Calling all IT peoples!

Homebrew Talk - Beer, Wine, Mead, & Cider Brewing Discussion Forum

Help Support Homebrew Talk - Beer, Wine, Mead, & Cider Brewing Discussion Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

TwoHeadsBrewing

Well-Known Member
Joined
Feb 28, 2008
Messages
3,949
Reaction score
53
Location
Chico, CA
So, I recently put up a "business card" website for my LHBS...check it out http://chicohomebrewshop.com/. It's nowhere near finished, but I'd like some input on the design. I'm by no means a graphic designer, so don't expect much! :cross:

I'm at a crossroads in my development of the site, and trying to decide what way to go with the product listings. The LHBS owner doesn't want to do online ordering and processing at this point, but does want the ability to display the products and prices. For my own sake, I'd like to build/add a system through which the owner can update/add/remove items without having to contact me. I have a two options I'm considering:

1. Add Joomla, or another open source system to manage products. This would take around 20 hours or so to customize, maybe more.

2. Build my own MySQL back end (easy, I do this thing all day long) to store products and their prices, pictures, etc. Add PHP scripting to the web page to pull this information (read only) for viewing. Enable a password protected page so the owner can update/add/remove items on their own.


As of right now, I've got the product pages set up like so that an iFrame renders a very simple PHP "sub-page". There are several hyperlinks on the page that will refresh this iFrame with the desired "sub-page" by calling a JavaScript function. I'm leaning towards making the entire system myself, because I'd have a blast doing it, and the database structure would be easy and quick to do. However, I've only done a couple PHP projects that were quite small, and I want to get the site up in the next few weeks.

Do you have any tips, suggestions, etc for me? If you have any experience with customizing Joomla or any other product like it, I'd love to hear about it. Thanks!
 
First I think the site looks great, thats a nice template and its very clean and easy on the eyes. Is that wordpress?

Second I have used joomla for years and I really like it. For content driven websites its very good but I think you can also get by using wordpress if you do not go with a shopping cart type solution.

I would have to ask you though, what are the chances they are going to want to sell online down the road? If you make them something custom (per option 2) and then they decide to go with a full shopping cart you will either have to modify what you have, or scrap it and start over with an off the self cart. I would lean toward using an off the shelf or open source cart to display the products then just disable the ability to check out. This way you have the ability to go online without having to re-invent the wheel.
 
Thanks for the input! I actually got the template from a great site here: Free CSS Templates. I think my template is called "Numerology" but I've made many changes from the original. I honestly think that the owner would like to keep things simple and local, and doesn't want to be competing with AHS, Midwest, MoreBeer, etc for the online brew shop market. However, I like the idea of not re-inventing the wheel. I don't think they are opposed to selling over the phone, but I don't think eCommerce is on their radar at this point. I guess I should talk with them more about this and make sure :).
 
Also check out Zen Cart.

Also you might want to look at www.wineandbeermaking.com

they have a cart that is a component made for joomla. From an integration stand point it fits pretty well, color scheme and theme design aside of course. :)


You can also take note of how not to put your items online, no pictures, very little info, and no prices, etc. ;)
 
Well, I've looked at the ecommerce packages and content management systems, but they are just too complex for my needs. I may in fact go that route if the owner wants to sell items online in the future, but for now I just need an easy to update product list.

I've updated the website, and have built the database back end which is pulled onto the site via PHP scripting. All I need to do now is:

1. Add a nice looking front end to each of the main pages (Equipment, Ingredients, Recipes, etc.)

2. Configure all the sub pages to pull the products from the table, filtered by the category selected by the user. This will be done via javascript/php as well.

3. Build password protected page, a mirror of the existing site but the product list can be edited by the LHBS owner.

4. Make it more purty.

Thanks for your input...please let me know if you have any more ideas or cool things I can do to make the site better.:mug:
 
I've had plenty of experience with SQL scripting, but I'm not sure how to guard against the common attacks. Most of my SQL statements in the end product will be set up as calls to stored procedures. So instead of:

SELECT equipmentid, name, cost from Equipment where categoryid = '5'

it will look more like:

exec getEquipmentList ('5')

I'm not sure if this will prevent an SQL injection attack, but it sure makes the php scripting easier to write and understand. Thanks for the heads up and the wiki link, I'll be looking into security for sure!
 
Yea the last major attack was pretty embarrising for the State of Oklahoma. Now they may be subject to huge lawsuits from Pedophiles.

On April 13, 2008, Sexual and Violent Offender Registry of Oklahoma shuts down site for 'routine maintenance' after being informed that 10 597 social security numbers from sex offenders had been downloaded by SQL injection
 
TwoHeadsBrewing said:
I've had plenty of experience with SQL scripting, but I'm not sure how to guard against the common attacks. Most of my SQL statements in the end product will be set up as calls to stored procedures. So instead of:

SELECT equipmentid, name, cost from Equipment where categoryid = '5'

it will look more like:

exec getEquipmentList ('5')

I'm not sure if this will prevent an SQL injection attack, but it sure makes the php scripting easier to write and understand. Thanks for the heads up and the wiki link, I'll be looking into security for sure!

It will not in and of itself prevent a SQL injection, but its considered best practice not only for the making your scripting easier to read, understand, and maintain, but it will actually make SQL injection more difficult, not impossible, but it will prevent some things from happening that an interested person can take advantage of to develop an attack.

But it wouldn't necessarily prevent SQL injection.

Moral of the story, always sanitize your input in PHP or whatever framework you're using before you use it and don't trust anything that comes from user space. In your stored procedures type the arguments as strongly and accurately as possible, and make sure you sanitize arguments before you use them. At the least check that they are valid and fail. You need to do this especially for anything thats passed as char(x) or varchar(x) because the same tricks you can do against inline SQL can be done against a stored procedure.
 
Ok, that sounds good for user input, but do I need to be concerned if the site is just read-only? Aside from the admin login, most of the pages are like this one:

http://www.chicohomebrewshop.com/equipment.html

There is just a simple php loop that pulls data from the appropriate table, so no user input is required. Certainly if a user is asked to fill in a form or enter a user/pass I can see a problem. For those areas, I will add a call to a stored procedure to sanitize the user input:

select * from userdata where name = exec cleanInput([UserName]);
 
Back
Top