My own jQuery/php Comment System

shaunno2009's picture

They have: 9 posts

Joined: Jul 2010

Hey guys, I just join Webmaster Forums from being recommended by ReeceS (From ColdCast), I thought I would share with you a Comment System I have been working on if you would like to see it click here for the demo

Please leave comments testing it out and please leave feedback on the comment system or on here or both Laughing out loud

Thanks

-Shaun

Help each other out, be positive and we can achieve anything.

JeevesBond's picture

He has: 3,955 posts

Joined: Jun 2002

Well it certainly seems to work well. It's quite Youtube-ish in fact, minus the per-comment reply option.

On the security side of things, I tried some stuff to get past the validation but notice you're properly escaping HTML, checking for the user's e-mail address and comment length on the server-side, also glad to see everything with a side-effect is done by POST. Good stuff.

My only criticisms are: Firstly, the smiley conversion done in the Javascript file, makes it a little harder to manage the list of smiley's. You could either use some inline PHP-generated Javascript for the list of replacements or return the comment in the AJAX response from the server (instead of just the comment id). Secondly, the indentation in the Javascript file looks messed-up, try opening it in a few editors or Chrome's Javascript debugger to see what I mean. Thirdly, there are several functions inside $(document).ready(), they don't need to be there, also your code will be easier to read if they weren't. Fourthly, naming your file jQuery.js is confusing and could cause filename collisions. Smiling

Finally, who is it for? Most comment systems are parts of a larger whole, like a CMS, blog or forum. Is this something you plan to include in a larger system or just something you did for fun?

a Padded Cell our articles site!

shaunno2009's picture

They have: 9 posts

Joined: Jul 2010

Comment Removed

pr0gr4mm3r's picture

He has: 1,502 posts

Joined: Sep 2006

Pretty cool. It requires Javascript to be enabled, so that may cause an issue with the paranoid surfers that use plugins like Noscript.

I noticed that there is a function in there called deleteCommentFunction() and has the code to form the post to deleteComment.php. I didn't try it, but I hope it doesn't blindly take post data to that script and delete comments w/o any credentials. Smiling I would hide that code and have a separate private page for administering comments.

shaunno2009's picture

They have: 9 posts

Joined: Jul 2010

JeevesBond wrote:
Well it certainly seems to work well. It's quite Youtube-ish in fact, minus the per-comment reply option. On the security side of things, I tried some stuff to get past the validation but notice you're properly escaping HTML, checking for the user's e-mail address and comment length on the server-side, also glad to see everything with a side-effect is done by POST. Good stuff. My only criticisms are: Firstly, the smiley conversion done in the Javascript file, makes it a little harder to manage the list of smiley's. You could either use some inline PHP-generated Javascript for the list of replacements or return the comment in the AJAX response from the server (instead of just the comment id). Secondly, the indentation in the Javascript file looks messed-up, try opening it in a few editors or Chrome's Javascript debugger to see what I mean. Thirdly, there are several functions inside $(document).ready(), they don't need to be there, also your code will be easier to read if they weren't. Fourthly, naming your file jQuery.js is confusing and could cause filename collisions. Smiling. Finally, who is it for? Most comment systems are parts of a larger whole, like a CMS, blog or forum. Is this something you plan to include in a larger system or just something you did for fun?

Thank you for your great feedback it really helps, I just made it for fun I love to make something that is pretty cool and see what people think, one of the best things about web-design.

pr0gr4mm3r wrote:
Pretty cool. It requires Javascript to be enabled, so that may cause an issue with the paranoid surfers that use plugins like Noscript. I noticed that there is a function in there called deleteCommentFunction() and has the code to form the post to deleteComment.php. I didn't try it, but I hope it doesn't blindly take post data to that script and delete comments w/o any credentials. Smiling I would hide that code and have a separate private page for administering comments.

deleteCommentFunction() it will only echo out the delete link if that comment is yours and if you edited it so that it called the function even though the comment was not yours then it still would not work because it also checks in the php file if the comment is yours Smiling.

I am working on a admin part for it now, when you are admin so far you will be able to delete any comment mark any comment as spam(this makes the comment marked as spam right away) and unmark the comment as spam, you will also be able to see a link called IP when you hover over it you will see what IP posed the comment and also be able to ban that IP. When you are banned you will not be able to see the post comment fields or post comment button and php backs it up once again and will not let you post a comment.

I know that you could easily just change you IP but its all for fun Laughing out loud

Help each other out, be positive and we can achieve anything.

They have: 59 posts

Joined: Aug 2011

When check your link but it's not working properly. Can you give me another details about it.

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.