So, over the course of the last few hours I coded my Gift Manager. I should probably rename it "Giftlist Manager", but eh.

It's here and I'd appreciate if anyone out there who's bored would test it. Test accounts are usernames test1 through test5, and they all have "test" as their password. Add some gifts to themselves, to each other, delete some, reserve some, mark some as purchased, etc. Any bugs or things you think should be changed can be sent to me through the mail link at the bottom of the giftman pages or left as comments here. I'm pleased so far, and everything seems to work fine, but who knows what other people might find.

Note: I do realize you can add blank gifts, and enter letters for the price. I may later add error checking to see if the name and desc fields are blank, but I'm not overly worried about the price field. I may change it later so that if you add a gift to someone else's list, it automatically reserves it for you also... since the idea isn't to add tons of gifts to other people's list that they may or may not want... it's to add to other people's lists gifts that you want to get them that they don't have listed. I may also add the ability to delete gifts from other people's lists that you added there in the first place.

Anyone who tries it, let me know how it goes. :P


Did a run through... didn't find any glaring problems. What's it written in?


Like J said in his comment below, perl. :)


I'm a computer security nut, so naturally that was the angle I was inclined to take in the 2 minutes I just spent diddling with it. It's funny, I was gonna write this same proggie a couple years ago. Maybe all geeks want to write this program at some point. :)

Anyhow, it turns out that it gets very unhappy if you give it a bad unum. :) Try this url: http://www.medlir.com/cgi/giftman.cgi?unum=10&init=1&user=test2&pass=test. As of my last attempt, it blew up with about a 100 errors.

And to the first commenter, I'm guessing from the error text that it's written in perl. :)



Hey, being the pisser that I am, I broke a couple other things. You can add gifts to non-existant users -- it spits up lots of errors, but the item is added, you can reserve/release/purchase them as well. It just complains a lot first. :)

Also the cgi doesn't seem to enforce the limits on field length that are built in to the page (e.g. 256 character names) so if this ever went public, some jackass would probably paste in the complete works of shakespeare just to piss you off. Likewise on the pissoff front, you seem to be able to insert tags in item content - so someone could make a goatse.cx item if they felt the urge. Very disturbing to find on a christmas list, although this may be intentional.

Cheers,

Johnath



Bad unum's passed to showusers are now changed to the logged-in user's unum.

Bad unum's passed to additem, or flagitem (for the purposes of reserving, releasing, or buying) are now ignored, nothing happens and the user is dumped back to showusers. Since this should (I think) only happen if someone is intentionally trying to screw with things, no error message or indication of what happened is displayed... let them wonder. :P

Field lengths are enforced. If name or desc are over 255 in length, it will chop them down to the substring containing the first 255 chars, and then append an ellipses. Likewise, price is simply limited to 10 characters... anything over that will currently get chopped. I also added some validation while I was at it. A zero value results in a blank space, a \d+ value results in an '.00' being added to pretty it up, a (\d+).(\d+) value will be left as is, unless $2 has a length > 2, then $2 will be truncated to 2 characters, if they add their own $ sign it will be gracefully ignored and the previous rules will be applied, and everything else will be changed to a space character, i.e. ignored and not displayed.

All HTML tags should be ignored now, I think there's a special way to strip HTML, but s/<.+?>//g; works fine for me. :P

And I think that's everything. :P I'm also adding a cancel button right now to the additem screen as I noticed there was no real way to get off that screen other than to add an item. :P


Also, thanks for being the only person to put it through some real trials so far. :P You actually gave me something to fix. :D


Any ideas on a graceful way to keep long name/desc's that don't have spaces from running amok? I could artificially put in spaces I suppose, or in additem just ignore names or descs that are longer than a certain length and don't have spaces since anything legit should have some breakable character before they hit 40 characters. :P


Heh, glad I gave you something to chew on; happy to help. As for inserting spaces, I think you're right, there's no real valid reason to have more than 40 characters without a space. At very least, in those rare cases where it is valid to do so, I don't think they'll mind an occasional inserted space.



And it was coded, and it was good.

AT first I did 30 chars since I realized antidisestablishmentarianism was only 28 characters and I didn't figure people would be entering longer words than that, but I upped to 40 since it'll fit int he space (assuming people have courier new and let it use it like it wants to at the size it wants to... heh). Maybe tomorrow I'll change it again though... change it to a dash every 30 characters that don't have a space... like books hyphenate words that run onto the next line... we'll see. At least it works and keeps everything from being stretched out of whack now.

I also noticed you had tested prices of $.42 and .42... I fixed that also... They get changed to the correct 0.42 automagically now.





Bill 
Morgan 
Jason 
Melanie 
Josh 
Theo 
Justin 
00101101 
Chris 
Lynn 
Bryon