I have recently been working on my first-ever true PHP project, Classchat.
It includes all of the basic features of a web chat plus more, including individual chat rooms, live updates, full message formatting, and more.
The github repo can be found here: https://github.com/calclover2514/ClassChat
A live preview of the latest updates can be found here: https://classchat.calclover2514.repl.co
I'm open to all suggestions, bug reports, optimization requests, etc. as long as they are constructive for my learning of PHP.
And yes, some of this content was taken from tutorials. I'm just learning PHP, so cut me a break. (;

Current features (as of v0.4.9b) include:
    ▪ Creating new chat rooms
    ▪ Managing/Deleting chat rooms
    ▪ Generating room links
    ▪ Sending images and formatted posts (Uses HTML)
    ▪ Voice-to-text
    ▪ Swear word filtering
    ▪ Individual Admin accounts with custom passwords
    ▪ Randomly generated user ID colors seeded with the user's ID
    ▪ Endless semi-public chat rooms
    ▪ User join notifications
    ▪ Message send dates
Misc commentary:
  • Why do several of your .php files not contain any PHP code (it's confusing and slightly inefficient)?
  • Using raw cookie values to construct filesystem paths is vulnerable to directory traversal to extract secrets from your server.
  • Attaching an event listener to window.onclick seems inefficient, since it'll need to run your code for every click. Seems better to attach listeners to each element you care about individually.
  • It's trivial to bypass authentication by inspecting the response to getpwd, since it's enforced only on the client.
  • It doesn't work at all in browsers that don't support speech recognition because you try to use recognition even if it's not available.
  • Long-lived rooms will have very poor performance as it needs to scan the entire log for new messages. This is difficult to fix when using filesystem storage as you are, but a not-too-hard approach might be to split logs by time (such that each file only has one hour's worth of log in it or something).
There are probably more things that are weird about this, but I don't want to spend too much time trying to pick it apart.
Tari wrote:
Misc commentary:
    1. Why do several of your .php files not contain any PHP code (it's confusing and slightly inefficient)?
    2. Using raw cookie values to construct filesystem paths is vulnerable to directory traversal to extract secrets from your server.
    3. Attaching an event listener to window.onclick seems inefficient, since it'll need to run your code for every click. Seems better to attach listeners to each element you care about individually.
    4. It's trivial to bypass authentication by inspecting the response to getpwd, since it's enforced only on the client.
    5. It doesn't work at all in browsers that don't support speech recognition because you try to use recognition even if it's not available.
    6. Long-lived rooms will have very poor performance as it needs to scan the entire log for new messages. This is difficult to fix when using filesystem storage as you are, but a not-too-hard approach might be to split logs by time (such that each file only has one hour's worth of log in it or something).
There are probably more things that are weird about this, but I don't want to spend too much time trying to pick it apart.

    1. Can I use .HTML?
    2. I didn't even try to optimize this for security yet (Also, what I'm doing with the cookies is hard to do any other way, and the said data is not supposed to be hidden anyway - it's the name of the chatroom)
    3. I'm using window.onclick to hide dropdowns when the user clicks away from them. I'm not sure how else to do this.
    4. Again, not optimized for security yet, although I could fix this one pretty easily.
    5. Isn't that only IE (In which case my CSS is probably broken too Razz)? (Safari?)
    6. Splitting up the logs by time is not a bad idea, although I'm not sure yet how I would implement this. I'll look into it.
  
Register to Join the Conversation
Have your own thoughts to add to this or any other topic? Want to ask a question, offer a suggestion, share your own programs and projects, upload a file to the file archives, get help with calculator and computer programming, or simply chat with like-minded coders and tech and calculator enthusiasts via the site-wide AJAX SAX widget? Registration for a free Cemetech account only takes a minute.

» Go to Registration page
Page 1 of 1
» All times are GMT - 5 Hours
 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

 

Advertisement