
Show HN: Hacker News for Preppers - Alan_Smithee
http://preppernews.org/
======
krapp
Some nitpicking

\- Inside the threads, it tries to links to user accounts by username, instead
of by ID, but that fails. The show page doesn't display the domain for the
submitted site. If you're using Twig, have you maybe not dumped your template
cache in a while?

\- Having user id 1 be Admin is just begging for trouble, if that account
actually has admin rights.

\- The login/signup forms are behind http and not https, which happens all the
time but still people are going to complain about it.

\- You might want to change your ajax requests to work through POST and not
GET. One isn't necessarily safer than the other, but GET requests can be
cached, bookmarked and indexed by search engines, which if they do anything
destructive (that writes to or deletes from the database) can have potentially
messy consequences.

\- You're allowing directories to be publicly visible, which means the source
code for your templates are also visible. Nothing critical there but generally
speaking, it's not a good idea to let people be able to poke around at all.

\- HN users might object to your using the orange theme, and to me it's kind
of bright regardless. Wouldn't earth tones or something darker be more
thematically appropriate?

\- I don't know why the username availability check is sending a response with
html headers but it's not escaping anything. Returning JSON (with
application/json headers) is almost certainly better than rolling your own
serialization scheme - especially using PHP, which supports it natively (and,
of course, _javascript_ which supports it natively as well.)

\- The contact email at the bottom isn't a link which people will find
annoying.

\- Googling your domain leads Google to assume I meant preppernews.com, which
may or may not be an issue if discoverability matters for you.

\- this being a Show HN I have to ask... source code?

That said, it looks alright. Not much else to say since there's not much
content there. Good luck with it.

~~~
Alan_Smithee
Thank you so much for the excellent feedback. I have a few things to look into
:)

~~~
krapp
And while you are, make sure you make the PHP universe just a tiny bit less
terrible by handling database access and password hashing properly (PDO and
prepared statements[0], and proper one-way hashing[1]), if you don't already
have that covered.

[0][http://code.tutsplus.com/tutorials/why-you-should-be-
using-p...](http://code.tutsplus.com/tutorials/why-you-should-be-using-phps-
pdo-for-database-access--net-12059)

[1][http://www.sitepoint.com/hashing-passwords-
php-5-5-password-...](http://www.sitepoint.com/hashing-passwords-
php-5-5-password-hashing-api/)

~~~
Alan_Smithee
The db is covered and I was calling crypt with blowfish but this is cleaner.
It shall be switched :)

Thanks !!!

------
Mz
I really don't like the orange. What is your reason for using that? Is it just
to emulate HN? On HN, members can change the header theme. Mine is kind of a
lavender and even when I used the default, it's a tiny strip of color. The
amount of orange you are using is overwhelming.

Colors can have a certain amount of meaning. You might consider using some
shade of green as a reference to this being an eco-friendly movement. But, do
tone down the color.

~~~
Alan_Smithee
Yes it was just for the HN connection. I will look into letting the user
decide what he/she wants. Thanks.

~~~
m52go
Another style thought: it seems like everything is bold. I would reduce the
weight of some text.

------
Alan_Smithee
Just finished it. Any feedback would be greatly appreciated. It's my first
attempt at anything like this so please be gentle :)

