PHP Shoutbox

GoldNetX · 06-29-2004

I'm developing a shoutbox for my site and have got the basics for it working. I've pretty much solved most problems with word-wrapping and alignment. I need to know what other safety precautions I should implement to protect from malicious users. Thanks for any input.

URLS:

*site is not near completion*
http://viciousdesign.intoxia.com/phptest/ << main site

http://viciousdesign.intoxia.com/phptest/shoutbox.php << shoutbox (if you wish to test anything you think might mess it up)

**Man1c M0g** · 06-29-2004

Hmmmm, you should perhaps also strip HTML commands out of user submissions, add a posting limit (i.e. 1 post per 30 secs, so you don't get flooded), and add IP logging for those users intent on abusing the box (so you can lock them out later).

malboroman · 06-29-2004

And perhaps a script that gets all 'bad' words out of there like some diseases used for namecalling...

(I had to describe this with some tact... I could do it the 'bad' way)

blu fire · 06-29-2004

Yes, convert all usage of the character '<' to < and '>' to >
I tried placing a marquee on your site and it mucked it up. I'm guessing if anyone uses the font tag they can change the font color of the shouts, as you append the text to the start and not the end.... so parse for those characters and replace.
Oh yeah, anyone with a knowledge of CSS could do what I did and place that "Lets see now...Hmm" wherever they wanted on the page using absolute positioning

Good luck!

blu fire · 06-29-2004

Oh yeh, I apologize for the alerts whenever you move your mouse... I'm just checking how much someone could deface it with whatever they wanted

**Man1c M0g** · 06-29-2004

LOL! Thats some great defacing work you guys have done there! Pretty inventive too!

GoldNetX · 06-29-2004

Awesome, thanks for the suggestions. Going to work on implementing them now, hopefully all goes well.

EDIT: I've added a bad word filter, although may add more words to the filter. Have filtered out html and php commands. Posts may only be done in 30 second intervals and IP are logged. Thanks for all of the help. If you guys find anything else please post it.