Plz test my new site(uses web application)

victor_rambo · Feb 1, 2008

URL: *www.MHT-CET-Online.com

Purpose: Helps me conduct online test series.

Langauge: PHP and MySQL (and lil bit of javascript).

How to use the site:
1. Check for availability of username. register if available
2. Choose the question paper available and click OK.
3. Once the question paper loads, please select your answers using the radio buttons.
4. Submit the answer sheet to evaluate. Evaluations will be saved into databse.

If encounter any 404 file not found, please let me know the link which you followed.

For programmers and white hat hackers:
Do let me know if you come across any security hole. I have observed the below measures:
1. All input validated on server side
2. No cookies used at all to store any information.

Thank you.
-Rohan Shenoy

sachin_kothari · Feb 1, 2008

the timing of your website is just perfect.
though i havent tested it yet, but will surely do it later.

victor_rambo · Feb 1, 2008

sachin_kothari said:
the timing of your website is just perfect.
though i havent tested it yet, but will surely do it later.

Are you a MHT-CET aspirant?

sachin_kothari · Feb 1, 2008

^^nop, i am a computer engg. student.

victor_rambo · Feb 1, 2008

sachin_kothari said:
^^nop, i am a computer engg. student.

Oh! The way you said that, I thought so!

din · Feb 1, 2008

Some quick notes. Mostly criticism, but sure it will help you to improve

Simple and neat interface - sure a plus point.

Disadvantages

No client side valdations, atleast not in FF.

Use simple javascript, or try Spry ( *labs.adobe.com/technologies/spry/ )

Availability of user name - try Ajax, will make it look better - without leaving the page.

When we click submit without proper data or leaving fields empty, it shows message on next screen but no way to navigate back. Give a simple 'Back' link or button.

Put a clock on the question paper page - so people will know the time and do not allow them to submit it once the time is over, or submit it auto once the time is over.

Once we click on an answer radio button, theres no way to correct it, if its done intensionally, its ok, I do not know how the real test works, may be they will not allow corrections ?

When I submitted the test without entering anything (no dropdowns selected) it shows

1. You attempted unauthorized access to a privileged resource.
2. Your inputs contained invalid characters such as '*','|','$', etc.

Suggestion -

1. do not allow them to submit if none of the questions are answered.

2. Give meaningful error messages on server side.

3. Give links (back etc) in the error pages.

LOL, I know how it feels reading these. Reminds me our first debugging session 7 yrs back. We were mad at the guy who was doing validation and debugging ..

Want me to test more ?

victor_rambo · Feb 1, 2008

Thank a lot for your time!

din said:
Some quick notes. Mostly criticism, but sure it will help you to improve

Simple and neat interface - sure a plus point.

Thank you!

Disadvantages

No client side valdations, atleast not in FF.

Use simple javascript, or try Spry ( *labs.adobe.com/technologies/spry/ )

Yeah, bad thing. I will work on this.

Availability of user name - try Ajax, will make it look better - without leaving the page.

I don't know AJAX

When we click submit without proper data or leaving fields empty, it shows message on next screen but no way to navigate back. Give a simple 'Back' link or button.

Agreed. is needed

Put a clock on the question paper page - so people will know the time and do not allow them to submit it once the time is over, or submit it auto once the time is over.

Agreed. Is needed. hadn't put as it was a demo version.

Once we click on an answer radio button, theres no way to correct it, if its done intensionally, its ok, I do not know how the real test works, may be they will not allow corrections ?

Yeah, you are not allowed to change the answers once marked.

When I submitted the test without entering anything (no dropdowns selected) it shows

1. You attempted unauthorized access to a privileged resource.
2. Your inputs contained invalid characters such as '*','|','$', etc.

Yes, I didn't think about this point.

1. do not allow them to submit if none of the questions are answered.

Yeah, will have to do this.

2. Give meaningful error messages on server side.

I had purposefully given such messages, may be it won't work!

3. Give links (back etc) in the error pages.

Yeah, needed

LOL, I know how it feels reading these. Reminds me our first debugging session 7 yrs back. We were mad at the guy who was doing validation and debugging ..

Want me to test more ?

Ha ha, I am still a noob, but for me one sure way to greatly reduce security risk was to validate all input. Hadn't though the other way.

Yeah, test more!

Thank you once again!

Gigacore · Feb 1, 2008

anyway, ur site is worth for students and very good resource

victor_rambo · Feb 1, 2008

Gigacore said:
anyway, ur site is worth for students and very good resource

Thanks a lot!

Faun · Feb 1, 2008

din said:
try Spry ( *labs.adobe.com/technologies/spry/ )

+1

and do learn JQuery (JavaScript will be hell lot easier).

And maintain session

victor_rambo · Feb 1, 2008

T159 said:
+1

and do learn JQuery (JavaScript will be hell lot easier).

And maintain session

Sure! Right now there isn't enough time to learn a thing new but will remember for future projects!

amitava82 · Feb 1, 2008

+1 for Jquery.. I'm implementing Jquery in my site. I'll update you soon

Plz test my new site(uses web application)

victor_rambo

हॉर्न ओके प्लीज़

sachin_kothari

Ambassador of Buzz

victor_rambo

हॉर्न ओके प्लीज़

sachin_kothari

Ambassador of Buzz

victor_rambo

हॉर्न ओके प्लीज़

din

Tribal Boy

victor_rambo

हॉर्न ओके प्लीज़

Gigacore

Dreamweaver

victor_rambo

हॉर्न ओके प्लीज़

Faun

Wahahaha~!

victor_rambo

हॉर्न ओके प्लीज़

amitava82

MMO Addict