appreciated. This is my whatsapp number: 08184432649. Thanks guys, gkaseniors.uphero.com

A big thanks to all the people that created accounts with gkaseniors. I hv manually confirmed all. You all can log in now. Thanks again for taking your time to see my site.

14 common stop that.

Desyner:
14 common stop that.

true sir

itzFANE:

true sir

The age is not the amazing fact....down to business:

You have mysqli errors popping out on your production environment, you should turn it off for security reasons.

The UI is cool, haven't logged in yet tho.

There are many things our eyes can't see, the outside may be attractive while the inside repulsive... your database structure, is it properly designed and normalized?
Your passwords, are they stored in plaintext or with deprecated functions such as md5() ; ?
Your directory structure, is it neat and organised or you'be got scripts lying everywhere...
Your codebase, is it well commented, tabbed and understandable?, hope it is less redundant and devoid of unnecessary if...else..blocks or recursive loops.

I'm not being strict, I'm being factual and unless you can positively answer my questions then you're good to go boy.
I'm doing this because I started coding at a very young age and have made a lot of mistakes which I don't want people like you to make. I'm interested in helping you develop and coding the right way and will contact you shortly.

DanielTheGeek:


The age is not the amazing fact....down to business:

You have mysqli errors popping out on your production environment, you should turn it off for security reasons.

The UI is cool, haven't logged in yet tho.

There are many things our eyes can't see, the outside may be attractive while the inside repulsive... your database structure, is it properly designed and normalized?
Your passwords, are they stored in plaintext or with deprecated functions such as md5() ; ?
Your directory structure, is it neat and organised or you'be got scripts lying everywhere...
Your codebase, is it well commented, tabbed and understandable?, hope it is less redundant and devoid of unnecessary if...else..blocks or recursive loops.

I'm not being strict, I'm being factual and unless you can positively answer my questions then you're good to go boy.
I'm doing this because I started coding at a very young age and have made a lot of mistakes which I don't want people like you to make. I'm interested in helping you develop and coding the right way and will contact you shortly.

Thanx for the review sir, the website really is just a demo version. It is hosted on a free server and I didnt bother to turn of mysqli errors. Sir hw can i get urcontact pls

DanielTheGeek:


The age is not the amazing fact....down to business:

You have mysqli errors popping out on your production environment, you should turn it off for security reasons.

The UI is cool, haven't logged in yet tho.

There are many things our eyes can't see, the outside may be attractive while the inside repulsive... your database structure, is it properly designed and normalized?
Your passwords, are they stored in plaintext or with deprecated functions such as md5() ; ?
Your directory structure, is it neat and organised or you'be got scripts lying everywhere...
Your codebase, is it well commented, tabbed and understandable?, hope it is less redundant and devoid of unnecessary if...else..blocks or recursive loops.

I'm not being strict, I'm being factual and unless you can positively answer my questions then you're good to go boy.
I'm doing this because I started coding at a very young age and have made a lot of mistakes which I don't want people like you to make. I'm interested in helping you develop and coding the right way and will contact you shortly.

Thanx for the review sir, the website really is just a demo version. It is hosted on a free server and I didnt bother to turn of mysqli errors. Sir hw can I get ur contact pls

And for the passwords I use password_hash()

itzFANE:

Thanx for the review sir, the website really is just a demo version. It is hosted on a free server and I didnt bother to turn of mysqli errors. Sir hw can I get ur contact pls

I just turned off the errors thanks again sir.

itzFANE:

Thanx for the review sir, the website really is just a demo version. It is hosted on a free server and I didnt bother to turn of mysqli errors. Sir hw can I get ur contact pls

I will contact you, and please feel free to call me by name. - Daniel.

itzFANE:
And for the passwords I use password_hash()

I like this kid. The new generation developer. :-)

What paradigm are you using?

itzFANE:

I just turned off the errors thanks again sir.

Do change your mentality of security, whether a demo version or a stable release, as far as it's in production environment, it has to be secure.

You're a smart kid so I figured you'd probably have protected the site from SQL injection (the most basic hacking method) but what CSRF (Cross Site Request Forgery) protection and XSS (Cross Site Scripting) attacks?

DanielTheGeek:


I like this kid. The new generation developer. :-)

What paradigm are you using?

I used functional for d site but trying to convert it to OOP

itzFANE:

I just turned off the errors thanks again sir.

Your confirmation code seems to be longer than river Nile :-) , I'm not trying to recharge my phone here... so try to make it shorter at least for people that can't directly copy and paste it into your site for some reason.

DanielTheGeek:


Your confirmation code seems to be longer than river Nile :-) , I'm not trying to recharge my phone here... so try to make it shorter at least for people that can't directly copy and paste it into your site for some reason.

ohk sir

DanielTheGeek:


Do change your mentality of security, whether a demo version or a stable release, as far as it's in production environment, it has to be secure.

You're a smart kid so I figured you'd probably have protected the site from SQL injection (the most basic hacking method) but what CSRF (Cross Site Request Forgery) protection and XSS (Cross Site Scripting) attacks?

No sir, just againt sql injection. To be honest i haven't even heard of d other two

I've been unable to confirm my account bro, what's wrong? I sense it's not been fully implemented so it's not an error.

.

DanielTheGeek:
I've been unable to confirm my account bro, what's wrong?
I sense it's not been fully implemented so it's not an error.

goto gkaseniors.uphero.com/confirm.php and try again

itzFANE:

goto gkaseniors.uphero.com/confirm.php and try again

Just checked d database, sir u hv already confirmed it so try logging in

itzFANE:

I used functional for d site but trying to convert it to OOP

You don't have to ever make this mistake again, next time do some in depth thinking, prototyping and write pseudo codes (I do mine in my jotter) that help you understand how to execute tasks effectively.

How do you know what to use?
If your website is just some HTML pages with one or more contact forms that sends data to your PHP script to be inserted into a database then you could just stick with the functional paradigm, why? (young Devs like to ask questions, Lol) well, because all your doing is the Creating and (rarely) Updating portion of CRUD operations.

If your website does full CRUD operations on multiple pages that you'd tend to loose count of those pages and probably have multiple databases then you don't want to break the DRY (don't repeat yourself) rule by writing multiple functions that do the same thing in one file (maybe your functions.PHP file) hence rendering your code base redundant. You now have to use classes to group your functions (called methods in OOP) and thus making use of only the most necessary functions (methods) in your project thereby increasing page load speed. OOP is for you, if your project falls in this category.

If your project is an enterprise class one, in which the codebase is expected to exceed 5k-10k lines of code with hundreds of templates then a MVC/HMVC pattern is what you need and this can be achieved by writing a Frame Work or implementing an existing one to separate logic and database interactions from display and make it easier for strangers to extend your codebase. This is every PHP Web Developer's holy grail!

So think thrice next time and make better decisions.

note: This is actually not only for itzFane but for every PHP developer to read and understand what paradigm to apply in projects.

itzFANE:

Just checked d database, sir u hv already confirmed it so try logging in

Put in some alert that let's user know the confirmation was successful.

Noted sir